Analysis Overview
Threat Level: Known bad
The file https://www.cheatengine.org/downloads.php was found to be: Known bad.
Malicious Activity Summary
Detect ZGRat V1
ZGRat
Cobalt Strike reflective loader
Cobaltstrike
Stops running service(s)
Downloads MZ/PE file
Creates new service(s)
Loads dropped DLL
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Modifies file permissions
Registers COM server for autorun
Enumerates connected drives
Checks for any installed AV software in registry
Checks installed software on the system
Drops file in System32 directory
AutoIT Executable
Drops file in Program Files directory
Launches sc.exe
Drops file in Windows directory
Program crash
Enumerates physical storage devices
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Script User-Agent
Checks processor information in registry
Enumerates system info in registry
Modifies registry class
Runs net.exe
Suspicious use of SendNotifyMessage
Modifies system certificate store
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 20:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 20:24
Reported
2024-02-22 20:30
Platform
win10v2004-20240221-en
Max time kernel
133s
Max time network
305s
Command Line
Signatures
Cobalt Strike reflective loader
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Cobaltstrike
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ZGRat
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation | C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\SOFTWARE\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\psapi.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\uxtheme.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\KERNEL32.DLL | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\ole32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\ws2_32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\winmm.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\ntdll.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\apphelp.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\comdlg32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\version.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\hhctrl.ocx | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\kernel.appcore.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\oleaut32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\ucrtbase.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\advapi32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\shcore.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\bcryptPrimitives.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\wininet.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\Wldp.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\msvcp_win.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\msvcrt.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\sechost.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\imm32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\SHLWAPI.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\wsock32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\system32\explorerframe.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\MSCTF.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\win32u.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\GDI32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\shell32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\KERNELBASE.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\combase.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\GLU32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\opengl32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\msimg32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\clbcatq.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\windows.storage.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\PROPSYS.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\RPCRT4.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\user32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Windows\System32\gdi32full.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\McAfee\Temp3774323327\mcafee_pc_install_icon2.png | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-2COJI.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-top.gif | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\ole32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\tcc64-aarch64-linux.dll | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-da-DK.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-el-GR.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sv-SE.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-common.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\win32u.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pl-PL.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\uninstall.ico | C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-3D583.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-el-GR.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-T05FI.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-nl-NL.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-nb-NO.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ru-RU.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util_selector.luc | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\ucrtbase.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\rpcrt4.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-B3BFK.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-H5CT6.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pt-BR.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\XInput1_4.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-DHB7L.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\badassets\is-QK49N.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-TW.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\wininet.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\events\eventhandler.luc | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dbghelp.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\is-21NKJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\el.pak | C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-PT.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.css | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\msvcp_win.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\is-JNH5E.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\Temp3774323327\jslang\wa-res-install-nb-NO.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.html | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-E6LQO.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nb-NO.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp3774323327\jslang\wa-res-install-es-ES.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-tr-TR.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-MX.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-tr-TR.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\logic\tests_logic.luc | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fil.pak | C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\cryptojack-icon.png | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\ucrtbase.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-364TF.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-en-US.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-PT.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\bcryptprimitives.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-GG7S9.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\images\is-1GE5E.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\Temp3774323327\jquery-1.9.0.min.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\badassets\is-OE2GQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fi-FI.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\msctf.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.css | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-tr-TR.js | C:\Program Files\McAfee\Temp3774323327\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\tcc64-64.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531071481934081" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.CT | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command\ = "\"C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\ = "McAfee SiteAdvisor MISP Integration" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\win32\\WSSDep.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.CT\ = "CheatEngine" | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\ = "Cheat Engine" | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon\ = "C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe,0" | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER\ = "CheatEngine" | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell | C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\ = "McAfee SiteAdvisor MISP Integration" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod1_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod1_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod1_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod1_extract\saBSI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod1_extract\saBSI.exe | N/A |
Runs net.exe
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Cheat Engine 7.5 : luascript-ceshare | N/A | N/A |
| HTTP User-Agent header | Cheat Engine 7.5 : luascript-CEVersionCheck | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.cheatengine.org/downloads.php
