hxxps://geometry-dash[.]en[.]softonic[.]com/download

Analysis

max time kernel
112s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://geometry-dash.en.softonic.com/download

Score

8^/10

discovery execution exploit persistence spyware stealer

Malware Config

Signatures

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Downloads MZ/PE file
Possible privilege escalation attempt 4 IoCs
exploit

Processes:

icacls.exetakeown.exeicacls.exetakeown.exe

pid process

8288 icacls.exe
7636 takeown.exe
7480 icacls.exe
8908 takeown.exe

pid	process
8288	icacls.exe
7636	takeown.exe
7480	icacls.exe
8908	takeown.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

rsStubActivator.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	rsStubActivator.exe

Executes dropped EXE 10 IoCs

Processes:

saBSI.exersStubActivator.exel3jcekzt.exeRAVEndPointProtection-installer.exersSyncSvc.exersSyncSvc.exeLDPlayer.exednrepairer.exeinstaller.exeinstaller.exe

pid	process
7112	saBSI.exe
4404	rsStubActivator.exe
4904	l3jcekzt.exe
6740	RAVEndPointProtection-installer.exe
1128	rsSyncSvc.exe
5064	rsSyncSvc.exe
3764	LDPlayer.exe
6008	dnrepairer.exe
960	installer.exe
7524	installer.exe

Loads dropped DLL 8 IoCs

Processes:

LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exel3jcekzt.exednrepairer.exeinstaller.exe

pid	process
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
4904	l3jcekzt.exe
6008	dnrepairer.exe
6008	dnrepairer.exe
6008	dnrepairer.exe
7524	installer.exe

Modifies file permissions 1 TTPs 4 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

takeown.exeicacls.exetakeown.exeicacls.exe

pid process

8908 takeown.exe
8288 icacls.exe
7636 takeown.exe
7480 icacls.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
8908	takeown.exe
8288	icacls.exe
7636	takeown.exe
7480	icacls.exe

Registers COM server for autorun 1 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

dnrepairer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

installer.exeRAVEndPointProtection-installer.exe

description	ioc	process
File created	C:\Program Files\McAfee\Temp723974013\jslang\eula-hu-HU.txt	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-es-ES.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-pl-PL.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-sr-Latn-CS.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-es-MX.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-sv-SE.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\main_close_large.png	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\resource.dll	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\eula-nl-NL.txt	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-de-DE.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\analyticstelemetry.cab	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\eula-sr-Latn-CS.txt	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-hr-HR.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-it-IT.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-ko-KR.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-sk-SK.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\mcafee_pc_install_icon.png	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\wa-core.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\wa_install_check.png	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-el-GR.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jquery-1.9.0.min.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-ja-JP.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-sr-Latn-CS.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-zh-TW.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\settingmanager.cab	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-nb-NO.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-nl-NL.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-fr-CA.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-ru-RU.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-zh-CN.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-nl-NL.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\wa-ui-install.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\webadvisor.ico	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\eula-fr-CA.txt	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-fr-FR.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\wataskmanager.cab	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-cs-CZ.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-fr-FR.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-sk-SK.js	installer.exe
File created	C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe	RAVEndPointProtection-installer.exe
File created	C:\Program Files\McAfee\Temp723974013\mfw.cab	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\resourcedll.cab	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\wa-install.css	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-da-DK.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-hr-HR.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\eula-es-MX.txt	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\eula-sv-SE.txt	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-pt-BR.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-tr-TR.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\eula-da-DK.txt	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\eula-es-ES.txt	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\eula-nb-NO.txt	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\wa_install_close2.png	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\eula-it-IT.txt	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-es-MX.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\browserplugin.cab	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\downloadscan.cab	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\mfw-nps.cab	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\telemetry.cab	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\browserhost.cab	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-pl-PL.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-install-sv-SE.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-el-GR.js	installer.exe
File created	C:\Program Files\McAfee\Temp723974013\jslang\wa-res-shared-tr-TR.js	installer.exe

Launches sc.exe 5 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exe

pid process

8712 sc.exe
7288 sc.exe
7184 sc.exe
1792 sc.exe
8316 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Kills process with taskkill 4 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

4288 taskkill.exe
6356 taskkill.exe
3292 taskkill.exe
7076 taskkill.exe

pid	process
8712	sc.exe
7288	sc.exe
7184	sc.exe
1792	sc.exe
8316	sc.exe

pid	process
4288	taskkill.exe
6356	taskkill.exe
3292	taskkill.exe
7076	taskkill.exe

Modifies registry class 13 IoCs

Processes:

dnrepairer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}	dnrepairer.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

saBSI.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

Processes:

LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exesaBSI.exeLDPlayer.exe

pid	process
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
7112	saBSI.exe
7112	saBSI.exe
7112	saBSI.exe
7112	saBSI.exe
7112	saBSI.exe
7112	saBSI.exe
7112	saBSI.exe
7112	saBSI.exe
7112	saBSI.exe
7112	saBSI.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
3764	LDPlayer.exe
3764	LDPlayer.exe
3764	LDPlayer.exe
3764	LDPlayer.exe
3764	LDPlayer.exe
3764	LDPlayer.exe
3764	LDPlayer.exe
3764	LDPlayer.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exetaskkill.exetaskkill.exetaskkill.exersStubActivator.exetaskkill.exeRAVEndPointProtection-installer.exeLDPlayer.exe

description	pid	process
Token: SeDebugPrivilege	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
Token: SeShutdownPrivilege	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
Token: SeCreatePagefilePrivilege	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
Token: SeDebugPrivilege	6356	taskkill.exe
Token: SeDebugPrivilege	3292	taskkill.exe
Token: SeDebugPrivilege	7076	taskkill.exe
Token: SeDebugPrivilege	4404	rsStubActivator.exe
Token: SeDebugPrivilege	4288	taskkill.exe
Token: SeDebugPrivilege	6740	RAVEndPointProtection-installer.exe
Token: SeShutdownPrivilege	6740	RAVEndPointProtection-installer.exe
Token: SeCreatePagefilePrivilege	6740	RAVEndPointProtection-installer.exe
Token: SeTakeOwnershipPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe
Token: SeDebugPrivilege	3764	LDPlayer.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exeLDPlayer.exednrepairer.exe

pid process

6084 LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
3764 LDPlayer.exe
6008 dnrepairer.exe

Suspicious use of WriteProcessMemory 35 IoCs

Processes:

LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exersStubActivator.exel3jcekzt.exeRAVEndPointProtection-installer.exeLDPlayer.exesaBSI.exednrepairer.exeinstaller.exenet.exe