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1b2a9758,0x7ffd1b2a9768,0x7ffd1b2a9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1204 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4652 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4784 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5196 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3784 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5596 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5828 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6732 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6564 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7004 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5140 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7104 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:8
C:\Users\Admin\Downloads\CheatEngine75.exe
"C:\Users\Admin\Downloads\CheatEngine75.exe"
C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp
"C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp" /SL5="$C004E,29019897,780800,C:\Users\Admin\Downloads\CheatEngine75.exe"
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv f8x1VFGa90aF6kMMP2YT0A.0.1
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod0.exe
"C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod0.exe" -ip:"dui=721196e6-b31c-4e5d-b8d6-136c757b28ae&dit=20240222202609&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true" -vp:"dui=721196e6-b31c-4e5d-b8d6-136c757b28ae&dit=20240222202609&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&oip=26&ptl=7&dta=true" -dp:"dui=721196e6-b31c-4e5d-b8d6-136c757b28ae&dit=20240222202609&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100" -i -v -d -se=true
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod1_extract\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod1_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_a
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\CheatEngine75.exe
"C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=98.0.4759.6 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x71f5c398,0x71f5c3a8,0x71f5c3b4
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp
"C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp" /SL5="$90234,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
C:\Users\Admin\AppData\Local\Temp\c0t3ddwi.exe
"C:\Users\Admin\AppData\Local\Temp\c0t3ddwi.exe" /silent
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4340 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240222202659" --session-guid=9883053b-55a2-4c15-ac55-027a51710683 --server-tracking-blob=ZjU5YzVmNGQ4YzM4YzNkNWE4MGFiNDQ4YmYwNDJiYWMyZGQ2YTg0MzY2NjNhYjBlODQyOTMzMmY4ZGY5NmI5ZTp7ImNvdW50cnkiOiJJTCIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFpcyZ1dG1fbWVkaXVtPWFwYiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY4MjQwNjc0OS41OTA1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMi4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3BlcmFfbmV3X2EiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6Ijk4MjVlYmU2LTRhYTItNDRmOS1iYTM5LTRkMjNlNmE1MDVhNiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0C05000000000000
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=98.0.4759.6 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x70fac398,0x70fac3a8,0x70fac3b4
C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\RAVEndPointProtection-installer.exe
"C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\c0t3ddwi.exe" /silent
C:\Windows\SYSTEM32\net.exe
"net" stop BadlionAnticheat
C:\Windows\SYSTEM32\sc.exe
"sc" delete BadlionAntic
C:\Windows\SYSTEM32\sc.exe
"sc" delete BadlionAnticheat
C:\Users\Admin\AppData\Local\Temp\is-PRLOG.tmp\_isetup\_setup64.tmp
helper 105 0x468
C:\Windows\system32\icacls.exe
"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop BadlionAnticheat
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop BadlionAntic
C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
"C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91082 PaidDistribution=true saBsiVersion=4.1.1.818 CountryCode=GB /no_self_update
C:\Windows\SYSTEM32\net.exe
"net" stop BadlionAntic
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
"C:\ProgramData\McAfee\WebAdvisor\saBSI\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Program Files\McAfee\Temp3774323327\installer.exe
"C:\Program Files\McAfee\Temp3774323327\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
"C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
C:\Windows\system32\icacls.exe
"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SYSTEM32\sc.exe
sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"
C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6964 --field-trial-handle=1880,i,7101555857169351861,12701575175311700633,131072 /prefetch:2
C:\Windows\SYSTEM32\sc.exe
sc.exe description "McAfee WebAdvisor" "McAfee WebAdvisor Service"
C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe
"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4428 -ip 4428
C:\Windows\SYSTEM32\sc.exe
sc.exe failure "McAfee WebAdvisor" reset= 3600 actions= restart/1/restart/1000/restart/3000/restart/30000/restart/1800000//0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 1016
C:\Windows\SYSTEM32\sc.exe
sc.exe start "McAfee WebAdvisor"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4428 -ip 4428
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 1136
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402222026591\assistant\Assistant_107.0.5045.21_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402222026591\assistant\Assistant_107.0.5045.21_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402222026591\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402222026591\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402222026591\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402222026591\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=107.0.5045.21 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x840ff4,0x841000,0x84100c
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Users\Admin\AppData\Local\Temp\jxfj4jpx.exe
"C:\Users\Admin\AppData\Local\Temp\jxfj4jpx.exe" /silent
C:\Users\Admin\AppData\Local\Temp\nskF34C.tmp\RAVVPN-installer.exe
"C:\Users\Admin\AppData\Local\Temp\nskF34C.tmp\RAVVPN-installer.exe" "C:\Users\Admin\AppData\Local\Temp\jxfj4jpx.exe" /silent
C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe" -i -i
C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe"
C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe" -i -i
C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe"
\??\c:\program files\reasonlabs\epp\rsHelper.exe
"c:\program files\reasonlabs\epp\rsHelper.exe"
\??\c:\program files\reasonlabs\VPN\ui\VPN.exe
"c:\program files\reasonlabs\VPN\ui\VPN.exe" --minimized --focused --first-run
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\VPN\ui\app.asar" --engine-path="c:\program files\reasonlabs\VPN" --minimized --focused --first-run
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2208 --field-trial-handle=2248,i,14977404096116629959,10253475764766109011,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --app-user-model-id=com.reasonlabs.vpn --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2572 --field-trial-handle=2248,i,14977404096116629959,10253475764766109011,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --mojo-platform-channel-handle=2744 --field-trial-handle=2248,i,14977404096116629959,10253475764766109011,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --app-user-model-id=com.reasonlabs.vpn --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3848 --field-trial-handle=2248,i,14977404096116629959,10253475764766109011,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
\??\c:\program files\reasonlabs\EPP\ui\EPP.exe
"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run
C:\Users\Admin\AppData\Local\Temp\olcs5co1.exe
"C:\Users\Admin\AppData\Local\Temp\olcs5co1.exe" /silent
C:\Users\Admin\AppData\Local\Temp\nsaBD92.tmp\SaferWeb-installer.exe
"C:\Users\Admin\AppData\Local\Temp\nsaBD92.tmp\SaferWeb-installer.exe" "C:\Users\Admin\AppData\Local\Temp\olcs5co1.exe" /silent
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2180 --field-trial-handle=2184,i,7690243132194641119,761599702143340637,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2736 --field-trial-handle=2184,i,7690243132194641119,761599702143340637,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2216 --field-trial-handle=2184,i,7690243132194641119,761599702143340637,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3832 --field-trial-handle=2184,i,7690243132194641119,761599702143340637,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
\??\c:\windows\system32\rundll32.exe
"c:\windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\DNS\rsDwf.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe
"C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe" -i -i
C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe
"C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe"
C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe
"C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe" -i -service install
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.cheatengine.org | udp |
| US | 104.20.174.30:443 | www.cheatengine.org | tcp |
| US | 8.8.8.8:53 | 30.174.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | c6.patreon.com | udp |
| US | 8.8.8.8:53 | www.freeware.de | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 104.16.7.49:443 | c6.patreon.com | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| DE | 89.31.143.90:443 | www.freeware.de | tcp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.7.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.143.31.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.patreon.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | c5.patreon.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 104.16.7.49:443 | c5.patreon.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | p4-djarshpgvp4ua-mxo5ajvhlrzzwhrh-if-v6exp3-v4.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1vdn3r1396bak.cloudfront.net | udp |
| DE | 52.222.190.220:443 | d1vdn3r1396bak.cloudfront.net | tcp |
| DE | 52.222.190.220:443 | d1vdn3r1396bak.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.190.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.92.85.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p4-djarshpgvp4ua-mxo5ajvhlrzzwhrh-457948-i1-v6exp3.ds.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | p4-djarshpgvp4ua-mxo5ajvhlrzzwhrh-457948-i2-v6exp3.v4.metric.gstatic.com | udp |
| GB | 142.250.180.18:443 | p4-djarshpgvp4ua-mxo5ajvhlrzzwhrh-457948-i1-v6exp3.ds.metric.gstatic.com | tcp |
| GB | 172.217.16.242:443 | p4-djarshpgvp4ua-mxo5ajvhlrzzwhrh-457948-i2-v6exp3.v4.metric.gstatic.com | tcp |
| US | 8.8.8.8:53 | 18.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1zlukw2pqueen.cloudfront.net | udp |
| DE | 54.230.55.133:443 | d1zlukw2pqueen.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 133.55.230.54.in-addr.arpa | udp |
| DE | 54.230.55.133:443 | d1zlukw2pqueen.cloudfront.net | tcp |
| US | 8.8.8.8:53 | p4-djarshpgvp4ua-mxo5ajvhlrzzwhrh-457948-s1-v6exp3-v4.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shield.reasonsecurity.com | udp |
| US | 172.67.9.68:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 68.9.67.172.in-addr.arpa | udp |
| US | 172.67.9.68:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 34.210.55.102:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 102.55.210.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 104.91.71.143:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 143.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 20.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 185.26.182.93:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.182.26.185.in-addr.arpa | udp |
| US | 34.210.55.102:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 172.178.17.96.in-addr.arpa | udp |
| GB | 104.91.71.143:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 34.207.52.135:443 | track.analytics-data.io | tcp |
| US | 34.207.52.135:443 | track.analytics-data.io | tcp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 135.52.207.34.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.24:443 | download.opera.com | tcp |
| US | 34.207.52.135:443 | track.analytics-data.io | tcp |
| US | 34.207.52.135:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| GB | 92.123.26.136:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | update.reasonsecurity.com | udp |
| US | 8.8.8.8:53 | 24.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.26.123.92.in-addr.arpa | udp |
| DE | 52.222.191.114:443 | update.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 114.191.222.52.in-addr.arpa | udp |
| US | 34.207.52.135:443 | track.analytics-data.io | tcp |
| US | 34.207.52.135:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | electron-shell.reasonsecurity.com | udp |
| DE | 52.222.191.4:443 | electron-shell.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 4.191.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 35.153.185.54:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 54.185.153.35.in-addr.arpa | udp |
| US | 35.153.185.54:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | tcp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 131.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cheatengine.org | udp |
| US | 104.20.174.30:443 | cheatengine.org | tcp |
| US | 8.8.8.8:53 | home.mcafee.com | udp |
| GB | 104.84.78.57:443 | home.mcafee.com | tcp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 34.210.55.102:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 57.78.84.104.in-addr.arpa | udp |
| US | 35.153.185.54:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| US | 35.153.185.54:443 | track.analytics-data.io | tcp |
| DE | 18.155.145.74:443 | cdn.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 104.91.71.143:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 74.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
| US | 34.210.55.102:443 | analytics.apis.mcafee.com | tcp |
| US | 35.153.185.54:443 | track.analytics-data.io | tcp |
| US | 35.153.185.54:443 | track.analytics-data.io | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| GB | 104.91.71.143:443 | sadownload.mcafee.com | tcp |
| US | 35.153.185.54:443 | track.analytics-data.io | tcp |
| US | 35.153.185.54:443 | track.analytics-data.io | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 82.145.216.24:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 104.91.71.133:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| GB | 104.91.71.133:443 | sadownload.mcafee.com | tcp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 35.153.185.54:443 | track.analytics-data.io | tcp |
| US | 35.153.185.54:443 | track.analytics-data.io | tcp |
| US | 35.153.185.54:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 104.91.71.133:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | update.reasonsecurity.com | udp |
| DE | 52.222.191.107:443 | update.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 218.28.196.34.in-addr.arpa | udp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| DE | 18.155.145.74:443 | cdn.reasonsecurity.com | tcp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 107.191.222.52.in-addr.arpa | udp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | config.reasonsecurity.com | udp |
| US | 54.85.33.30:443 | config.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 30.33.85.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.37.1.217:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 217.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 92.123.128.146:443 | www.bing.com | tcp |
| GB | 23.214.133.66:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 146.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.133.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | config.reasonsecurity.com | udp |
| US | 52.1.58.210:443 | config.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 210.58.1.52.in-addr.arpa | udp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| DE | 172.217.16.195:443 | beacons.gvt2.com | tcp |
| DE | 172.217.16.195:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.16.217.172.in-addr.arpa | udp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 34.196.28.218:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.reasonsecurity.com | udp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 235.1.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 18.213.185.64:443 | track.analytics-data.io | tcp |
| US | 18.213.185.64:443 | track.analytics-data.io | tcp |
| DE | 52.222.191.107:443 | update.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 64.185.213.18.in-addr.arpa | udp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 18.213.185.64:443 | track.analytics-data.io | tcp |
| US | 18.213.185.64:443 | track.analytics-data.io | tcp |
| DE | 18.155.145.74:443 | cdn.reasonsecurity.com | tcp |
| US | 18.213.185.64:443 | track.analytics-data.io | tcp |
| US | 18.213.185.64:443 | track.analytics-data.io | tcp |
| US | 18.213.185.64:443 | track.analytics-data.io | tcp |
| US | 18.213.185.64:443 | track.analytics-data.io | tcp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | mc6.reasonsecurity.com | udp |
| US | 52.43.110.0:443 | mc6.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 0.110.43.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.37.1.217:80 | www.microsoft.com | tcp |
Files
\??\pipe\crashpad_4812_ISVVBBMGRBBMETTB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f81b16a6386ff6b6e31323dd4e427656 |
| SHA1 | cc7141428c68a5cff49656d661916e45f84e1108 |
| SHA256 | 82acfc1266e7602891c6c4ddd2f24a77dcf308d523c1c6868300936bbc265741 |
| SHA512 | 35623fee50cd3f6ebe7d7a392d187b10ef5877d45a0251558466f685be515ed52d0f4e308cbc9461218b4b76eb4c6382ba24b9c2d618ff617c9dc29171d7fcdc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1ccfae3d20e111f08767c0d805860cc |
| SHA1 | e9c4b75c07ca041ef5b0f909dc2496ebe75c3bc5 |
| SHA256 | e6258c36575d71464f1e4244b15ac70ba32ecfe9969268914395457bcc4fede9 |
| SHA512 | e71edbcfaf87c510d80109ee0d1f5c1cddc098b1bc2499e30e5d77449b88eed1013fb547f5028a8a5e068165020e3e7f0c84f237a66ef07326e6c7285e03142d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cbbe9234f72aadf2dd35cf4fde23fd67 |
| SHA1 | 1c3c71f709e8f99e90820e4c05d282db0862d84a |
| SHA256 | 6d1a5aad532fb37f25b63e70a87544cdf0a293b4819025db19011f9e09ed8d96 |
| SHA512 | d954124a9e2e5e717d29fc52fc900cc85a318816e8340ebe31a4a457fbeecf1e14cbf0c7cea24026165f95cc5fbdc4bfc72786434139d8149d1bc438b39c19ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\Downloads\CheatEngine75.exe
| MD5 | 224ce4c561a07effc0f3486506dca1f2 |
| SHA1 | c1b11a92d33d8206e14f9f266bbf04b86e62c095 |
| SHA256 | 417e8f4941c03e655e651541c4fc9f73cc3940626bfeb70138e4408cab500de4 |
| SHA512 | 4bfcd048dda6a04440ff071e931038db540d3f9b009dc0222bcc21056c36b7334e4501101b2e99a2f765ec2b4e88f33cfe73516bd4028adefb7efca97c035311 |
C:\Users\Admin\Downloads\CheatEngine75.exe
| MD5 | 9f3cbb82cd7bb6b91d003efa15229fd2 |
| SHA1 | 340021ba9b69a624774058a0345bf58823749489 |
| SHA256 | 1e3c0d52e2f3f7d9601f5c81e37201affe44b5397546d4c7471d45f41dfe1501 |
| SHA512 | 00c43f2104f23d15ae4f87eaeffc0766be563e5588dd75a4c2844745fc899fb4c4e3c725d0e19ce02bc3ee5da563d041f5b394c7be884feb764eafc03c8e9d0f |
C:\Users\Admin\Downloads\CheatEngine75.exe
| MD5 | 067f28e6b8af4f394e4b0de82067527e |
| SHA1 | 7f242cdc0c4c14cab0a71cdff29284a8cc15e556 |
| SHA256 | d1a5a7bf0ab1ed3ba6f6bbdbfdaf5c42e9604578159c9cbfccdc4225a3412732 |
| SHA512 | 22d103de0a6965b263f73ce099778aa27b65ed7782474e780a170a570a83ae320bb495aea353b2ea897faa70ed0ee940635437d96525820ed3ca442c33f50823 |
memory/4992-146-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-7LESQ.tmp\CheatEngine75.tmp
| MD5 | 14e34c5e0e3c320b904b9500e8fa96cf |
| SHA1 | 47cf88e6ddc1683135194b9d8b1cc32c78277f5e |
| SHA256 | 7398bd01e78df0d69169402f7fecf781c23f61127ba68290d146582ebadbf2ef |