description	pid	process	target process
PID 6084 wrote to memory of 6356	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	taskkill.exe
PID 6084 wrote to memory of 6356	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	taskkill.exe
PID 6084 wrote to memory of 6356	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	taskkill.exe
PID 6084 wrote to memory of 3292	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	taskkill.exe
PID 6084 wrote to memory of 3292	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	taskkill.exe
PID 6084 wrote to memory of 3292	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	taskkill.exe
PID 6084 wrote to memory of 7076	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	taskkill.exe
PID 6084 wrote to memory of 7076	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	taskkill.exe
PID 6084 wrote to memory of 7076	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	taskkill.exe
PID 6084 wrote to memory of 4288	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	taskkill.exe
PID 6084 wrote to memory of 4288	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	taskkill.exe
PID 6084 wrote to memory of 4288	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	taskkill.exe
PID 4404 wrote to memory of 4904	4404	rsStubActivator.exe	l3jcekzt.exe
PID 4404 wrote to memory of 4904	4404	rsStubActivator.exe	l3jcekzt.exe
PID 4404 wrote to memory of 4904	4404	rsStubActivator.exe	l3jcekzt.exe
PID 4904 wrote to memory of 6740	4904	l3jcekzt.exe	RAVEndPointProtection-installer.exe
PID 4904 wrote to memory of 6740	4904	l3jcekzt.exe	RAVEndPointProtection-installer.exe
PID 6740 wrote to memory of 1128	6740	RAVEndPointProtection-installer.exe	rsSyncSvc.exe
PID 6740 wrote to memory of 1128	6740	RAVEndPointProtection-installer.exe	rsSyncSvc.exe
PID 6084 wrote to memory of 3764	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	LDPlayer.exe
PID 6084 wrote to memory of 3764	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	LDPlayer.exe
PID 6084 wrote to memory of 3764	6084	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe	LDPlayer.exe
PID 3764 wrote to memory of 6008	3764	LDPlayer.exe	dnrepairer.exe
PID 3764 wrote to memory of 6008	3764	LDPlayer.exe	dnrepairer.exe
PID 3764 wrote to memory of 6008	3764	LDPlayer.exe	dnrepairer.exe
PID 7112 wrote to memory of 960	7112	saBSI.exe	installer.exe
PID 7112 wrote to memory of 960	7112	saBSI.exe	installer.exe
PID 6008 wrote to memory of 6192	6008	dnrepairer.exe	net.exe
PID 6008 wrote to memory of 6192	6008	dnrepairer.exe	net.exe
PID 6008 wrote to memory of 6192	6008	dnrepairer.exe	net.exe
PID 960 wrote to memory of 7524	960	installer.exe	installer.exe
PID 960 wrote to memory of 7524	960	installer.exe	installer.exe
PID 6192 wrote to memory of 7644	6192	net.exe	net1.exe
PID 6192 wrote to memory of 7644	6192	net.exe	net1.exe
PID 6192 wrote to memory of 7644	6192	net.exe	net1.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://geometry-dash.en.softonic.com/download
1⤵
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4224,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4596 /prefetch:1
1⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4012,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:1
1⤵
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4828,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1
1⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5440,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
1⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5448,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
1⤵
PID:944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=3956,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5868 /prefetch:1
1⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6108,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:8
1⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6316,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=2144 /prefetch:1
1⤵
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6420,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6408 /prefetch:1
1⤵
PID:2924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6548,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:1
1⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6552,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:1
1⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6920,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=7052 /prefetch:1
1⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6856,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=7180 /prefetch:1
1⤵
PID:5276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6960,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=7232 /prefetch:1
1⤵
PID:5284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=7592,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=7428 /prefetch:1
1⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=7680,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=7688 /prefetch:1
1⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7836,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=7864 /prefetch:1
1⤵
PID:5736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=8016,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=8084 /prefetch:1
1⤵
PID:5808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=8108,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:1
1⤵
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=8352,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=8372 /prefetch:1
1⤵
PID:5904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=7792,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=8040 /prefetch:1
1⤵
PID:6040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=8468,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=8172 /prefetch:1
1⤵
PID:6128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=8520,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=7204 /prefetch:1
1⤵
PID:5584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --field-trial-handle=6868,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:1
1⤵
PID:5588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --field-trial-handle=7232,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6972 /prefetch:1
1⤵
PID:5820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=7224,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6908 /prefetch:1
1⤵
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --field-trial-handle=7772,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=7436 /prefetch:1
1⤵
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --field-trial-handle=7660,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6576 /prefetch:1
1⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --field-trial-handle=6504,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6512 /prefetch:1
1⤵
PID:5380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --field-trial-handle=7696,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=8752 /prefetch:1
1⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --field-trial-handle=8900,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=8912 /prefetch:1
1⤵
PID:5420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --field-trial-handle=8948,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=9048 /prefetch:1
1⤵
PID:6052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --field-trial-handle=9220,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=8904 /prefetch:1
1⤵
PID:5324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --field-trial-handle=9368,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=9236 /prefetch:1
1⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --field-trial-handle=9388,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=9500 /prefetch:1
1⤵
PID:536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --field-trial-handle=9208,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=9640 /prefetch:1
1⤵
PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --field-trial-handle=9776,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=9788 /prefetch:1
1⤵
PID:6032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --field-trial-handle=9372,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=10000 /prefetch:1
1⤵
PID:6280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --field-trial-handle=10156,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=9248 /prefetch:1
1⤵
PID:6584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --field-trial-handle=8824,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=7824 /prefetch:1
1⤵
PID:6856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=10092,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=10144 /prefetch:8
1⤵
PID:7072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --field-trial-handle=10068,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=10344 /prefetch:1
1⤵
PID:7080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=11400,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=11380 /prefetch:8
1⤵
PID:7136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10600,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=11508 /prefetch:8
1⤵
PID:6416

C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:6084

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:6356

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3292

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:7076

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4288

C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="C:\LDPlayer\LDPlayer9\"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3764

C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=459286
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:6008

C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
4⤵
- Suspicious use of WriteProcessMemory
PID:6192

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
5⤵
PID:7644

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
4⤵
PID:9660

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
4⤵
PID:8432

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
4⤵
PID:8552

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
4⤵
PID:7280

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
4⤵
PID:8936

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
4⤵
PID:9912

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
4⤵
PID:8004

C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:8908

C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:8288

C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:7636

C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:7480

C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
4⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\12CE8686-2F03-499E-A8CB-150D4A693B10\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\12CE8686-2F03-499E-A8CB-150D4A693B10\dismhost.exe {C067B5D0-4D17-4C17-9473-C35D003A93DF}
5⤵
PID:9860

C:\Windows\SysWOW64\sc.exe
sc query HvHost
4⤵
- Launches sc.exe
PID:7288

C:\Windows\SysWOW64\sc.exe
sc query vmms
4⤵
- Launches sc.exe
PID:7184

C:\Windows\SysWOW64\sc.exe
sc query vmcompute
4⤵
- Launches sc.exe
PID:1792

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
4⤵
PID:4848

C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
4⤵
PID:8760

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
4⤵
PID:2156

C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
4⤵
PID:11596

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
4⤵
PID:8400

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
4⤵
- Launches sc.exe
PID:8316

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
4⤵
- Launches sc.exe
PID:8712

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
4⤵
PID:1376

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
4⤵
PID:7544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=11516,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=11056 /prefetch:8
1⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
1⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:7112

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:960

C:\Program Files\McAfee\Temp723974013\installer.exe
"C:\Program Files\McAfee\Temp723974013\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7524

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
4⤵
PID:7932

C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
5⤵
PID:9668

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
4⤵
PID:8532

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
4⤵
PID:8944

C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
5⤵
PID:10068

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
4⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=ca3cb2ff4e1d5532e82becc833031c68f9575376&dit=20240519051532339&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4404

C:\Users\Admin\AppData\Local\Temp\l3jcekzt.exe
"C:\Users\Admin\AppData\Local\Temp\l3jcekzt.exe" /silent
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4904

C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\RAVEndPointProtection-installer.exe
"C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\l3jcekzt.exe" /silent
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:6740

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
4⤵
- Executes dropped EXE
PID:1128

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
4⤵
PID:7788

C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
5⤵
PID:7252

C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
6⤵
PID:9564

C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
4⤵
PID:3720

C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
4⤵
PID:9736

C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml
4⤵
PID:8020

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i
4⤵
PID:10312

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i
4⤵
PID:11144

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i
4⤵
PID:11236

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i
4⤵
PID:12116

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
1⤵
- Executes dropped EXE
PID:5064

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:8952

C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
2⤵
PID:9492

C:\Windows\system32\regsvr32.exe
C:\Windows\system32\regsvr32.exe /S "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
2⤵
PID:9516

C:\Windows\system32\regsvr32.exe
C:\Windows\system32\regsvr32.exe /S "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
2⤵
PID:9600

C:\Windows\SysWOW64\regsvr32.exe
/S "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
3⤵
PID:9616

C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
2⤵
PID:7648

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
3⤵
PID:8896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
3⤵
PID:8456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
2⤵
PID:1504