| SHA512 | 6d99202dafd3209622e6fa217407bccd0b4157550d873bff36f06a279c499c9e98cb01d235c337d76d86c9e3c369d89712450fe1353eb18b2b7c108abd67ad59 |
memory/4428-152-0x0000000000BD0000-0x0000000000BD1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 472b2984fb28720b79984773e9198690 |
| SHA1 | 63927e34d491a588025845694dbdff2a73241e22 |
| SHA256 | d6419ff47e20a694220e332097019175981e843d8d7dbd721335da12a2e61bef |
| SHA512 | 08aacef472d774ada7cf78863878fcf88736f2b102ca96c8b7816ec0854a0c7b70281e22be6190df48e69d7ae99cbe5a97efae1605a9b8ffe76b89603b04adc8 |
memory/4992-162-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/4428-165-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f060c315b27f06176cd0cf54385633d |
| SHA1 | 47de508dc572a0a8779ee572c8c7235b16d0b8f5 |
| SHA256 | c4fcab2aa913502bacfd9fa27db8b32b474fc7b6c602799853d0611f77cc1c1e |
| SHA512 | b22045dd087b45f9373c4194ea3fe7c0d17f11b1a87dc517250fc67eff6245c68f8bed675ea914c4a3cd72712734212ca6741b988b4e6dce98bff0c2c0fb7a9b |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\zbShieldUtils.dll
| MD5 | b83f5833e96c2eb13f14dcca805d51a1 |
| SHA1 | 9976b0a6ef3dabeab064b188d77d870dcdaf086d |
| SHA256 | 00e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401 |
| SHA512 | 8641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\logo.png
| MD5 | 1df360d73bf8108041d31d9875888436 |
| SHA1 | c866e8855d62f56a411641ece0552e54cbd0f2fb |
| SHA256 | c1b1d7b4806955fe39a8bc6ce5574ab6ac5b93ad640cecfebe0961360c496d43 |
| SHA512 | 3991b89927d89effca30cc584d5907998c217cf00ca441f2525ef8627ffff2032d104536f8b6ab79b83f4e32a7aab993f45d3930d5943cbfb5e449c5832abe14 |
memory/4428-192-0x0000000003620000-0x0000000003760000-memory.dmp
memory/4992-193-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/4428-194-0x0000000003620000-0x0000000003760000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e34e83bdc4af86a8b15ed99382aac1b2 |
| SHA1 | d5bfb189d2944be95c4315865ee31e7e22ba0fc6 |
| SHA256 | 11551439c1eb2c2c99e39c634a415dfaf12f0ea7e7e458ea9ca50ca4bb52a743 |
| SHA512 | 6d9a0b70e9645d2e410cbf7cfbc3734d26f6a6e64b819c33fa8fa7343b73dc60ac74bfa240a6f5818bbc6d17693f738a7ba1013c4bdb30be8abe68289a07c0b9 |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\RAV_Cross.png
| MD5 | 5521662b178569ab52d6880a1faa8e95 |
| SHA1 | 62a6bad33b1bbd84aeb252be0680a07e6f93175d |
| SHA256 | 0232788928f14e3452016edb1af8a9decf37c0e6004f26cea3300b76dee645d3 |
| SHA512 | cbb9b36d09121d3e7948567b72ab4335fd6c8f0d4b2063878beadc8d3f5025fcb56d04e62386f6ed698153b9249131d986a826786981def1bb9e2fc01948c36c |
memory/4428-207-0x0000000003620000-0x0000000003760000-memory.dmp
memory/4428-208-0x0000000000400000-0x00000000006EE000-memory.dmp
memory/4428-209-0x0000000003620000-0x0000000003760000-memory.dmp
memory/4428-210-0x0000000000BD0000-0x0000000000BD1000-memory.dmp
memory/4428-212-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\WebAdvisor.png
| MD5 | 68dba223cf90bea8f73a12bf024498ae |
| SHA1 | c047063530956e8294a6947946587be58d07e21f |
| SHA256 | e54730e552186e2b59888a96a7b3784d759e7c8c6601f708d310f070abe89d5a |
| SHA512 | 8b69288da171dc853ffdd1dac925b7416498b5da9bc91db44ff2063ac7a991d814366eef74a04171f760a80b704e120e903f51b4595eb119c60f0bf78c398a51 |
memory/4428-216-0x0000000003620000-0x0000000003760000-memory.dmp
memory/4428-217-0x0000000003620000-0x0000000003760000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\Opera_new.png
| MD5 | df3a8146855b69ff6b41cb17a70ec306 |
| SHA1 | 7180aed1bce08399f086aca0996a7da807431552 |
| SHA256 | ed7ef8a251494d3e39ff3d1632bc01a90ecc723d5e838dbaa7a3612580cef321 |
| SHA512 | 9f5c907fab39f5564efa2774e8a4f317835a35f64b6a2e03ba380803604529a17d80f89279490a8ce2752ecd2f42709835791ee23ca6d45dbb9c768ccb26bc3c |
memory/4428-221-0x0000000003620000-0x0000000003760000-memory.dmp
memory/4428-222-0x0000000003620000-0x0000000003760000-memory.dmp
memory/4428-225-0x0000000000400000-0x00000000006EE000-memory.dmp
memory/4428-226-0x0000000003620000-0x0000000003760000-memory.dmp
memory/4428-227-0x0000000003620000-0x0000000003760000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 76bed7dfccda80c08646a77cd95f8c2a |
| SHA1 | 430fe7c769ad16a60f0abbb50ccd330cbea02e81 |
| SHA256 | bc932260591dd20c2f3a53f2a53c4af684862650b84b2b81b063d45d7b8d08be |
| SHA512 | 347d82435dbe585f2b1e06016a8dbf9ad7f4d8dee9d90a0a917ad699e609f3278db05f687e0431f3c315ca3a70bc9290bcc72d66a005336e21139fa0c721728a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3dd9236924ec13df91138de1cf744459 |
| SHA1 | 1c2d198a685b2d83516af25050a5c713d1323588 |
| SHA256 | 0e6b69614ca75423c5858995ca2c1181261182be383446968cd3bb852523c718 |
| SHA512 | 5b90711c06b666f4d5f48032e8e1b9ea38f6e520b0bf1c1c1feebd645409dc4e201ef8637f1d7b20712e2e73f8a778e6d56214afd39a28f686bf513e09746f50 |
memory/4428-243-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod0.exe
| MD5 | b0c22d29aa20243773c0f32598161b9b |
| SHA1 | c65d94622b2b07ce69d57f305b1c63d60c22b8bd |
| SHA256 | 077350047b7fcaf9a24bc060164c26929fc1a1ab43a8366f5ecd4a1c9d048dd0 |
| SHA512 | 3b54dab9f5388be0b0d99a8404c40f740083cce6d817538f7b337b10a3dc4271bf8c71c6b86b9a60268bbc9c1b8380ad1d93580169d4e6557a38a479eff5eeac |
memory/4428-265-0x0000000003620000-0x0000000003760000-memory.dmp
memory/4732-264-0x000002399AE40000-0x000002399AE48000-memory.dmp
memory/4732-266-0x00000239B5760000-0x00000239B5C88000-memory.dmp
memory/4732-267-0x00007FFD07EA0000-0x00007FFD08961000-memory.dmp
memory/4428-270-0x0000000003620000-0x0000000003760000-memory.dmp
memory/4732-271-0x00000239B5370000-0x00000239B5380000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod1.zip
| MD5 | cd9c77bc5840af008799985f397fe1c3 |
| SHA1 | 9b526687a23b737cc9468570fa17378109e94071 |
| SHA256 | 26d7704b540df18e2bccd224df677061ffb9f03cab5b3c191055a84bf43a9085 |
| SHA512 | de82bd3cbfb66a2ea0cc79e19407b569355ac43bf37eecf15c9ec0693df31ee480ee0be8e7e11cc3136c2df9e7ef775bf9918fe478967eee14304343042a7872 |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod1_extract\saBSI.exe
| MD5 | bb7cf61c4e671ff05649bda83b85fa3d |
| SHA1 | db3fdeaf7132448d2a31a5899832a20973677f19 |
| SHA256 | 9d04462e854ef49bcd6059767248a635912ce0f593521a7cc8af938e6a027534 |
| SHA512 | 63798024e1e22975d1be1e8bff828040d046d63df29f07d6161c868526d5f08451e44b5fa60bfb0c22cf7880abc03aaedafa2c5c844c3aeff640e6fac9586aab |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2.zip
| MD5 | 50a047c9410a6795b16efac1282e06f5 |
| SHA1 | 6ca6cab3791347cc73ee0bcc95800041abb8bb9b |
| SHA256 | d652c51ef76666282e8e9d165ef7d053414899aee4fb20f537aabf3e82e05a61 |
| SHA512 | 33f01275c6cbdbf26f8750402e2c9d5a857d3f6d267249c38ca26ccda90c76a22dbc5b25f6c9eff41b17401e7283d93b119607d195cabf7d5e4353bc4d6ff9ce |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe
| MD5 | fe3908432698d6c2cb46523f5ee66d90 |
| SHA1 | 23b1900ddf08a98acb19354afb517361d54f75e2 |
| SHA256 | b26c9e21d047c5a3c40bbfd30dcf8eaf2a1d62fb36bccd3aac2d39afffe9c2b5 |
| SHA512 | 20dbc5ec33c5ba62e46f559c17bd1a7885d3c0d25af1f27216f25459675ea30f95c0c6135dc4e2a6f310e2e5253d37003cf0afc61238f8b29e52664ec67c30ef |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe
| MD5 | 7e2f3ec2723a3381cda27ae862d05be9 |
| SHA1 | a82ed6a1d0a8c30b6072ddf9f9b0f52f5d5f244a |
| SHA256 | 9d221ec9e3ceeef61aa854507d038cf1cd3d3f9129724da4e2f0c0c389b6f8a9 |
| SHA512 | 51672519caa3a289e88d43eaa8f150f8b1dedbec7e4af1a446fbe033c34a55e22d9df6d994fccc27aa514a7fef0e783bfb139932f399e10639bcb8dbbbd7e2e9 |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe
| MD5 | c0956454decc7e3106afb3fbaf5747f9 |
| SHA1 | ba1824b9753128aa8562384c0433f46463a3b3bd |
| SHA256 | 58002ebfd4d00ec3b10a731daefb96dcdca79107273ee3d8da46971ca15aa821 |
| SHA512 | bad80bd6a11f005414ffedb566988b638bff6e1d0ad0d955d6ea7b19691dd0fe539a03ab8dac00c84591ea299e6e4c44a840b6614715d37c0340c280daea7945 |
memory/4428-330-0x0000000000400000-0x00000000006EE000-memory.dmp
memory/4340-333-0x0000000000060000-0x000000000056E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402222026547594340.dll
| MD5 | ecd896fd0abeb53a0e3d700948ed5613 |
| SHA1 | 75d55c6e80fe06f692e058fa630456ed028fac7d |
| SHA256 | 604885c47e0c57e7de6a453298d4a8ef795b18aa099ea55475d68b196f0a699c |
| SHA512 | 2b22d3f86db23cfecff481f376350120c5d6c8a87b1b8e68bd438594666283e5188faf6e70b3aa8535ed9801cd5e25b44748d2aca4298feebc472c3a78fc379e |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe
| MD5 | b4a9a472585ea437eab1ef042155fb08 |
| SHA1 | 0a2f67c2b8372af298110ca148dd50c5db028479 |
| SHA256 | 1124a799cfbecbb2f4043e9a55f05d6d38939775beea74fe093b55761dc8c1b3 |
| SHA512 | 7bfa2bfc0f2ec58541adfb95cb58d65a43254465a1b841f419ca65b06d881b90ab4032f65e5527bca0aa03c903b03860de9ff78f70fd34a80cdb33a2bdbbae4d |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\CheatEngine75.exe
| MD5 | f07cc08d497d12fcd8c0139e9152ceb1 |
| SHA1 | f9fd65e3a598014fad91a5cf59718e53ee532af4 |
| SHA256 | 8e6a8c512b61221c54db4fdd4de0293a2710e8840ebb29e9e33b7466886a5ebc |
| SHA512 | 7eb66ab335cfbb9290f001f8e203e221db1ac0708f9c6cc51bc36fb54dad75cc22e031c6c462d8a4996686fbfb1d9a3b7d04c761d26d27324a28eab6d85eee0d |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\CheatEngine75.exe
| MD5 | 15eb5d5d037db5019c42e48352a5cb28 |
| SHA1 | 46c132da5e8b0a438b4143979dbfebd7f5653036 |
| SHA256 | 292d0f310314d3e8806a7daf2ea0ebac03b978ea6a4cc4825605d74db2153adf |
| SHA512 | 8d5ee59386aaf7f1adbb525f48f6caa0bbb793c7ac0a69c20310365ec1f0ab73f4c8e99b8e5b7dd41941d86b6e7bf73fc6b80779392fefaf3bf43ffb155bc233 |
memory/376-350-0x0000000000060000-0x000000000056E000-memory.dmp
memory/1156-347-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Opera_installer_240222202656420376.dll
| MD5 | dcad0ab4c2bf91bf90c806a97b234f6b |
| SHA1 | 2ea6397d60a6d233ce488e12385c078e45d4607f |
| SHA256 | 176a920e02a5460c2948970305b558e723ca15514aebf9fa147aaa43a6e2bb58 |
| SHA512 | 44f2b15612de620b6c703214c5ce613d45b99e2773f4b6c8e4310a8f290457b51b879ff5c6d34b33ba07570cee7769c3222b35e3b7c6d5240bb6127ab73b41dd |
C:\Users\Admin\AppData\Local\Temp\c0t3ddwi.exe
| MD5 | 1831121878a4e14cf0a97ea6d13f1cfb |