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
2⤵
PID:8264

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:10948

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
1⤵
PID:11208

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
1⤵
PID:12072

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LDPlayer\LDPlayer9\MSVCP120.dll
Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
C:\LDPlayer\LDPlayer9\crashreport.dll
Filesize
51KB

MD5
7d2b7e50bf352bcacd36ace10744bb75

SHA1
8e30304a46431422f8f980141f674416e554fc8f

SHA256
14bff3e96d291118952ed06f7f475f882b2c1ecc1eac9823c508c63c02fc9da0

SHA512
deb21e0633c48959ff20e7ab1884230e00f1b97d1e156a41b967521221f2e29412be040ddff649db9e03a5977654df744f1bb974091a7e5cabb2c859bfc869fb

Download Submit
C:\LDPlayer\LDPlayer9\dnrepairer.exe
Filesize
41.9MB

MD5
a04a36948ab451c5344aed3ed9a3f9aa

SHA1
c429b59db40462069c75706059d37348d4d8d6c5

SHA256
4879f7caca2ff3cda2bc551fc895ea24b06b6b61767659e8f55fb6317a28fb5e

SHA512
c549b03cd85de0b7be3e2783a6ee9fc09622a60750f43903a4a98f05f0d975384ddbf68ffcda5575c68cde2a9e8aa84bdc05e15174931ba5dd45dc5053f33056

Download Submit
C:\LDPlayer\LDPlayer9\dnresource.rcc
Filesize
5.0MB

MD5
70058f2d60daef1ccc7bbcba210f0ace

SHA1
ef214ade419a724272ac82e9de5233d7c0afa64b

SHA256
43b26f40e04ae6854569a01803541245abffcd130f1345191afd8bf6b0ca7873

SHA512
a0b3ca59ffad882fbff69012023eaa8aadb77d3ff1252562e5480e7dc3c9336afb3c5f58fb435246ec48c758d3c9d17ae9ea8a28f9d4766fad1a4c672cbf9b9a

Download Submit
C:\LDPlayer\LDPlayer9\msvcr120.dll
Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
C:\Program Files\McAfee\Temp723974013\analyticsmanager.cab
Filesize
1.8MB

MD5
dc4e5a62f9c5b04c8d3d20db961371f5

SHA1
12fb6ac6d3722a8bce60f77ca808e5959de95e02

SHA256
f43f800d8d85d7c5af3bbfa5b2ea13d183be8e8ad57f7a7fa4475bf603a693e9

SHA512
c684d5c877045855df3ceffa525dffbc53d55b3559d1dca19e10c586f2db7085cb395a6f933eccf8f2248e6338dcbad294b54014f1befb6b2534879413aa3531

Download Submit
C:\Program Files\McAfee\Temp723974013\analyticstelemetry.cab
Filesize
58KB

MD5
1d8f7c95a72a600b371e819b678be0f0

SHA1
7d544961dee72463f43afe8fdadd7a5bbb14a75f

SHA256
27f810a794170a97e430dc29a26169dec6bcea373ee000785ac089cac058770a

SHA512
95987dd1f3e2de393c9f5c201b89fe4a24d6581d7a036ad5124d5d9ccb9df76ada28dff504f87bb6abcb1b1d7a4832fb57e4204e6e5c9a882bfc823e7f3189a3

Download Submit
C:\Program Files\McAfee\Temp723974013\browserhost.cab
Filesize
1.2MB

MD5
ef297ee03d8ea0240a1821bcaccc1bb1

SHA1
01825ee74143242054e399d7dcd89c1e2edb692e

SHA256
b0004747c1da4ee30f93065bddda1e471338f07024d06e912cdf281333f7a0f3

SHA512
ac13a462e29b015990e2511eec9d8a3b6e224666b815a746294039296832a2699ea0f666b1a41efbe84fe145f213df297624ca69fec5f41533c247c289d3cb8d

Download Submit
C:\Program Files\McAfee\Temp723974013\browserplugin.cab
Filesize
4.9MB

MD5
3afc7a2ed10d7804ee588a669a154ab2

SHA1
b5cc1d0eb51e389fd5c49a0ff354ca576e402f7d

SHA256
f7f7c0fabe6d53a3e09aeb38648302523cdae1efb427205661c5567257156313

SHA512
b3d4770cb4f9c7ca98f2d655dc7bfeac06e49cabf6934a043c92e9b8959994cae55006190e88f9684dd747e26a060de80c38b922a15a0f03d0325f2915f23c34

Download Submit
C:\Program Files\McAfee\Temp723974013\downloadscan.cab
Filesize
2.2MB

MD5
830597a39c23a1d6234ef1eb5f9476e2

SHA1
ebb05cfb80da8a6d95b4123833f6b7f0c9230328

SHA256
dce5dc71a095b82388b5945ddbdfed67a25686df0e89a3ef64681eb6a85743da

SHA512
7aa363ffbb13cbf35db4da3ca5c56588cab5737b8eacea273ba0f94c7014c849f0f080b6fdfa7a72d4981af6f4fc3aec9c5b173e0a744c9b28cd597b8c7784ed

Download Submit
C:\Program Files\McAfee\Temp723974013\eventmanager.cab
Filesize
1.5MB

MD5
4d640a7698ce8a63be145717d1384bb7

SHA1
2aba5a5d24b66cb49da317311b8a531f993a170f

SHA256
de0b3de2af79a643e4b7712563a486786f470574792ab2e655aeeb20686ac116

SHA512
f268c6cf2c638ca16aafa26c2da8cf7822c0ff2415d56df31ea91a2d79380012ef388e7a67be508c4f5f5a2f6d54e3c4ca3ee26ee7c4aeb576c69fffc49be25b

Download Submit
C:\Program Files\McAfee\Temp723974013\installer.exe
Filesize
2.9MB

MD5
b2b02a72e98408c9e0ebd5036bd7a092

SHA1
6d95b41ee0b8d6445e8d52048b4013afaf78109c

SHA256
b2c1ad8af3439bc7458130400bd213dd3db5aee8f49e295027c97b11dbe6bf58

SHA512
b74afa38d91f41b0ffd445999905d6a2f2a88bd796b0ced6c55db10de62c7ee468cc27e94f701bca59cfa6819b22869ce33193446cec0db69eccec1dfe85654f

Download Submit
C:\Program Files\McAfee\Temp723974013\l10n.cab
Filesize
274KB

MD5
5ccc4c0645e5c35756c7a2e8bd6368f1

SHA1
8fb2662037c528993ea3ed80c6384f7b2cfafbff

SHA256
3e3df2de1e9122e6f0c556e1fd557829a6f05c1d95e56ebfe7f25865825157c7

SHA512
63da51cf8beb96f7fa3d27bd62e6655870c8e193809848450ccdd36dd28765e240279af744a54c586431e28cc02312c00ba439a205fe8725059927a3a316157e

Download Submit
C:\Program Files\McAfee\Temp723974013\logicmodule.cab
Filesize
1.5MB

MD5
9501b1366feb857135e5d252618c1eee

SHA1
75c2463c0414bd7a446fae59818b5e09079f1bf0

SHA256
2d0ae00abb55e00f80a39a155272839d315f2c874ce597c3b2c49f89e8a34321

SHA512
05ddf40cc35a4d087033e9fa60c61e783e254d1d7f826078588a275502ea5f0ad68788213f73e8281262facaabbc80f613215d2a1f876e89948b8835cd0a19f9

Download Submit
C:\Program Files\McAfee\Temp723974013\logicscripts.cab
Filesize
57KB

MD5
3b9b80964bbfecac64f133b8969a7afc

SHA1
3bcd2415169b348bbc88b23285e71ac898c7c617

SHA256
1883bb949ed1f2f180a418b06745168a7123b378339f6bfccaae7a1acbdbfbf6

SHA512
8ca928177f69b5238639c5e11dbfdc02fd1d2bd46e3ff72c67f24965cb754c16ff72af730a2e31ccf95390fd41e03c354353bbde68711a7f76fc4b38681136fa

Download Submit
C:\Program Files\McAfee\Temp723974013\lookupmanager.cab
Filesize
985KB

MD5
ccd008b192ef72a73b1cde8e8da62d9c

SHA1
e907b1f670e0336fdc5085e30447b3accd932a3d

SHA256
7b6edb3ff653a4e35d46b7df1d38758bdf818de7c11b58960933aa60d0b9906c

SHA512
089c1ff9947ae2add2700580ca9481bf4dee7b258431bf8d25efb4fe8682ddca4f85956c3037919888c959a9a823889959dfce1f9a1b84938da5359dbbf39aba

Download Submit
C:\Program Files\McAfee\Temp723974013\mfw-mwb.cab
Filesize
31KB

MD5
1753f1f1a623519d38631a1ff7237fb2

SHA1
b3f2e94372d3bdbde8c99593f68d93fd224999ff

SHA256
83f3e39419cc39af3b448b12ce9223b9f1ab344d5fce9c0bddb8553ef8058cd4

SHA512
34a62b1c61ec80c07ef9df669d7de77bd671b801289f8bb2739f57f989281e96513489a90e9a5872ef949ffb559b2036e9ef4afb4d6066921075b0d71ec66bc4

Download Submit
C:\Program Files\McAfee\Temp723974013\mfw-nps.cab
Filesize
33KB

MD5
006acd223a6f124b6d18dc54e518027d

SHA1
cad740d4f3228ddb9518a0baad6c75dd5765d88b

SHA256
22ffacd39ac79e89a2b90c4e7a4a7c7cf6d9c2e08e8e3821217770a727278b45

SHA512
8a21c1cdb957c1524122e992af6f6919ee915a8602fb63195fe3cf77984cdccbcffa79dea64ff87a8306d88b2bf79c4d18541468f5bfbcadcefb082e6db946b1

Download Submit
C:\Program Files\McAfee\Temp723974013\mfw-webadvisor.cab
Filesize
902KB

MD5
b180379055383f30732d39eb0269c79b

SHA1
050de5a6a4fd8297e31259f0e99343648d798a5d

SHA256
e53a3fe148a06433db5f6b1c880a47836d7a55cabcc96eeecc1ac82df95f8c90

SHA512
f8d60ab6c6f266d48cf828ccae7d0b54381e49e8ebe5cef6ef5a74a7158873627f378d7f6fdee6e55ccf516cde1876b442330723590454fd0982315c9755f351

Download Submit
C:\Program Files\McAfee\Temp723974013\mfw.cab
Filesize
310KB

MD5
6da354da78b5a7c52be22572eb5efc55

SHA1
791b010349c7397157a97106b7336f008bcd5eff

SHA256
638278c1247e614fcdcc34892738a8e43f39c0d8b44848b4debf9021e4888903

SHA512
53aac6eae168a28be0ce4181a21633db6b0a64e41673ffb8c0620d901cea59a4bc59476be85da37834ba2fc61019a0e7eb82bd0a4d98da9e3b42a0cfc3924c7f

Download Submit
C:\Program Files\McAfee\Temp723974013\resourcedll.cab
Filesize
50KB

MD5
08b4e5d3f3b19bf35be7e71f107c5e18

SHA1
64672efa144601751bdcd50f217b15c767a15dfb

SHA256
f39012b54ba8ab45afeb81257fee103d8e96f74eee8abfdad1156dce80f19254

SHA512
cb28690c7cf4ab22e849a8f3b3fc3e2dddb971f0e51f32516dc6461acdfe03e5b52a9694fb37210a41aa6d26fd61a31478f458fc0b3c23a43aae0c14ba157536

Download Submit
C:\Program Files\McAfee\Temp723974013\servicehost.cab
Filesize
317KB

MD5
d2ac362ff38fea03b7b06b8ec47cbed0

SHA1
1dfc1d653c753fa0cf03f7277176ff539475d87c

SHA256
88a6f34ca571ecbcefdb56ca59d1772cc4db96856a67a3f4b00c4f4841919508

SHA512
0dc34db6b73a58b10271f273e0cd4da2cb0cd76895debef5e7d7322af4624049fd49adf650e3346e18e32133f28393f8b5c2b67304d2bc7d88becf9bce47c90c

Download Submit
C:\Program Files\McAfee\Temp723974013\settingmanager.cab
Filesize
788KB

MD5
c0c685dd96b3f9a94a10197e4dfcc851

SHA1
b8745c84e5a573b7a5349001213229d704579719

SHA256
6ed8c980565ef3f3a091e4a8cf314dddca86e38465b62450a9c6ab153811c8e2

SHA512
03e1d8835b2845d529ee54487b8fe2abe63c82f28697bdd1115e2f7c40b24c0df8cca93e6b8d58b08e52bb4082f0131940917204ee552c85565ac7b515fbc492

Download Submit
C:\Program Files\McAfee\Temp723974013\taskmanager.cab
Filesize
1.2MB

MD5
8cf6c31c071ee0b2d40bd3b573412bb2

SHA1
d35907dc3c0a3dab95e9283ed240f92d9447eaa8

SHA256
ddccc80534f3a777be411a85e123a1e9e5a027a667099de9eb8079012b15c11d

SHA512
5b986dfceead00dd4f6feaf1d0c38e20f15148f5e57b1c13647aa788695f4ec082a1838b99c6d104359011bc2546c5ed10e6d3aa9f5bc4ebad5c2776aa11da56

Download Submit
C:\Program Files\McAfee\Temp723974013\telemetry.cab
Filesize
90KB

MD5
93d7bcc823aff1fcb98f1a913dadea1f

SHA1
01256549663cec9d6eb7e51d1d976111090f829f

SHA256
bf80c0e6f1b2ed8e7f2d72d8f4fda1c6fdb35f60aa75914e8b4867175b981759

SHA512
cc428ad9705140631a527968c5bef77acc00ed927a13a5433360b6444f4d492514d89d9bb5b68244cfeac8c1757f3c8ed95b0421b404bc3653903d0f6ac7100d

Download Submit
C:\Program Files\McAfee\Temp723974013\uihost.cab
Filesize
312KB

MD5
90a174f59ac31acafd2d4df00a661ec4

SHA1
483c58d8a0a4164e21cd503a805c42d95e62bc85

SHA256
96143a282e06a937a511619cabba7cef75b236b1e0c3e110b41efba47e9f2f9d

SHA512
77d389628ee12c1c55f591dac3d0a1fc34ab684dbd3302df4796d35a1bbd466d6518dcd1fd48b1ef07f2930e7b81bb2b04ad70b7d6254fa3df2e0b981e2d0f05

Download Submit
C:\Program Files\McAfee\Temp723974013\uimanager.cab
Filesize
1.7MB

MD5
96e263c704eb690d769c95b1c34d03ea

SHA1
6902e7c2f81c238a1a19994a2f22231204bac752

SHA256
d1ccfa367f07a6e271ed67f1f3f8f3936edfb6274d66a80086e9cdbb47931e0c

SHA512
a2e83fbe91c04305bce0eed423c8e0831e4d98c07224aaf59d8feb961f54eced4e569b9bccc751af718e263945a2cde0f3b3294a1a4dd61e6a437a1a7304b80a

Download Submit
C:\Program Files\McAfee\Temp723974013\uninstaller.cab
Filesize
970KB

MD5
2319c2aa297f5fcdd8956458f94d1a1e

SHA1
e0c9a5398274bdbe17163200df8b9200543b4de5

SHA256
adc108549827342ae93ed7163a61cca1296824b3be54e266dc5c779f8a7a87c0

SHA512
6778e179ee471c613947b729f6dec579f6b50640b46336b97bab5ee468371b681885058af4cabf6842294e868a03d72fd6e10b76f181f2defb9e516cfd38716c