| SHA1 | 50fc521d46729a5045f83bc3067a49b9ab02068b |
| SHA256 | 7f01570cd5a0ff870a94dd55b450fabe4d98cb5e47b6c435c0de522678fdc559 |
| SHA512 | 63175f57a5a4e2e8c78882d8ce7344c08b252f15edb187eaf6b43a4d3d567a308f9376a80ea0fb87dc6d57fec093148d1e9cae3f70c9b965a89cbfc4051e3eae |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
| MD5 | 938cbd1d51cc77b0949aecc5708c3ca2 |
| SHA1 | de249bf6be3694bf03f295b9569ee0b6192f631b |
| SHA256 | b075a731d73a5d82a7368bd0be6aebe3dbee65a7797357dad7f279378c3c3207 |
| SHA512 | 9fc0ec5701494ef8242f5fd066edf05f8349c83e56e58871174f746641fef63750dc86dee5809abd91fbed8ac8ed9a9af8c0cdca34344b62d985e223892cc18c |
memory/4120-364-0x0000000000210000-0x000000000071E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\c0t3ddwi.exe
| MD5 | 715145a2c5f42c7bf6cc96b081d65622 |
| SHA1 | 91256fbba9aa7590d76092d646529e840b300217 |
| SHA256 | ad808880d5b45d36799cb51512fe616f71e3adae77461f75ef7ad1ebae871c39 |
| SHA512 | 40f434797ef6900e1662e565df2d260ac9e3890bb2a50489ccfe1424654e82ecbef7f028518efcd10f0012d7450c196c8095e82883f558e035634b9cc239b28d |
C:\Users\Admin\AppData\Local\Temp\c0t3ddwi.exe
| MD5 | e4d558df8fdcef883f9ece4e94fce963 |
| SHA1 | 4511f5a2b4e5ed03b5220172385aa46852375cfc |
| SHA256 | f5b40e8c77844deedbd7d66329c3643a48b8ad47bad3bb25b76e3754008dca90 |
| SHA512 | eb3f0e2a0ad3a4be40c3abd43e11dc4f99044a18d98268bd544f02aa37cdb7b97cf7a89f5ea122236201b17e20fab59b93d6dd6233f4956637ca3b802c6d8cc3 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402222026583734120.dll
| MD5 | d6e9019cb9e2c7abb383aa5e34605a55 |
| SHA1 | 647e9b16321de73c84dae38479470806617ffca2 |
| SHA256 | 591a16b13ddbfa7be213e7dcdffcd902dcb6fb2778fbaf1840c48afa584fab76 |
| SHA512 | 65de8d15f4b46a0600e2f102f9c8a80b6a3cad416afb9d6d1d14a657cf36a859ba2e67d0d0135815acafc92b3cceb0759b2f95fa82381fffc2a7a8f2dc4d3e60 |
C:\Users\Admin\AppData\Local\Temp\is-BM37S.tmp\CheatEngine75.tmp
| MD5 | a4d559a45a1c822cd549e4c8fb6f3564 |
| SHA1 | ca72bf902508ccfd17c3a3a07e30ef94fde40e3a |
| SHA256 | b6df4ef7b46c20ab57a6026d3560393eead0c4fe87b08c3533995422456a2eeb |
| SHA512 | 31dfbd5020d1c3c210d2cdc717f4f312541c75eb5d07d447b035bbbff90900f1bd2b1d372f77b7dcc4db2e2264385ae2e0185f2d8b3669c42455ea4bb3b6e06a |
memory/4120-377-0x0000000000210000-0x000000000071E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsj199A.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
memory/2760-378-0x0000000000C00000-0x0000000000C01000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
| MD5 | 31bbc803df866aa0b04cf6e07bf3f9af |
| SHA1 | d7b90d548de7ddbe9e7221fb7c9991b7c202ff64 |
| SHA256 | 0338f972923cba26694767f42c5f1dd7abbdb79e26220e073c7a74f7514b85ef |
| SHA512 | f6447ed7df78a72ed09c70951bcb9ab0e9503433f28ddf82139c8e2cbe2c286dd15c6b1dfa2d9d5182284c1beaf08065270f5fd7b90b4ebce43c71d9b0132c53 |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe
| MD5 | f2d933a5633699e3923e44b9d569b729 |
| SHA1 | 3ceed52c9e0bb18c38fa4c590ebfa4ef99c41505 |
| SHA256 | b3c558560948205a0be7b1c7e26dbc87b086834b0e9fa39173dcce49d3646466 |
| SHA512 | 9eb913846a2afff2ee055384e4b0a123d1e5a9fd84b6cab9a7e5de9bae14ed51386704ac1f171aa099616cfd6aefc4eb9b73897654c3e0a46a52cfb5ad1674c5 |
memory/2380-398-0x0000000000060000-0x000000000056E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402222027000452380.dll
| MD5 | 468c8405aca7ef6ab8bb5db872570c5d |
| SHA1 | 5d1a0e80da4b2eb006934b2c597e3ed92eab90c9 |
| SHA256 | 30cf995889527eb1d89b601c768bad5847253ade0bed143d0311e970e4f3c08e |
| SHA512 | 63430a38f9ac9f60c1f8507cc6007e235a5a9c4eb50aef95e4db2ec87d06f741ffbbca57e6a1984e9ee75c1a64a3551be463677def28f13d7c69e65d606ddf11 |
C:\Users\Admin\AppData\Local\Temp\is-95F4Q.tmp\prod2_extract\OperaSetup.exe
| MD5 | c0f6965753d1444b668c203bdbb5043c |
| SHA1 | 92703935615fdc58272f733ceecb6e983ac7b745 |
| SHA256 | e252b2d89bf4e2b5d1a58497afdbf85815894e0345177360a7c41d658528942d |
| SHA512 | eaea39d05aee8f7a6dc77a55d32e87e1f36081f3abb9c71f4b90d8ad910a470f3674757e43b848eab4de7312a87837e063af040723b49e1ac8cc8939aaf8da13 |
C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\RAVEndPointProtection-installer.exe
| MD5 | f5077db3ed293b92285f3cc588ca3bcb |
| SHA1 | 242bb20627cc2dae55cdfb076966e2c3b347c505 |
| SHA256 | ec5b94118badc4b0653f1022d2ef8976b7cf5d838d264edfca6a5737c94214fa |
| SHA512 | fc4b07b0cbf7a4abcc77fc31c1152760e65124a0004919d5f0c4d9a21f4297cb50a4b8a29e5dd023a8e9682784cbc646dcaaf7e315154ca316bf52f145429dba |
memory/3796-453-0x0000000000060000-0x000000000056E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402222027005923796.dll
| MD5 | a219946ec5c73e4d16e6f17e7ab2a695 |
| SHA1 | 244ca1e85af3aa1daed0261aea000b924082be45 |
| SHA256 | 101ed2d5066cb1cba54443641f783fb002f2ec3057844d932bb8e9f19aeb588b |
| SHA512 | 236e8cb353c7b0bf0c88ba6f165f8c83158f12c093ba09ee2cb3ef08010480f318de5ff1d3a4ef4d3f35b2e4115e9a7668a5fb76b82079980491d48df62f463c |
memory/2452-456-0x00007FFD07EA0000-0x00007FFD08961000-memory.dmp
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | cbd50901636eaccec42ee65c17aec4d3 |
| SHA1 | aa41943c194010e74cc1f93b43215a56744064b6 |
| SHA256 | e05b40bac6a9ec3491ce103778913fa461a62b261ea197ed90ed268a973dcbdd |
| SHA512 | 013699a8bca69c29376cd7b9747b6c60bff414e83e05f0e420083e15b7c243b6c7e5a63ca3b0c44ec77a14bba9f556027aec7acb59e026d00202f497da0057a9 |
C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\rsStubLib.dll
| MD5 | a16602aad0a611d228af718448ed7cbd |
| SHA1 | ddd9b80306860ae0b126d3e834828091c3720ac5 |
| SHA256 | a1f4ba5bb347045d36dcaac3a917236b924c0341c7278f261109bf137dcef95a |
| SHA512 | 305a3790a231b4c93b8b4e189e18cb6a06d20b424fd6237d32183c91e2a5c1e863096f4d1b30b73ff15c4c60af269c4faaadaf42687101b1b219795abc70f511 |
C:\Users\Admin\AppData\Local\Temp\is-PRLOG.tmp\_isetup\_setup64.tmp
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| SHA512 | 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e |
C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\rsLogger.dll
| MD5 | 83ad54079827e94479963ba4465a85d7 |
| SHA1 | d33efd0f5e59d1ef30c59d74772b4c43162dc6b7 |
| SHA256 | ec0a8c14a12fdf8d637408f55e6346da1c64efdd00cc8921f423b1a2c63d3312 |
| SHA512 | c294fb8ac2a90c6125f8674ca06593b73b884523737692af3ccaa920851fc283a43c9e2dc928884f97b08fc8974919ec603d1afb5c178acd0c2ebd6746a737e1 |
memory/2452-463-0x000001A580F10000-0x000001A580F50000-memory.dmp
memory/2452-476-0x000001A580F50000-0x000001A580F80000-memory.dmp
memory/2452-490-0x000001A59B060000-0x000001A59B070000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
| MD5 | 143255618462a577de27286a272584e1 |
| SHA1 | efc032a6822bc57bcd0c9662a6a062be45f11acb |
| SHA256 | f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4 |
| SHA512 | c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9 |
C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\rsJSON.dll
| MD5 | f8978087767d0006680c2ec43bda6f34 |
| SHA1 | 755f1357795cb833f0f271c7c87109e719aa4f32 |
| SHA256 | 221bb12d3f9b2aa40ee21d2d141a8d12e893a8eabc97a04d159aa46aecfa5d3e |
| SHA512 | 54f48c6f94659c88d947a366691fbaef3258ed9d63858e64ae007c6f8782f90ede5c9ab423328062c746bc4ba1e8d30887c97015a5e3e52a432a9caa02bb6955 |
memory/2452-494-0x000001A59B020000-0x000001A59B05A000-memory.dmp
memory/2452-492-0x000001A580EF0000-0x000001A580EF1000-memory.dmp
memory/4428-501-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
| MD5 | 9a4d1b5154194ea0c42efebeb73f318f |
| SHA1 | 220f8af8b91d3c7b64140cbb5d9337d7ed277edb |
| SHA256 | 2f3214f799b0f0a2f3955dbdc64c7e7c0e216f1a09d2c1ad5d0a99921782e363 |
| SHA512 | 6eef3254fc24079751fc8c38dda9a8e44840e5a4df1ff5adf076e4be87127075a7fea59ba7ef9b901aaf10eb64f881fc8fb306c2625140169665dd3991e5c25b |
C:\Program Files\Cheat Engine 7.5\unins000.exe
| MD5 | cc76c9d1466fa079aff507f221d085aa |
| SHA1 | 25e0a73c34174e22574a18f02c0e4dc32f57af99 |
| SHA256 | ada27ac87dd2d602cd6e1c38437d79d4428cb74f7f2226288ef4628240ca0e11 |
| SHA512 | f816ce4ee2ee469ef53ead15c8d3a483eba0f6eaf7cd1dc9f5e06eb50f48623c02fd7376ef0434434e16fdbea1a114ff98d94d71b8e2e62fe3cbcda19357c8bc |
memory/4732-505-0x00007FFD07EA0000-0x00007FFD08961000-memory.dmp
C:\Program Files\Cheat Engine 7.5\is-6BSR7.tmp
| MD5 | dd65b49aad767586915fcb1fe56eb176 |
| SHA1 | 0f6b8c99985574344d8fdca0b330b99b4f5adde8 |
| SHA256 | fa514449d7b896cb4140b25de8747b3e77d8c15c575b0bee5b89086286a9475f |
| SHA512 | 456da54a3c8d7548aae23f898cbeb27e9b33a408cb6f6989afc07a3d5291f611af345ef6ea5ee5fc392eed674ecf9c347f91321f8136f041fa7c8c5b9d69cc7d |
C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
| MD5 | f921416197c2ae407d53ba5712c3930a |
| SHA1 | 6a7daa7372e93c48758b9752c8a5a673b525632b |
| SHA256 | e31b233ddf070798cc0381cc6285f6f79ea0c17b99737f7547618dcfd36cdc0e |
| SHA512 | 0139efb76c2107d0497be9910836d7c19329e4399aa8d46bbe17ae63d56ab73004c51b650ce38d79681c22c2d1b77078a7d7185431882baf3e7bef473ac95dce |
memory/2452-455-0x000001A580AA0000-0x000001A580B28000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\rsAtom.dll
| MD5 | 9deba7281d8eceefd760874434bd4e91 |
| SHA1 | 553e6c86efdda04beacee98bcee48a0b0dba6e75 |
| SHA256 | 02a42d2403f0a61c3a52138c407b41883fa27d9128ecc885cf1d35e4edd6d6b9 |
| SHA512 | 7a82fbac4ade3a9a29cb877cc716bc8f51b821b533f31f5e0979f0e9aca365b0353e93cc5352a21fbd29df8fc0f9a2025351453032942d580b532ab16acaa306 |
memory/2452-510-0x000001A581000000-0x000001A58102A000-memory.dmp
memory/376-512-0x0000000000060000-0x000000000056E000-memory.dmp
memory/1156-511-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/2452-513-0x000001A580EC0000-0x000001A580EC1000-memory.dmp
memory/4732-514-0x00000239B5370000-0x00000239B5380000-memory.dmp
memory/2452-515-0x000001A580ED0000-0x000001A580ED1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\Microsoft.Win32.TaskScheduler.dll
| MD5 | a09decc59b2c2f715563bb035ee4241e |
| SHA1 | c84f5e2e0f71feef437cf173afeb13fe525a0fea |
| SHA256 | 6b8f51508240af3b07a8d0b2dc873cedc3d5d9cb25e57ea1d55626742d1f9149 |
| SHA512 | 1992c8e1f7e37a58bbf486f76d1320da8e1757d6296c8a7631f35ba2e376de215c65000612364c91508aa3ddf72841f6b823fa60a2b29415a07c74c2e830212b |