Download Submit
C:\Program Files\McAfee\Temp723974013\updater.cab
Filesize
951KB

MD5
7b483cbd80605019bc216f9babdee9cf

SHA1
ef89717ff63335bb0689b7aea4acbe512d291cb6

SHA256
4939f02ac5bef2bf850dfde34902dc84101125b0ac3cb0ed71b2dcb9459b833e

SHA512
924c0732fbfbe01df6055973e2005dc084314edc16867b32d9f7356ad24ad3756cc2bd8ffbbd5b50b5553edf285a92c51c33b0682557e66227e89b95d04d3edf

Download Submit
C:\Program Files\McAfee\Temp723974013\wataskmanager.cab
Filesize
2.8MB

MD5
a4dfa367963fd3e46210d3bd0b4102b1

SHA1
9dd28c37af5b86c1f20e52933cf9ea47dfe1fc60

SHA256
f4670f2db3e33f2130b636af2faa495a52532ec304a58014ae2128242aea5047

SHA512
339ca24709b5577fd3b20170c6b6e75d80f19408b67fb3188b5b9e1de7a67a5ff2f5eb8002519ba9ca8609aee0b30858fca02cc455c5f4db15f493a3f3ff8f6a

Download Submit
C:\Program Files\McAfee\Temp723974013\webadvisor.cab
Filesize
22KB

MD5
354ba45bc1f16f0f644723e2660e3ca0

SHA1
cdab1b7a3ce71eb13eec62b4cadc1ea5fee6da45

SHA256
b436cf419f88f409a7d27b43b5932c6e381c5b6a93a323b64051cd7c5ef59ce5

SHA512
e381fd66dbdc9b5d839b95556d0085d550c2a00ba1fb0430d41ca4bfd14c7dac21eaca57ea393ad7e953940300deb14679e9db7a0fd54f9fe0729a4be009e456

Download Submit
C:\Program Files\McAfee\Temp723974013\wssdep.cab
Filesize
586KB

MD5
784f7df7907c8bbb77cfdec26176b715

SHA1
cf5792a14c9311e2b98a3122d59178ff536e4c2d

SHA256
4d49923aaaadf6a7dd4f9c093dbb6878a00363a3e0a18e5bcc54e61175aa8d80

SHA512
4e3edadf6939fc8a6fd1acef72460d782397ef7a6e7abce7ca1a17b6e3e7bdda54398091b6be7547333d50b79f2faa08dd02c17a53900a12d3c83e296b5cde2e

Download Submit
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
Filesize
73KB

MD5
6f97cb1b2d3fcf88513e2c349232216a

SHA1
846110d3bf8b8d7a720f646435909ef80bbcaa0c

SHA256
6a031052be1737bc2767c3ea65430d8d7ffd1c9115e174d7dfb64ad510011272

SHA512
2919176296b953c9ef232006783068d255109257653ac5ccd64a3452159108890a1e8e7d6c030990982816166517f878f6032946a5558f8ae3510bc044809b07

Download Submit
C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll
Filesize
646KB

MD5
29d2c8df586879a81d8b4e21c1916a4d

SHA1
221ee1eb754113636bdacd00a18f9e59661f4ebc

SHA256
ce6d31f4ca28d5ede624fd724e8a99cfb47776391a4339090b1abbbf7a0be4d8

SHA512
7cdbc57d37db1468960f871f55e639feee954661e0d159a38eccef6c2270606e32ad49779fe409ede69cae960fcfbc52e309115d7796a27ffae914a256377130

Download Submit
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
Filesize
248B

MD5
7c9b77fe49d24ef989c12e52bba2b7bc

SHA1
37b9ee5a72f1387776e3dc67c7c3ebeb2effac7a

SHA256
2dd1c9e0e4cd57cda19b20412556e7b6d536c1e82b7913976ad6e4774d52ca60

SHA512
9f52be631ca374c090639c4de41d6bd64805870d39545a40d7567a80e936c901a4123d9e42eb92f83e1504de6dabcadedf59363b8ccbb9ccc909794903fae529

Download Submit
C:\Program Files\ReasonLabs\EPP\InstallUtil.InstallLog
Filesize
616B

MD5
8a0b93abf7961a386f153a4165e099f1

SHA1
388165bcf6100b6a6c69cc51693716116e4c4896

SHA256
e1eee4a919996c03ff2a0f0a3617e48bbcdf3c41c9535466de7a02fcdcae680a

SHA512
36972b5ffdde91754c3d2a336856f9bbe9f5bc7fded2420ae8f1ba66df905b0e189327eecc6eff9deb3df29c288dfb60aa16c8f9dbe501e449b92a67aaf5edac

Download Submit
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
Filesize
333KB

MD5
555033ada2832dbb1fe7c44beaf9851e

SHA1
5d58f893215b1a776a02ec19cc5fe3c35f59ef42

SHA256
24b19c67ff6b6492e76cb525b88489f93c5fe4e6910d146b0bc9d0a7dc890e2c

SHA512
7b50527d69e411aea832711f51d29da84a05a51d6ab4b5f4e754be565bb9bd41ef08051ea366e8d6061abc26abb1377775b29ce63876bf788b6b19b9a2eb3063

Download Submit
C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys
Filesize
19KB

MD5
8129c96d6ebdaebbe771ee034555bf8f

SHA1
9b41fb541a273086d3eef0ba4149f88022efbaff

SHA256
8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51

SHA512
ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

Download Submit
C:\Program Files\ReasonLabs\EPP\mc.dll
Filesize
1.1MB

MD5
84595dac668b842a044a3045e2245627

SHA1
f9eb2f8c19b28743e095ac3cd510d8b85e909c20

SHA256
747ccb6d77d99aeb867b08b92e9804ae222f1809d767359f8535adf8f5e03e5b

SHA512
8564bd487e002f300c636936fc26d8019135a43ae71797424c9ec161c466346a24dd420339c628dc7566b67cc0c64d93f055061700aaf1c62a1db56bc0e7ea27

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
Filesize
347KB

MD5
4886ebd59ff6473e5953f1c0500fbb3e

SHA1
1be2d630be3d2662665bd79c92fbbc5d75327335

SHA256
55afb6b03acf5666b639952ea09318f2431dda0e2e7486d50c2be49be848c02d

SHA512
b0c4faf8b10162a175da075cca7e5ca179de62704b27464f1855a73dbf6a545050f828c1ca47148b6e31574d52fcdaaf86374771ef35619406552a81b9ffbd67

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngine.config
Filesize
5KB

MD5
9ac767636384aefbe78cf0287a6a4873

SHA1
aa707666cc97b654c3001c57b39d45950e253fd9

SHA256
b34c5a5f66a49de1ab02487e15ab6d0a667244f2aea3f95afdc7a5ed1c1d735c

SHA512
ed9114ec6dab10067a6e9d326658bfe567d7d07bb95c514f428813d3a9512225edf5ed9de773114c231535c3761a84ecf15e97d082b97e690eabf4134f8f689b

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
Filesize
257B

MD5
2afb72ff4eb694325bc55e2b0b2d5592

SHA1
ba1d4f70eaa44ce0e1856b9b43487279286f76c9

SHA256
41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e

SHA512
5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
Filesize
660B

MD5
705ace5df076489bde34bd8f44c09901

SHA1
b867f35786f09405c324b6bf692e479ffecdfa9c

SHA256
f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950

SHA512
1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7

Download Submit
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
Filesize
370B

MD5
b2ec2559e28da042f6baa8d4c4822ad5

SHA1
3bda8d045c2f8a6daeb7b59bf52295d5107bf819

SHA256
115a74ccd1f7c937afe3de7fa926fe71868f435f8ab1e213e1306e8d8239eca3

SHA512
11f613205928b546cf06b5aa0702244dace554b6aca42c2a81dd026df38b360895f2895370a7f37d38f219fc0e79acf880762a3cfcb0321d1daa189dfecfbf01

Download Submit
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
Filesize
606B

MD5
43fbbd79c6a85b1dfb782c199ff1f0e7

SHA1
cad46a3de56cd064e32b79c07ced5abec6bc1543

SHA256
19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0

SHA512
79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

Download Submit
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
Filesize
2.2MB

MD5
0678a30cb21fd2f510d570ded7ff1641

SHA1
a25625e520e5a39ce0e536096f75edbcdd49ddab

SHA256
345442b06ec29a461ad61bb35e13d7c8d87ee136b9ad172f12b17b2a9da7c69b

SHA512
7de35b4861a1ce05b34244773644b9f8039a0e2795432007762c0149978d1917d4007e79df793faaece4106cf6de7f991d753749529ec1753a92d122c63f6696

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
Filesize
1KB

MD5
53a30d293ca5332b8ff486c3f2caccec

SHA1
c894b5bd761e5693af91bd4d145e2434740ba0b7

SHA256
21f9090356c804582ec05d7c9b4f2abdbd0bbb22c9a9de035b2e6caf7014284d

SHA512
ff14862bec578fc89b3dfa8e31d71a05b4b9a6c47604381627d3f0c27bcba88a6232fa7a5df866b4122ebee9094779b1528595dd7206e3e9a303985e39fd1d70

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
Filesize
3KB

MD5
f84315968c8237414738095c61541119

SHA1
ccc7e20b2118ff69a676960f554e8062a5fb2fe4

SHA256
64558e4178265a04186e00c56203f03a4ffbf0b5de6b3f4e7a4e031511a3f57c

SHA512
ea1bbfb7a8dd852401f485b5a7e6a27294c79b7faa33e69b15c2a83786bdb1d55208dd54f3c99e64056d206aae88ac97b070cab7d14f7a187eda05c0436d8121

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
Filesize
6KB

MD5
d7cb03df4a80949512e80571825a6161

SHA1
da32cf13e52df1bd4f5c4f37c45876ff358b280e

SHA256
10e33f2e72238e833d82abd0f3dd9931cfd46ea8969d9edd18c09dcb835087e5

SHA512
3d4b90d3aa31a1008ff6fad69fdea4692310504e17e522afb3845a932bf4d70cbdc6144d292a05e93281a4efd8d31a3fb070f32924c7e45ca478a78b0af1c261

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
Filesize
1KB

MD5
76285a60d8c1fc2a02c8ec5c832baef1

SHA1
650e8e8bd2f92461da1d46e74f7cd1854dc47c1c

SHA256
6c5b07c8ecc3f232fa62260b6460fe577cc6490b1adead858a7f1aa9237ba5a1

SHA512
2141ef81dba55dd702d2ab03735c358ca0cf411f5b8a4b23c5e857c4a7478a0adfa0fb03f5ba659710e489718c6e0e8f84e5ba5b529cb46134d8b2bc121acb76

Download Submit
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
Filesize
28.0MB

MD5
58b8915d4281db10762af30eaf315c9e

SHA1
1e8b10818226fa29bfa5cdd8c2595ba080b72a71

SHA256
c19df49f177f0fecf2d406ef7801a8d0e5641cb8a38b7b859cbf118cb5d0684e

SHA512
49247941a77f26ab599f948c66df21b6439e86d08652caa9b52ffbcefd80a8c685d75c8088361c98dde44936e44746c961f1828a5b9909fecd6ce9e7e6d2f794

Download Submit
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
Filesize
44KB

MD5
9279307d9b3fb30d6ea34e90e133f1cc

SHA1
209de78594941722aafec68a337180fb5b427b27

SHA256
f9e263c5bd24bad827a79c49602e829f6b059b383c55892e6f56f8432e52e0cd

SHA512
1b95e37b00a23b0b8b919416ffd5e59d8a31b8792f18024089d8d616d807957dbd5fd93c8fc1754c52456f390fd6802c676c527f4aeee6f842fdf85c5c1cc42a

Download Submit
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
Filesize
1.1MB

MD5
143255618462a577de27286a272584e1

SHA1
efc032a6822bc57bcd0c9662a6a062be45f11acb

SHA256
f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4

SHA512
c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
Filesize
79KB

MD5
d9cb0b4a66458d85470ccf9b3575c0e7

SHA1
1572092be5489725cffbabe2f59eba094ee1d8a1

SHA256
6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05

SHA512
94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oy3qzlu0.y0k.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\l3jcekzt.exe
Filesize
1.9MB

MD5
3954e8fc92acadf8d0f53f7eb1be9a16

SHA1
7cd831b61e5c8770530b6209c770640d7428d7ac

SHA256
b46f032a3248dd017e7f1fd40c3aed4c0c9dc8b01749092e46296033a7ffe6b5

SHA512
5aca20a5ea492daafcccf040dac96c538e8581ac1e991b3646551b4761717844dc2de01f79dfa209f4e6b81075c1fe375c5fb221dc31a067c43f67c5056b3583

Download Submit
C:\Users\Admin\AppData\Local\Temp\mwaA138.tmp
Filesize
161KB

MD5
662de59677aecac08c7f75f978c399da

SHA1
1f85d6be1fa846e4bc90f7a29540466cf3422d24

SHA256
1f5a798dde9e1b02979767e35f120d0c669064b9460c267fb5f007c290e3dceb

SHA512
e1186c3b3862d897d9b368da1b2964dba24a3a8c41de8bb5f86c503a0717df75a1c89651c5157252c94e2ab47ce1841183f5dde4c3a1e5f96cb471bf20b3fdd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E5F.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\Microsoft.Win32.TaskScheduler.dll
Filesize
341KB

MD5
a09decc59b2c2f715563bb035ee4241e

SHA1
c84f5e2e0f71feef437cf173afeb13fe525a0fea

SHA256
6b8f51508240af3b07a8d0b2dc873cedc3d5d9cb25e57ea1d55626742d1f9149

SHA512
1992c8e1f7e37a58bbf486f76d1320da8e1757d6296c8a7631f35ba2e376de215c65000612364c91508aa3ddf72841f6b823fa60a2b29415a07c74c2e830212b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\RAVEndPointProtection-installer.exe
Filesize
539KB

MD5
41a3c2a1777527a41ddd747072ee3efd

SHA1
44b70207d0883ec1848c3c65c57d8c14fd70e2c3

SHA256
8592bae7b6806e5b30a80892004a7b79f645a16c0f1b85b4b8df809bdb6cf365

SHA512
14df28cc7769cf78b24ab331bd63da896131a2f0fbb29b10199016aef935d376493e937874eb94faf52b06a98e1678a5cf2c2d0d442c31297a9c0996205ed869

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\rsAtom.dll
Filesize
156KB

MD5
9deba7281d8eceefd760874434bd4e91

SHA1
553e6c86efdda04beacee98bcee48a0b0dba6e75

SHA256
02a42d2403f0a61c3a52138c407b41883fa27d9128ecc885cf1d35e4edd6d6b9

SHA512
7a82fbac4ade3a9a29cb877cc716bc8f51b821b533f31f5e0979f0e9aca365b0353e93cc5352a21fbd29df8fc0f9a2025351453032942d580b532ab16acaa306

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\rsJSON.dll
Filesize
218KB

MD5
f8978087767d0006680c2ec43bda6f34

SHA1
755f1357795cb833f0f271c7c87109e719aa4f32

SHA256
221bb12d3f9b2aa40ee21d2d141a8d12e893a8eabc97a04d159aa46aecfa5d3e

SHA512
54f48c6f94659c88d947a366691fbaef3258ed9d63858e64ae007c6f8782f90ede5c9ab423328062c746bc4ba1e8d30887c97015a5e3e52a432a9caa02bb6955

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\rsLogger.dll
Filesize
177KB