memory/2452-522-0x000001A59B0D0000-0x000001A59B128000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\rsSyncSvc.exe
| MD5 | ded746a9d2d7b7afcb3abe1a24dd3163 |
| SHA1 | a074c9e981491ff566cd45b912e743bd1266c4ae |
| SHA256 | c113072678d5fa03b02d750a5911848ab0e247c4b28cf7b152a858c4b24901b3 |
| SHA512 | 2c273bf79988df13f9da4019f8071cf3b4480ecd814d3df44b83958f52f49bb668dd2f568293c29ef3545018fea15c9d5902ef88e0ecfebaf60458333fcaa91b |
C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
| MD5 | 0806db15470b50b2fc76def8e010492e |
| SHA1 | dc16a69a3de41fe5d7d39c9e6d192abb2cd229ae |
| SHA256 | 205137440d0fb082afc0adb8385b71168b2b19731cfaa6d423077a0ce3bb5b17 |
| SHA512 | cab249d65cce1158c0f0a5c65943fb8ab04b7ef7ec6c19af42170944b0ed7519e82252189ee65469f63424be315ec37db47522e32dd4d1c5bf6a138199f5d496 |
C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png
| MD5 | 5cff22e5655d267b559261c37a423871 |
| SHA1 | b60ae22dfd7843dd1522663a3f46b3e505744b0f |
| SHA256 | a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9 |
| SHA512 | e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50 |
C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe
| MD5 | 3ff4aa35cc5d239b2c86f01b1aa404d7 |
| SHA1 | b9a898f52ab76a25c768b8fac923ef544ad6f8c8 |
| SHA256 | 1b30046e0528eee6bd2f4b37d9a40393b0e08d4549949d468ffb4b5780df1ea3 |
| SHA512 | aecf54dabc139c552d4b5a23cf166c1b86de73881c4eb8cb81d209d0f225b5808dfa32885fa8b9cd97e98d681ff196f6e5d00ac4371c2e5b323a8bfe3ed3c171 |
memory/2760-1287-0x0000000000400000-0x000000000071B000-memory.dmp
memory/1156-1288-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/5456-1289-0x00007FF7FCD60000-0x00007FF7FCD70000-memory.dmp
memory/4428-1296-0x0000000003620000-0x0000000003760000-memory.dmp
memory/5456-1297-0x00007FF7FCD60000-0x00007FF7FCD70000-memory.dmp
memory/5456-1298-0x00007FF7FCD60000-0x00007FF7FCD70000-memory.dmp
memory/5456-1299-0x00007FF7FCD60000-0x00007FF7FCD70000-memory.dmp
memory/5456-1302-0x00007FF7FCD60000-0x00007FF7FCD70000-memory.dmp
memory/5456-1321-0x00007FF7E66A0000-0x00007FF7E66B0000-memory.dmp
memory/5456-1342-0x00007FF799BD0000-0x00007FF799BE0000-memory.dmp
memory/5456-1364-0x00007FF7FE1A0000-0x00007FF7FE1B0000-memory.dmp
memory/5456-1413-0x00007FF7F3F70000-0x00007FF7F3F80000-memory.dmp
memory/5456-1433-0x00007FF7B23E0000-0x00007FF7B23F0000-memory.dmp
memory/5456-1447-0x00007FF7E66A0000-0x00007FF7E66B0000-memory.dmp
memory/5456-1406-0x00007FF7E66A0000-0x00007FF7E66B0000-memory.dmp
memory/5456-1474-0x00007FF7B23E0000-0x00007FF7B23F0000-memory.dmp
memory/5456-1459-0x00007FF7E66A0000-0x00007FF7E66B0000-memory.dmp
memory/5456-1378-0x00007FF7E66A0000-0x00007FF7E66B0000-memory.dmp
memory/5456-1498-0x00007FF7E66A0000-0x00007FF7E66B0000-memory.dmp
memory/5456-1485-0x00007FF7B23E0000-0x00007FF7B23F0000-memory.dmp
memory/5456-1481-0x00007FF7F3F70000-0x00007FF7F3F80000-memory.dmp
memory/5456-1468-0x00007FF7F3F70000-0x00007FF7F3F80000-memory.dmp
memory/5456-1375-0x00007FF799BD0000-0x00007FF799BE0000-memory.dmp
memory/5456-1404-0x00007FF7B23E0000-0x00007FF7B23F0000-memory.dmp
memory/5456-1394-0x00007FF7F3F70000-0x00007FF7F3F80000-memory.dmp
memory/5456-1508-0x00007FF7B23E0000-0x00007FF7B23F0000-memory.dmp
memory/5456-1509-0x00007FF7F3F70000-0x00007FF7F3F80000-memory.dmp
memory/5456-1329-0x00007FF7FE1A0000-0x00007FF7FE1B0000-memory.dmp
memory/4428-1526-0x0000000000400000-0x00000000006EE000-memory.dmp
memory/5456-1592-0x00007FF7F3F70000-0x00007FF7F3F80000-memory.dmp
memory/5456-1622-0x00007FF7B23E0000-0x00007FF7B23F0000-memory.dmp
memory/2380-1648-0x0000000000060000-0x000000000056E000-memory.dmp
memory/5456-1647-0x00007FF7F3F70000-0x00007FF7F3F80000-memory.dmp
memory/5456-1619-0x00007FF7F3F70000-0x00007FF7F3F80000-memory.dmp
memory/5456-1652-0x00007FF7F3F70000-0x00007FF7F3F80000-memory.dmp
memory/4428-1948-0x0000000003620000-0x0000000003760000-memory.dmp
C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log
| MD5 | 4f5ada00e0ee9b2e86f52384e50193c1 |
| SHA1 | 4c4e8fe65cb4c2cc6b569b130bf5a17e7297ae55 |
| SHA256 | 89cbed46dcd36404c35f15573908169e554c96a343c37882d1c0a9a8e511515e |
| SHA512 | cfb02b040c1a3cb95243b853cf91b9b99182e942effde31c69925b51580e5d8a2262d4755aee9c1ead8e6a79cfc5992223c97af3803dea5d27443bc3dddf5c3d |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | a37c6916dd6de30d3e8341fa267933ca |
| SHA1 | 41c32c5624d182060248b1ec16a7d252b1eb1694 |
| SHA256 | e21c62ec2f19546f2bd10e7a1bb370fdd824128ec4602912b903190c2dea054d |
| SHA512 | 3d7902d3e766cbac679a43774b8a6d8f86c0ba7f6f4bf3f0f1cd57000a7552f9c20aab4ee26f6d3d2f61a144504f4ca7ba2bc226ef03c968f8fb800a335d4ae0 |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | eb105c0885ee2e4b9e2734f6f7284019 |
| SHA1 | 327479f7820d19e6c236dc11f8707efd0d6bf6e2 |
| SHA256 | 350bf925609830e683e5007dbe8feb4000a0c32a2b991798dc6b84608a2a8e89 |
| SHA512 | 7e6805c2aabb1b1b8768eaf2c816dadbe78878249ea66eb89dd595fd9119ed0f8926213aa51028337fd1674aee532de301877458b5c7d9c0a2271c32a48ac611 |
C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log
| MD5 | d9eb26b9cf048dc75d96dd549bba3b86 |
| SHA1 | f0196d5f0ca6fb7c2e7cee673fd243cbf32e7d40 |
| SHA256 | 9d31fca68d5a851efd43ac2e5ab364b2f08c6a4b5489e9e6f91645e1bbad8715 |
| SHA512 | 1f1b599c4fb3dc59bb7c8bf915334dd19b59fb0d3d328fd5efc1969097372733e9060e7009d12181302f21edba4aebe3c39674bba9fbef29e5b293a756ec4e96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2ecc9b9a06cf4cb1fd4ac46c562175e |
| SHA1 | 98217ccbc434ab0280f97daf7ff57aa307b70d2d |
| SHA256 | c2a1932274977b8e980d9eac92f0ef8dffb88835d90896be69f2529fd815a41c |
| SHA512 | e952b7b0cd9ec4090d70ab73a0843c9a3a87eb2137429c758e352e7683d3725da1b87824f72fd62fce1a17c71e291b1da066da1151f79e6f94020056f8f5a7ca |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 871fba57c045d5fb992663b827fabf42 |
| SHA1 | 003a95d0611b65ea805765d665a6648c79dfb3d2 |
| SHA256 | 61846f4e9a5ddb169f07dec90dc996e9aefa8a60db2939ab042ffc5b5d83918a |
| SHA512 | 04d14ed64c31b65f41369b046e7923168f69b4e6d519ff9584808047994f262a7925c742ced2ba497488c5773d45ff35682ae3a1846e493a656ffb3a54c546f2 |
memory/4992-2945-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | eca37dbf4269b81e795dfa1f6f9dbfa1 |
| SHA1 | 8fbbdd3478872626ac9625270c98bbe3726190ca |
| SHA256 | 9eaccef1bf81641267aa9be6c97c2119788cc9ad80c544ed130e09820fcd9902 |
| SHA512 | f59ef2b8dd647988ccee829c1bf45a1ecc10185eb07efb931f6b0856a268545a5a83d08a73cc4870adcf03f1cf79a0bd691584f065b9e7851e5a6bcf1a6f6f2a |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 6c776d2aa57a60a04d97fd8a2583250f |
| SHA1 | 0c94d9380a17225803df4d4528f4f1fe9e03ac75 |
| SHA256 | 0d10f660ec9d36233f447287e28fe457745583d552c2fbd2c87aa8d599eaaf1e |
| SHA512 | 1fe081f04f5b43795801916bc4976a3e73e50833b9a607d7a8bc986a656105db3651b55ef068b73e8f95929216caa714c6a3d52c33ea785f777401a9c827b93c |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 54d3dec4902c783cd989b488162eb419 |
| SHA1 | 3e0e88caeed38909dacb42e3bb3f16928b5d738f |
| SHA256 | a74d01a1b3d4479cda3759e9c04d74290e4ed9cca2522f496e8ef48a9046554b |
| SHA512 | 102d06050425fe1a9a4be5ad5552f6791cc32d8965177838f78b727c4b51b8ac5a5a0a235db3c89f3a2ddc7ad4779c1b7527cb6340a057e41dbce53361df0fcc |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 6341326ddd41e9f90696af489e42301a |
| SHA1 | b13c1521cee0f10658a146763d2d87509ae1c089 |
| SHA256 | aa8f300f58613c967dc8c519a7353c21aa3e6726effb88b29742f2f0f42fdfe5 |
| SHA512 | 0e57b114be162d94bca8bfa5524bec140154cd473a43323803a4932e4c6fe77a934793607a3b8a217378a55bc68230eb6e72f7cc1c54866b74a8731e083e2c00 |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 6ed0ab4bf25458f44a339a506618aef1 |
| SHA1 | 7b825a364859f9c69b1790a2c9fc5a2a8960d0c9 |
| SHA256 | 9574e93d049e410db72321040cc45fe28537738d9b84ce44d12c70e58dd646ae |
| SHA512 | b8eadb9bb6e24cc973e16511d774cf3fa2549a6f4b547e41cf214b5b4d68af218892b875079c95ab8e62715e959b6ba00cedf8c5bab16f10b0130b120832ae39 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 1d11d8e7355a8cba97a6824d6c67c343 |
| SHA1 | f386d69ee141df0bf44591a8a83fb360d342468c |
| SHA256 | 094ba4122e5b6afbc5675b13e62e256b040e4f0c3d3d8a6404bfd37e22b48c1c |
| SHA512 | 8d1f0e1d52a1dc9be56021a4864c28f03c9ae435d5226041799ea6f74315d8e0445857e8e60c9ea46c101c62ac21aa34683154a26c6cd4a9452af6103d722295 |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 2fa5927d41b525e99503ef3463784f35 |
| SHA1 | 639090ad1172ba54b74e3b817676278035471507 |
| SHA256 | ec6e1ee6a89d7a574ba4d07697facbe29b4ba23967882e2a5012cb24ff850539 |
| SHA512 | 533b01938a49120e90462adf343d6d47eebe8e13da38c184d6da5b6f4c817bde456a7551d2c082f3bbdf1ff01f3a50265d98d7b2f8fec057df3078db20bbd777 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | ed086a8bc8545815f32445380b562d4c |
| SHA1 | eff7156786f0b151324a54738fabf41c7a4b66d2 |
| SHA256 | 8b72cf8abbfd93ac68576201df9dc101805140fd402671a62bb7a3052422d839 |
| SHA512 | 15044b498acb9394b1861835f154a617b13f3e4b02e9fc3c52cc8be3339e880923f315e941df4752786ac5b573dea9d92fe7eef4f08c0e683525184819936199 |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | dea501c00feed7679a660f14e0f839bb |
| SHA1 | 3e0c63288f71aa1f7a09d91752020b3029ab8e77 |
| SHA256 | d4b8862c0f82664efb4a24c986362a27e9761c6a4c9ee3a1823d068e9f95e3c3 |
| SHA512 | fa276aafbd03ffb66460ceef0959ac1c47b1b4518f733cd17959085f58e0b7f10438e92cbf7d2ff7382095ec46f4e2770e21066b9995f924e786209beeb91683 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 4aac12a227b417206d9d10e3ec28f7c0 |
| SHA1 | ff2893e6c1954ef16a625308d764adac9fa01b1d |
| SHA256 | 7f9daf7c636d526faa9e43b0f69e1bbf74480169f4994d662ffd77c506725da7 |
| SHA512 | ff561391c5de828c160fc8582326f867a338e40d29e3489c31d8fe0947984b104f1511465bc3a3bf0cc7e91b7c61fd8ec7f796f95cc1045b67b50115b009adaf |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 7bc4f9db7b48f953cbd3b1f8d2d826c3 |
| SHA1 | 08ff6d18cf2423c79e4fc9768320426e48c1502f |
| SHA256 | 80453717204d5c5b914e5647080ff1839ea043d666ab75c923c931a314731525 |