MD5
83ad54079827e94479963ba4465a85d7

SHA1
d33efd0f5e59d1ef30c59d74772b4c43162dc6b7

SHA256
ec0a8c14a12fdf8d637408f55e6346da1c64efdd00cc8921f423b1a2c63d3312

SHA512
c294fb8ac2a90c6125f8674ca06593b73b884523737692af3ccaa920851fc283a43c9e2dc928884f97b08fc8974919ec603d1afb5c178acd0c2ebd6746a737e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\rsStubLib.dll
Filesize
248KB

MD5
a16602aad0a611d228af718448ed7cbd

SHA1
ddd9b80306860ae0b126d3e834828091c3720ac5

SHA256
a1f4ba5bb347045d36dcaac3a917236b924c0341c7278f261109bf137dcef95a

SHA512
305a3790a231b4c93b8b4e189e18cb6a06d20b424fd6237d32183c91e2a5c1e863096f4d1b30b73ff15c4c60af269c4faaadaf42687101b1b219795abc70f511

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\rsSyncSvc.exe
Filesize
797KB

MD5
ded746a9d2d7b7afcb3abe1a24dd3163

SHA1
a074c9e981491ff566cd45b912e743bd1266c4ae

SHA256
c113072678d5fa03b02d750a5911848ab0e247c4b28cf7b152a858c4b24901b3

SHA512
2c273bf79988df13f9da4019f8071cf3b4480ecd814d3df44b83958f52f49bb668dd2f568293c29ef3545018fea15c9d5902ef88e0ecfebaf60458333fcaa91b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\0354a68d\e86ec3cb_aba9da01\rsLogger.DLL
Filesize
178KB

MD5
572db1ac3da7e1de6d7df097ca616967

SHA1
aab90fe5b4f4f299035dbbab8ab5195c434264b2

SHA256
e2321f6c4f330c2856f047f713143d1e777a6bae47858d92f2861f9f64cda521

SHA512
07ce10821cc26345450b63af39b6288b58d113604fe837c3c4eaa4f062c6756b0f4f0dbae02e621b57fdf60b7412f42cc20cbfc55e1a40c6943eff543acc9037

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\89105d57\e86ec3cb_aba9da01\rsJSON.DLL
Filesize
219KB

MD5
a10d8940e7153cf5bdec83f51481b48a

SHA1
98915a7da3e830eb9a081393a6477d3d5c6722f3

SHA256
6d6c8530e2d203a7dd838ddffe1ab1a21919a78608e26c80f9cf781c16c1cb83

SHA512
954ae7972b625307e0b123ac35a722d82453c012938f1667fb867639a23a89a3e8e9daca1a7ab0fe906886bf11d2b2c0535eaa663f0b2850412d19202ffcc15f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\96f93875\e86ec3cb_aba9da01\rsServiceController.DLL
Filesize
174KB

MD5
3d83a836aec36f388628c88589f78d4b

SHA1
9d567d79a58f14e51ff1919379a8d9e218ffcb5a

SHA256
bf1e77211fe2a32efc6ef1833ffd23f3e720e6ecd363fa5f7199a4c863d41b70

SHA512
01892e60e44697af7f2988dc6cb0ee8b6b1f0b95374cf55a331dd92a6e856b4cb41f173c00c2519fdc20190dbc5b54342f65a2db0da45ae9e44c4b5075fbd610

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\ebaa777b\9b47bccb_aba9da01\rsAtom.DLL
Filesize
158KB

MD5
c0e115eb5bc2449ca73cd370bcb66ac9

SHA1
7a6ae7f6c00aeeb9a3aef8d8971c2cf20e08a6b6

SHA256
31913b02f7ca4eac19e335f2db7915998db7138c8cda17fd0a162a43ca62818b

SHA512
1ce8c5ce6ddcbde306de1c1e138359a9abc0b1a56dc61146a66ce49285c5e624ae0a24ac9d6d0f7cbec3c8e67b1eaefc1c36eca21a56ef571f818762e9762ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7E60.tmp\uninstall.ico
Filesize
170KB

MD5
af1c23b1e641e56b3de26f5f643eb7d9

SHA1
6c23deb9b7b0c930533fdbeea0863173d99cf323

SHA256
0d3a05e1b06403f2130a6e827b1982d2af0495cdd42deb180ca0ce4f20db5058

SHA512
0c503ec7e83a5bfd59ec8ccc80f6c54412263afd24835b8b4272a79c440a0c106875b5c3b9a521a937f0615eb4f112d1d6826948ad5fb6fd173c5c51cb7168f4

Download Submit
C:\Windows\Logs\DISM\dism.log
Filesize
276KB

MD5
c5187579088506dd5b51214694032275

SHA1
7ef94f52da0b890f65fdd1ae45e695e8475698d2

SHA256
5b000429f3b0da5325f2efb4b97c941806dfaea4d5c583827cb533972cbdec90

SHA512
7d8972582ca7ad44d8655b8a9e61b2469d4ad8a318c4ed5cd76bc9e2b9e05d8afde46be1b737cba43ea25bad1bd03554a4648e15d8bccad5b638e80e363499f8

Download Submit
memory/1376-4820-0x0000000004DC0000-0x0000000004E26000-memory.dmp

Filesize
408KB

Download
memory/1376-4834-0x00000000062B0000-0x00000000062E2000-memory.dmp

Filesize
200KB

Download
memory/1376-4858-0x0000000007070000-0x000000000707A000-memory.dmp

Filesize
40KB

Download
memory/1376-4853-0x0000000007640000-0x0000000007CBA000-memory.dmp

Filesize
6.5MB

Download
memory/1376-4854-0x0000000007000000-0x000000000701A000-memory.dmp

Filesize
104KB

Download
memory/1376-4852-0x0000000006CD0000-0x0000000006D73000-memory.dmp

Filesize
652KB

Download
memory/1376-4875-0x0000000007200000-0x0000000007211000-memory.dmp

Filesize
68KB

Download
memory/1376-4878-0x0000000007240000-0x000000000724E000-memory.dmp

Filesize
56KB

Download
memory/1376-4851-0x0000000006CB0000-0x0000000006CCE000-memory.dmp

Filesize
120KB

Download
memory/1376-4817-0x00000000023B0000-0x00000000023E6000-memory.dmp

Filesize
216KB

Download
memory/1376-4880-0x0000000007320000-0x000000000733A000-memory.dmp

Filesize
104KB

Download
memory/1376-4835-0x000000006DFA0000-0x000000006DFEC000-memory.dmp

Filesize
304KB

Download
memory/1376-4833-0x00000000060B0000-0x00000000060FC000-memory.dmp

Filesize
304KB

Download
memory/1376-4832-0x0000000005CE0000-0x0000000005CFE000-memory.dmp

Filesize
120KB

Download
memory/1376-4830-0x00000000056A0000-0x00000000059F4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-4859-0x0000000007280000-0x0000000007316000-memory.dmp