| SHA512 | 8810ffd51134c3d7048da7694bf1cdec6f46dd4f3868dcd974452f7be851e84ee189c324d39e71a38ecdd0b95ab19c42c872a118124ad939d692347417cd5020 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | abc187af2dd9e1105b436977ecc68eed |
| SHA1 | 33edfb44abdde2c49ebce11a3431c25188d91633 |
| SHA256 | 93482e9145b60d1121180b2b9c170071ba7d012d91e197847a7b5d4f7095ce11 |
| SHA512 | be2fc8110b03a9b6b9a88edb7f9c9042abdd68414f37a3dde954935a760d5b78090eed37c242fabd9238b9eebf1b7fdde6a47d1a600a98fa002a8f7531a5c8dc |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 6de4b6d2f4bfee6a02e4c8113496ed7a |
| SHA1 | c2be807ccef6f6adedbff1b8db3f4f14e1faa614 |
| SHA256 | 3bbd83d23e912138807fc3386b88c79dd2659bf0646f534098edc6f3e7f67696 |
| SHA512 | 9d55a21b3efc7a98158869a72fc686632a486ea479bef4fa58a6788d09792308ab8005c64a7b2ddc73b6759c3392c10ad0eb3bde7cb02dab4f27199665942a3c |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | eaf4c9ea021006e86b308a384acfd70d |
| SHA1 | d0bab776bf219e7ad69a364052f31499e58895eb |
| SHA256 | 1b0eccc8d98e7961daa347892809017f88bcbfe84f439870917d5bcf1790285b |
| SHA512 | 76d2cd0d5fadb8f27052f2b1b6bcaa97ac881e87a4466a983f5945ea95871af96f1d1aecaee233285b082f3647eebf93864927cd91d4f6294b08ce6e97d5b316 |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 1c5cfafd73ee05c6b4a457a32c246fad |
| SHA1 | d1a3b1a507307a8b5ef779396435594cf9e93517 |
| SHA256 | f758e10cbff7666ef454bb60d68083ae09682d3fd7216bf21cab0c826364069f |
| SHA512 | 3f28adeebe3a2248f2f444b03430a66a46dacc3468f0081fea8ae5c5e140200223b8df2cfd53ecce3a422cc73539dfad5df1055005e68004ad7b3bcbf985129f |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 0bba1bfcd752390c0fb67e6b0672665f |
| SHA1 | a9f313de5275c7894f0db5aa3530b307e81df998 |
| SHA256 | 928c5ee85b5a8ed1718f3360c55b31393c6cc6e9244b9d696868855a9dfa3bdb |
| SHA512 | ccc1f0b10f5b0928b492434323a8a99b475ac1ebec54c2b373e734193ec2ad083fdb0ef6bb809f6c8fdaffe3f60ab2db6ccc859318bcbef8736a9f3234cb310d |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402222026591\opera_package
| MD5 | 80569a4e236d3e90466effc5c1e8a441 |
| SHA1 | 8c2598d117221b806979849b2bed74d3fcaffd97 |
| SHA256 | 0f240343b1ced3991afae0daa01d130458f06fb73b64e3c368b03e3681a56a06 |
| SHA512 | 1c02fe1a65935b350b4aa7abd287f97c92420749a8dce785ad6d7dc05a76647b7574e0a6836392d7b303d6fa5f4bb83a3f46e1caa01c490b5ed352d883b90a5e |
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
| MD5 | a96e27e1ab2ee7af70b00985534fb71f |
| SHA1 | 2f7e9028530dcd6a5c3ce6a17e50340b25fbc17c |
| SHA256 | 5e0198e2ee51a06e8286996acdfc23795d0abe5f54c53dd22bf5d4d1dec214ff |
| SHA512 | 4924be8f9a43402bcd4bfbeca3c674167a84b5235ff70913fcbcdd846a54e7801ad33d39c266120e35a2672f91ea7b1e9aa327aa25987bae18d294042be89eb4 |
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
| MD5 | d0098b446cfd5e7320dab7acf2b28804 |
| SHA1 | f108ebb75b1e107f0a44219a0ff11e9c51b9f0d3 |
| SHA256 | 01cecbe3c9df25343f01e096db35d6727f784fda9ee1b598d3b9caa8159ec074 |
| SHA512 | a6389168892e255c16d8fcc14872f805ff5e49b550840c119c025a9a22f406649a2f70e067fbe4a9e3ddb65ada5f707827c0f2ee6bb956320384849a528a3434 |
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
| MD5 | d402ca161f9047ba9e4047496edc491c |
| SHA1 | 37f69c2de4c442488f4084ccce26b26ae8f23a6c |
| SHA256 | 0c17047bf5f7ad5686214c8044c459673edd5f3e2a3e418782ba5cdd8f97cecf |
| SHA512 | 5bff1a4fbfaf2504836e803b2a9a460625c26383e36d63590aafc3a937e669725dae5dcff007f269ae405ad81abd1f306c96115e58dba934b2770c6d40f21e40 |
C:\Program Files\ReasonLabs\EPP\mc.dll
| MD5 | 7a1619d343249007fb5c01fd258a4dc0 |
| SHA1 | 7447b027666c414b79e46925a77733058bbf8142 |
| SHA256 | 66a5476a9d69761e9c46c6cbf924cb3c5abf75f8115817558a472c9c84780306 |
| SHA512 | a3a99db109cab6a1f396a947f8bd9b911afb69c8ed816f4dcc85805440d13833486a5fafcd96edceb000793d154d05439c5a5148fc072d2ac9a8b1f45bf2320d |
memory/2452-3405-0x000001A59B270000-0x000001A59B2C0000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\EventManager.dll\log_00200057003F001D0006.txt
| MD5 | bb4d149573b18b7a2a335684599c5522 |
| SHA1 | b20b1f9fc934c9ce1cd500ecc55702bbdfe3e8ee |
| SHA256 | 02bfe64d16f0cbb52c35828b7e7329320d841da20ee403239804cdb3cb232615 |
| SHA512 | fde8b356b4d757c61c6a4e0619db6eb45c08eaaa6b6dc6b970b802739cdd1543d3e94c81be06a0f900cf09edfdaa8e993dcb563ca940abd01693152cc0cd3384 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402222026591\additional_file0.tmp
| MD5 | a7441b4573e9475eaf029f34e0c1ee1b |
| SHA1 | 2698dd9c80e6f895f35311f6879fd7ce8ec5d73c |
| SHA256 | ffa0bb5cc0518482adb29df358228fe532d435a6376d134bac2d64d60d9c6329 |
| SHA512 | 3490f6d07a5757d03e81fac4f8ea6a9e1fe5fcae8ff8af2a3a5eddd3e6dfbebc3793504fee5cb77966a47df0a41c461a66f08feddc7e3e45e3c7163e3157d95d |
memory/2452-4570-0x000001A59B6C0000-0x000001A59B6FA000-memory.dmp
memory/2452-4571-0x000001A59B670000-0x000001A59B671000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\585b3608\8c1ed8a2_cd65da01\rsJSON.DLL
| MD5 | 1f2c8961bcf9a47e491e3163e69fd8d7 |
| SHA1 | d1afdf1c05c41c6a4373e6b078519150d6681193 |
| SHA256 | 3e3b1c6ccdb7fe88fb194c93a3780fc8791d824456b03fda798df7c7dfdd19e8 |
| SHA512 | f1b0083734d632429ce2142b2cc5176766fdee17b44a3aeca921a403ef11fda13257f33bfae8c595672508a702c724d638b0e54dee9db4d5283f8e5d4e562cc9 |
memory/2452-4586-0x000001A59B6A0000-0x000001A59B6A1000-memory.dmp
memory/2452-4592-0x000001A59B740000-0x000001A59B770000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\77ae610f\d483daa2_cd65da01\rsLogger.DLL
| MD5 | 40c1ebdaaad9cafbb5d0a6b44d9d5ed3 |
| SHA1 | eed474d761bad1c5b4f034583e977891fbf1d2d0 |
| SHA256 | 97b1d1cba72fe3f8ea3213818e60be29f9b821faed6de08b0364e4c4faaba673 |
| SHA512 | 15255d7458c19b940bb47db3e18003310b4ccd784d65a5beb41efa15dc9372e3711d33763c2e71ad85a1260e87fc8a2af27acdfa20b30662c237eb2c4d80a03b |
memory/2452-4655-0x00007FFD07EA0000-0x00007FFD08961000-memory.dmp
memory/2452-4663-0x000001A59B680000-0x000001A59B681000-memory.dmp
memory/2452-4676-0x000001A59B7A0000-0x000001A59B7CA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\5ca54cbf\430cc5a2_cd65da01\rsAtom.DLL
| MD5 | 6a2b63ae38acdb4f61deb62f46f4369e |
| SHA1 | d4747d8a07da4b3ff816cf1cfe9145a4a346e461 |
| SHA256 | 357168503a29efb026299edf75244e7d351fc242c395ee287c8bbb921e3985bb |
| SHA512 | 3de45dbe81adbfc7924c01f7d6edd2f1cd55f3f61cb7966f7161d9f9c0158e194fd54b8ac34f03c5238ef50425ebe458e2635d28d63417fbc539c37fa74d7c92 |
memory/2452-4699-0x000001A59B6F0000-0x000001A59B6F1000-memory.dmp
memory/2452-4695-0x000001A59B060000-0x000001A59B070000-memory.dmp
memory/2452-4747-0x000001A59B880000-0x000001A59B8AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nse19CA.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\8ad8af46\d483daa2_cd65da01\rsServiceController.DLL
| MD5 | 76ce8938c606231d04dee716cd8821bb |
| SHA1 | aa1875e39cb644e399afb00cbda3579b53b41e1d |
| SHA256 | c551260bb657c15f87cfc5b001b5570a45a1c7279928032de6e5902705410c7b |
| SHA512 | 92b8e397beb759674a96589e1fc385f9671a7ce3a538ab565da2198eab4d2e05dcc3c5eedf98b9a2214a296e502b2fe16ea196f5aafa77b816e209b431e9199f |
C:\Program Files\ReasonLabs\EPP\rsEngine.config
| MD5 | f64fac48dc7930a27d6c6cd47600edae |
| SHA1 | 9fe7d5aaecc51e29599adfc8e50c05642084c924 |
| SHA256 | 028d66176c993fd94178b82a5bbc954837f333a64db626cebc72e7ea8fa817e8 |
| SHA512 | 19ff3c2b0348fe232bf6d4dbc6caa0a94f0fb223c2686fff85c0a0b914497c577bf9f274c37eafcd5437bcf9f88d1ea5ed0488bae60ee6fe6bdc643bbb4b8554 |
memory/2452-4771-0x000001A59B740000-0x000001A59B741000-memory.dmp
C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys
| MD5 | 8129c96d6ebdaebbe771ee034555bf8f |
| SHA1 | 9b41fb541a273086d3eef0ba4149f88022efbaff |
| SHA256 | 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51 |
| SHA512 | ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18 |
memory/7148-4874-0x00000264CAE90000-0x00000264CAEBE000-memory.dmp
memory/7148-4880-0x00007FFD07EA0000-0x00007FFD08961000-memory.dmp
memory/7148-4887-0x00000264E54F0000-0x00000264E5500000-memory.dmp
memory/7148-4888-0x00000264CCA10000-0x00000264CCA11000-memory.dmp
memory/7148-4894-0x00000264CAE90000-0x00000264CAEBE000-memory.dmp
memory/7148-4912-0x00000264CCA60000-0x00000264CCA72000-memory.dmp
memory/7148-4913-0x00000264CCAF0000-0x00000264CCB2C000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 43fbbd79c6a85b1dfb782c199ff1f0e7 |
| SHA1 | cad46a3de56cd064e32b79c07ced5abec6bc1543 |
| SHA256 | 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0 |
| SHA512 | 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea |
memory/7148-5046-0x00007FFD07EA0000-0x00007FFD08961000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 376cd66a447c9f5741d665ed7bb8f0d5 |
| SHA1 | 5d462b9ef41dbeaa8004cb110d4a69909fc2e096 |
| SHA256 | ecd1a40b5b16d11ab70d2998aed610c522356cf6b3a05d465d8d6c8f3679259a |
| SHA512 | 3c044027f091be2dfcefbfa8b16c3f9abc71b97a3ce3db83fa58b08dab25eefc17d1642fb3653b969acecc6344ee9c44ef18b07d5109b3264d8ece2b5a26a366 |
memory/6784-5081-0x00007FFD07EA0000-0x00007FFD08961000-memory.dmp
memory/6784-5136-0x0000027FAF230000-0x0000027FAF596000-memory.dmp
memory/2452-5137-0x000001A59B060000-0x000001A59B070000-memory.dmp
memory/6784-5143-0x0000027F96550000-0x0000027F96551000-memory.dmp
memory/6784-5149-0x0000027FAF5A0000-0x0000027FAF71C000-memory.dmp
memory/6784-5155-0x0000027F965A0000-0x0000027F965BA000-memory.dmp
memory/6784-5156-0x0000027F96610000-0x0000027F96632000-memory.dmp
memory/5588-5173-0x0000022868CB0000-0x0000022868D02000-memory.dmp
memory/5588-5175-0x00007FFD07EA0000-0x00007FFD08961000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
| MD5 | 2afb72ff4eb694325bc55e2b0b2d5592 |
| SHA1 | ba1d4f70eaa44ce0e1856b9b43487279286f76c9 |
| SHA256 | 41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e |
| SHA512 | 5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e |
C:\Users\Admin\AppData\Local\Temp\jxfj4jpx.exe
| MD5 | d97d903c0a3bddd1178e3e03125afe3d |
| SHA1 | b63b5a000ccb219826fa1526687816703f4fcd87 |
| SHA256 | 467371d4ef420242c578bd15fc8ba36d945e90b6cb3fec1f75d37f3cd5af3815 |
| SHA512 | 113fe0a4f8d7b7fc69d9580608f471860a4b01282e2d84126d7db3107b38ab2315ee134789a4ee14eb2bba3772a06a6f1e88961e1a9642cca282e926372ad851 |
C:\Program Files\ReasonLabs\VPN\InstallerLib.dll
| MD5 | babb847fc7125748264243a0a5dd9158 |
| SHA1 | 78430deab4dfd87b398d549baf8e94e8e0dd734e |
| SHA256 | bd331dd781d8aed921b0be562ddec309400f0f4731d0fd0b0e8c33b0584650cd |
| SHA512 | 2a452da179298555c6f661cb0446a3ec2357a99281acae6f1dbe0cc883da0c2f4b1157affb31c12ec4f6f476075f3cac975ec6e3a29af46d2e9f4afbd09c8755 |
C:\Program Files\ReasonLabs\VPN\rsEngine.Core.dll
| MD5 | 96cbdd0c761ad32e9d5822743665fe27 |
| SHA1 | c0a914d4aa6729fb8206220f84695d2f8f3a82ce |
| SHA256 | cc3f60b37fec578938ee12f11a6357c45e5a97bd3bccdeb8e5efb90b1649a50b |
| SHA512 | 4dde7e5fb64ee253e07a40aaf8cbc4ddaaeeeafc6aeb33e96bc76c8110f26e2c3809a47266cb7503cbc981c6cb895f3eaae8743d07d6434997684e8d6a3d8eb0 |
C:\Program Files\ReasonLabs\VPN\ui\VPN.exe
| MD5 | 4d7d8dc78eed50395016b872bb421fc4 |
| SHA1 | e546044133dfdc426fd4901e80cf0dea1d1d7ab7 |
| SHA256 | b20d4193fdf0fe9df463c9573791b9b8a79056812bb1bba2db1cf00dd2df4719 |
| SHA512 | 6c0991c3902645a513bdee7288ad30c34e33fca69e2f2f45c07711f7b2fdc341336d6f07652e0d9e40fbac39c35940eda0715e19ef9dfa552a46e09e23f56fdf |
C:\Program Files\ReasonLabs\VPN\rsJSON.dll
| MD5 | 8528610b4650860d253ad1d5854597cb |
| SHA1 | def3dc107616a2fe332cbd2bf5c8ce713e0e76a1 |
| SHA256 | 727557ec407cadd21aa26353d04e6831a98d1fa52b8d37d48e422d3206f9a9c4 |
| SHA512 | dd4ff4b6d8bc37771416ceb8bd2f30d8d3d3f16ef85562e8485a847a356f3644d995942e9b1d3f9854c5b56993d9488e38f5175f3f430e032e4091d97d4d1f7d |
C:\Users\Admin\AppData\Local\Temp\nskF34C.tmp\tmp\RAVVPN-installer.exe\assembly\dl3\7299a347\b78307ca_cd65da01\rsLogger.DLL
| MD5 | 148dc2ce0edbf59f10ca54ef105354c3 |
| SHA1 | 153457a9247c98a50d08ca89fad177090249d358 |
| SHA256 | efe944c3ae3ad02011e6341aa9c2aab25fb8a17755ea2596058d70f8018122a4 |
| SHA512 | 10630bd996e9526147b0e01b16279e96a6f1080a95317629ecb61b83f9ebee192c08201873ff5df2de82d977558b2eeb0e4808667083cd0f3bf9f195db4890d5 |
C:\Users\Admin\AppData\Local\Temp\nskF34C.tmp\tmp\RAVVPN-installer.exe\assembly\dl3\1ee94433\50f9fdc9_cd65da01\rsAtom.DLL
| MD5 | 3ae6f007b30db9507cc775122f9fc1d7 |
| SHA1 | ada34eebb84a83964e2d484e8b447dca8214e8b7 |
| SHA256 | 892a7ee985715c474a878f0f27f6832b9782d343533e68ae405cd3f20d303507 |
| SHA512 | 5dd37e9f2ac9b2e03e0d3fd6861c5a7dcb71af232672083ac869fc7fae34ac1e1344bdfabe21c98b252edd8df641f041c95ea669dc4ebb495bf269d161b63e5f |
C:\Users\Admin\AppData\Local\Temp\nskF34C.tmp\tmp\RAVVPN-installer.exe\assembly\dl3\51bc0bf8\b78307ca_cd65da01\rsServiceController.DLL
| MD5 | 8e10c436653b3354707e3e1d8f1d3ca0 |
| SHA1 | 25027e364ff242cf39de1d93fad86967b9fe55d8 |
| SHA256 | 2e55bb3a9cdef38134455aaa1ef71e69e1355197e2003432e4a86c0331b34e53 |
| SHA512 | 9bd2a1ae49b2b3c0f47cfefd65499133072d50628fec7da4e86358c34cf45d1fdb436388b2dd2af0094a9b6f7a071fb8453cf291cf64733953412fdf2457d98e |
C:\Program Files\ReasonLabs\VPN\rsEngine.config
| MD5 | 04be4fc4d204aaad225849c5ab422a95 |
| SHA1 | 37ad9bf6c1fb129e6a5e44ddbf12c277d5021c91 |
| SHA256 | 6f8a17b8c96e6c748ebea988c26f6bcaad138d1fe99b9f828cd9ff13ae6a1446 |
| SHA512 | 4e3455a4693646cdab43aef34e67dd785fa90048390003fa798a5bfcde118abda09d8688214cb973d7bbdd7c6aefc87201dceda989010b28c5fffc5da00dfc26 |
C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog
| MD5 | db3e60d6fe6416cd77607c8b156de86d |
| SHA1 | 47a2051fda09c6df7c393d1a13ee4804c7cf2477 |
| SHA256 | d6cafeaaf75a3d2742cd28f8fc7045f2a703823cdc7acb116fa6df68361efccd |
| SHA512 | aec90d563d8f54ac1dbb9e629a63d65f9df91eadc741e78ba22591ca3f47b7a5ff5a105af584d3a644280ff95074a066781e6a86e3eb7b7507a5532801eb52ee |
C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallState
| MD5 | 362ce475f5d1e84641bad999c16727a0 |
| SHA1 | 6b613c73acb58d259c6379bd820cca6f785cc812 |
| SHA256 | 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899 |
| SHA512 | 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b |
C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp
| MD5 | d13bddae18c3ee69e044ccf845e92116 |
| SHA1 | 31129f1e8074a4259f38641d4f74f02ca980ec60 |
| SHA256 | 1fac07374505f68520aa60852e3a3a656449fceacb7476df7414c73f394ad9e0 |
| SHA512 | 70b2b752c2a61dcf52f0aadcd0ab0fdf4d06dc140aee6520a8c9d428379deb9fdcc101140c37029d2bac65a6cfcf5ed4216db45e4a162acbc7c8c8b666cd15dd |
C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp
| MD5 | afb68bc4ae0b7040878a0b0c2a5177de |
| SHA1 | ed4cac2f19b504a8fe27ad05805dd03aa552654e |
| SHA256 | 76e6f11076cc48eb453abbdbd616c1c46f280d2b4c521c906adf12bb3129067b |
| SHA512 | ebc4c1f2da977d359791859495f9e37b05491e47d39e88a001cb6f2b7b1836b1470b6904c026142c2b1b4fe835560017641d6810a7e8a5c89766e55dd26e8c43 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp
| MD5 | 10a8f2f82452e5aaf2484d7230ec5758 |
| SHA1 | 1bf814ddace7c3915547c2085f14e361bbd91959 |
| SHA256 | 97bffb5fc024494f5b4ad1e50fdb8fad37559c05e5d177107895de0a1741b50b |
| SHA512 | 6df8953699e8f5ccff900074fd302d5eb7cad9a55d257ac1ef2cb3b60ba1c54afe74aee62dc4b06b3f6edf14617c2d236749357c5e80c5a13d4f9afcb4efa097 |
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
| MD5 | 4646f4d652ddc1e8f4d63c1ec4cdf35f |
| SHA1 | 2c4d4ff5317934d4b557bc324ebf3398aa8fc613 |
| SHA256 | 828fd877f3c53d6d9a73ab624f6fd3a60f62201e17e62f97b35e281a4f92c61d |
| SHA512 | 55cf0d0ccb10c6b380e2b1e393a3028663dd469b0bfb8b6f81f08db8fa35c42a55f10e4233fde9b9d19c03e5110b4bc40f3d5b1c954d83bf1f02f0560f8441fc |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.15.1\Local Storage\leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.15.1\DawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.15.1\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.15.1\DawnCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.15.1\DawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Temp\nsaBD92.tmp\System.Data.SQLite.dll
| MD5 | 42e6e9081edd7a49c4103292725b68e2 |
| SHA1 | 62f73c44ee1aba1f7684b684108fe3b0332e6e66 |
| SHA256 | 788450452b0459c83e13da4dd32f6217bfb53a83bd5f04b539000b61d24fd049 |
| SHA512 | 99eab89bf6297fda549c0b882c097cd4b59fd0595ff2d0c40d1767f66fa45172ca5b9693dbf650d7103353f1e1fb8e5259bbcde3dfa286dee098533a4a776e8b |
C:\Users\Admin\AppData\Local\Temp\nsaBD92.tmp\System.ValueTuple.dll
| MD5 | 29e6ae1a1af7fc943752a097ec59c59c |
| SHA1 | 6d5c910c0b9a3e0876e2e2bbbce9b663f9edc436 |
| SHA256 | cc9bf1feeab1d76221508d6cc98e8bdc1603d5c600c5ed09c108e31b8bd3a6a2 |
| SHA512 | cc6d55e5fd23c89d73ecbddfa92c102f47f8fb93f2f6a41d2e79708e6a8d7c13c1961dcd07810db3135d2f8ddcbf3535fb3ea3d1fc31c617ca9b10f6b867f9a5 |
C:\Users\Admin\AppData\Local\Temp\nsaBD92.tmp\rsTime.dll
| MD5 | f1e592a7636df187e89b2139922c609e |
| SHA1 | 301a6e257fefaa69e41c590785222f74fdb344f8 |
| SHA256 | 13ca35c619e64a912b972eb89433087cb5b44e947b22a392972d99084f214041 |
| SHA512 | e5d79a08ea2df8d7df0ad94362fda692a9b91f6eda1e769bc20088ef3c0799aeabf7eb8bd64b4813716962175e6e178b803124dc11cc7c451b6da7f406f38815 |
C:\Users\Admin\AppData\Local\Temp\nsaBD92.tmp\rsDatabase.dll
| MD5 | d9cd9c6486fa53d41949420d429c59f4 |
| SHA1 | 784ac204d01b442eae48d732e2f8c901346bc310 |
| SHA256 | c82540979384cdcadf878a2bd5cbe70b79c279182e2896dbdf6999ba88a342c1 |
| SHA512 | b37e365b233727b8eb11eb0520091d2ecd631d43a5969eaeb9120ebd9bef68c224e1891dd3bac5ec51feb2aee6bec4b0736f90571b33f4af59e73ddee7d1e2ad |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Code Cache\wasm\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Temp\b25a3fe7-8b2e-47c4-96bf-5a414b8bef80.tmp.ico
| MD5 | f24013e3882e90cf21d9b9fa90ea75dc |
| SHA1 | 5e4fee12ab5d6ce0d69e4bab097a920c2fc0f668 |
| SHA256 | a396cfc9038a81ed52465b423c8684eec93e858c6fbbb926ba52f7024b25bc72 |
| SHA512 | ff0cf22f9f6342747493f2fa2e47c725b16f2b235a3e3942f3598e1105daf27940ef6586fbf5d901628f84b20703b89ba759a08d7f2a2cfa4763c46db233bfd2 |
C:\Program Files\ReasonLabs\DNS\Uninstall.exe
| MD5 | 51c0de01da9a26c8fa2e5c736a719c95 |
| SHA1 | 87796aa35e391f62dc5728844301a0026c6e19af |
| SHA256 | 4cd9e781ec6354d4b55e2b60697c6bffd2b95ed007577f1479bdb75f09cc5ee8 |
| SHA512 | 7f97f95b685cfa990c7fd5699e399529e35339c0e07e948edd6394648b0ba315935cbf3d89291479777bade84db58ec3ec8740f80a4aeafe8c5b681e666f73e7 |
C:\Program Files\ReasonLabs\DNS\uninstall.ico
| MD5 | beae67e827c1c0edaa3c93af485bfcc5 |
| SHA1 | ccbbfabb2018cd3fa43ad03927bfb96c47536df1 |
| SHA256 | d47b3ddddc6aadd7d31c63f41c7a91c91e66cbeae4c02dac60a8e991112d70c5 |
| SHA512 | 29b8d46c6f0c8ddb20cb90e0d7bd2f1a9d9970db9d9594f32b9997de708b0b1ae749ce043e73c77315e8801fd9ea239596e6b891ef4555535bac3fe00df04b92 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\0ef90b5d-f3fa-4170-8e12-c037805bacaa.tmp
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Temp\nsaBD92.tmp\tmp\SaferWeb-installer.exe\assembly\dl3\ad1b2baa\dc8bd6ed_cd65da01\rsLogger.DLL
| MD5 | 34d1913338ee6535fc54d110d207aa45 |
| SHA1 | 9b64cfc2afc31047b3fae98e5bd37d819c589a98 |
| SHA256 | b4bb345955ad8fef66abb6dfa622889ff1a21d122d4536b0d78487eb06c3b916 |
| SHA512 | f9d563025859922d324545d0d61880e8507db9ac530bbac84ff783af14289df3363dd6100bb90ae0ba43e16e1ac0026ecdc2c7976e883364e07d781c2c610d85 |
C:\Users\Admin\AppData\Local\Temp\nsaBD92.tmp\tmp\SaferWeb-installer.exe\assembly\dl3\fa60edc4\a65fafed_cd65da01\rsAtom.DLL
| MD5 | 574c235d2c8c863142a416fca77b56ef |
| SHA1 | 94243446bf206e0016c9a2be3e743ad81578855d |
| SHA256 | 111d7b95ed7deab9e2ee9ba05f719fefe5907b58e7ffb7d9e76da96e266b83c6 |
| SHA512 | 6a280abdfc09b7c66f7e8ac88215649eb8991eb84b4a4dcffc3016ead403f9b023c880b9b3fe516f8e863f954e4cf54a4a6400695ace4274f12c670485f47a9f |
C:\Users\Admin\AppData\Local\Temp\nsaBD92.tmp\tmp\SaferWeb-installer.exe\assembly\dl3\ad93b15d\dc8bd6ed_cd65da01\rsServiceController.DLL
| MD5 | dffac5c6540238457d747461f944f282 |
| SHA1 | 11d5f809bb972c0693eea5f1b6227cb8f8dab5dd |
| SHA256 | 64cdd30df31260b1a6ac650446256ca5a411b2894633525e3ba04beecce6db76 |
| SHA512 | 8ac2a74d2b13f0d8ebf4b4f1399f9979bcb4c2f15271c906c61de66c102e5e8ca3f38856208ed24f7ea93c79fe53d7a5d691d5182accaaf8efdcb6439cab2637 |