Filesize
600KB

Download
memory/1376-4818-0x0000000004E40000-0x0000000005468000-memory.dmp

Filesize
6.2MB

Download
memory/1376-4819-0x0000000004C20000-0x0000000004C42000-memory.dmp

Filesize
136KB

Download
memory/4404-54-0x000001D7AE0B0000-0x000001D7AE0B8000-memory.dmp

Filesize
32KB

Download
memory/4404-55-0x000001D7C8AC0000-0x000001D7C8FE8000-memory.dmp

Filesize
5.2MB

Download
memory/6084-38-0x0000000005F40000-0x0000000005F50000-memory.dmp

Filesize
64KB

Download
memory/6084-39-0x0000000072EAE000-0x0000000072EAF000-memory.dmp

Filesize
4KB

Download
memory/6084-12-0x0000000005F40000-0x0000000005F50000-memory.dmp

Filesize
64KB

Download
memory/6084-13-0x0000000072EAE000-0x0000000072EAF000-memory.dmp

Filesize
4KB

Download
memory/6084-17-0x0000000005F90000-0x0000000005FA6000-memory.dmp

Filesize
88KB

Download
memory/6084-18-0x0000000073770000-0x0000000073786000-memory.dmp

Filesize
88KB

Download
memory/6084-20-0x0000000008EA0000-0x0000000009444000-memory.dmp

Filesize
5.6MB

Download
memory/6084-128-0x0000000072EA0000-0x0000000073650000-memory.dmp

Filesize
7.7MB

Download
memory/6084-21-0x0000000008AD0000-0x0000000008B62000-memory.dmp

Filesize
584KB

Download
memory/6084-22-0x0000000009E40000-0x0000000009E84000-memory.dmp

Filesize
272KB

Download
memory/6084-23-0x0000000009F20000-0x0000000009FBC000-memory.dmp

Filesize
624KB

Download
memory/6084-24-0x0000000009FC0000-0x000000000A026000-memory.dmp

Filesize
408KB

Download
memory/6084-42-0x0000000072EA0000-0x0000000073650000-memory.dmp

Filesize
7.7MB

Download
memory/6084-25-0x000000000A560000-0x000000000AA8C000-memory.dmp

Filesize
5.2MB

Download
memory/6084-26-0x000000000AAC0000-0x000000000AACA000-memory.dmp

Filesize
40KB

Download
memory/6084-28-0x0000000072EA0000-0x0000000073650000-memory.dmp

Filesize
7.7MB

Download
memory/6084-27-0x0000000072EA0000-0x0000000073650000-memory.dmp

Filesize
7.7MB

Download
memory/6740-142-0x000001F9D8330000-0x000001F9D8388000-memory.dmp

Filesize
352KB

Download
memory/6740-4800-0x000001F9D9A20000-0x000001F9D9A4E000-memory.dmp

Filesize
184KB

Download
memory/6740-137-0x000001F9D78A0000-0x000001F9D78CA000-memory.dmp

Filesize
168KB

Download
memory/6740-135-0x000001F9D7860000-0x000001F9D789A000-memory.dmp

Filesize
232KB

Download
memory/6740-3148-0x000001F9D9800000-0x000001F9D9856000-memory.dmp

Filesize
344KB

Download
memory/6740-4762-0x000001F9D9860000-0x000001F9D989A000-memory.dmp

Filesize
232KB

Download
memory/6740-129-0x000001F9BD2D0000-0x000001F9BD358000-memory.dmp

Filesize
544KB

Download
memory/6740-4773-0x000001F9D9860000-0x000001F9D9890000-memory.dmp

Filesize
192KB

Download
memory/6740-131-0x000001F9D7740000-0x000001F9D7780000-memory.dmp

Filesize
256KB

Download
memory/6740-4787-0x000001F9D9910000-0x000001F9D993A000-memory.dmp

Filesize
168KB

Download
memory/6740-133-0x000001F9BF040000-0x000001F9BF070000-memory.dmp

Filesize
192KB

Download
memory/7524-535-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-844-0x00007FF74B510000-0x00007FF74B520000-memory.dmp

Filesize
64KB

Download
memory/7524-567-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-566-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-565-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-569-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-570-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-571-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-572-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-559-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-576-0x00007FF77C330000-0x00007FF77C340000-memory.dmp

Filesize
64KB

Download
memory/7524-554-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-577-0x00007FF77A560000-0x00007FF77A570000-memory.dmp

Filesize
64KB

Download
memory/7524-582-0x00007FF704EA0000-0x00007FF704EB0000-memory.dmp

Filesize
64KB

Download
memory/7524-596-0x00007FF765430000-0x00007FF765440000-memory.dmp

Filesize
64KB

Download
memory/7524-547-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-606-0x00007FF715B70000-0x00007FF715B80000-memory.dmp

Filesize
64KB

Download
memory/7524-545-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-607-0x00007FF715B70000-0x00007FF715B80000-memory.dmp

Filesize
64KB

Download
memory/7524-543-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-625-0x00007FF717B90000-0x00007FF717BA0000-memory.dmp

Filesize
64KB

Download
memory/7524-627-0x00007FF717B90000-0x00007FF717BA0000-memory.dmp

Filesize
64KB

Download
memory/7524-631-0x00007FF717B90000-0x00007FF717BA0000-memory.dmp

Filesize
64KB

Download
memory/7524-637-0x00007FF76AB00000-0x00007FF76AB10000-memory.dmp

Filesize
64KB

Download
memory/7524-664-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-689-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-692-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-703-0x00007FF717B90000-0x00007FF717BA0000-memory.dmp

Filesize
64KB

Download
memory/7524-705-0x00007FF717B90000-0x00007FF717BA0000-memory.dmp

Filesize
64KB

Download
memory/7524-721-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-723-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-724-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-731-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-732-0x00007FF717B90000-0x00007FF717BA0000-memory.dmp

Filesize
64KB

Download
memory/7524-737-0x00007FF717B90000-0x00007FF717BA0000-memory.dmp

Filesize
64KB

Download
memory/7524-739-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-742-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-746-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-760-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-769-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-772-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-801-0x00007FF74B510000-0x00007FF74B520000-memory.dmp

Filesize
64KB

Download
memory/7524-815-0x00007FF717B90000-0x00007FF717BA0000-memory.dmp

Filesize
64KB

Download
memory/7524-818-0x00007FF74B510000-0x00007FF74B520000-memory.dmp

Filesize
64KB

Download
memory/7524-835-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-568-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-882-0x00007FF74B510000-0x00007FF74B520000-memory.dmp

Filesize
64KB

Download
memory/7524-887-0x00007FF757600000-0x00007FF757610000-memory.dmp

Filesize
64KB

Download
memory/7524-913-0x00007FF74B510000-0x00007FF74B520000-memory.dmp

Filesize
64KB

Download
memory/7524-924-0x00007FF74B510000-0x00007FF74B520000-memory.dmp

Filesize
64KB

Download
memory/7524-926-0x00007FF74B510000-0x00007FF74B520000-memory.dmp

Filesize
64KB

Download
memory/7524-888-0x00007FF717B90000-0x00007FF717BA0000-memory.dmp

Filesize
64KB

Download
memory/7524-638-0x00007FF76AB00000-0x00007FF76AB10000-memory.dmp

Filesize
64KB

Download
memory/7524-573-0x00007FF76AB00000-0x00007FF76AB10000-memory.dmp

Filesize
64KB

Download
memory/7524-548-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-539-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-541-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-537-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-533-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-530-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-525-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-526-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-527-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7524-528-0x00007FF71B630000-0x00007FF71B640000-memory.dmp

Filesize
64KB

Download
memory/7544-4931-0x0000000006370000-0x00000000066C4000-memory.dmp

Filesize
3.3MB

Download
memory/7544-4938-0x000000006DFA0000-0x000000006DFEC000-memory.dmp

Filesize
304KB

Download
memory/10312-4857-0x00000108B3DB0000-0x00000108B3DDE000-memory.dmp

Filesize
184KB

Download
memory/10312-4874-0x00000108CE1E0000-0x00000108CE21C000-memory.dmp

Filesize
240KB

Download
memory/10312-4860-0x00000108B3DB0000-0x00000108B3DDE000-memory.dmp

Filesize
184KB

Download
memory/10312-4873-0x00000108B5AB0000-0x00000108B5AC2000-memory.dmp

Filesize
72KB

Download
memory/10948-4897-0x000002476DCE0000-0x000002476E046000-memory.dmp

Filesize
3.4MB

Download
memory/10948-4900-0x000002476D9E0000-0x000002476DA02000-memory.dmp

Filesize
136KB

Download
memory/10948-4899-0x000002476D990000-0x000002476D9AA000-memory.dmp

Filesize
104KB

Download
memory/10948-4898-0x000002476E050000-0x000002476E1CC000-memory.dmp

Filesize
1.5MB

Download
memory/11236-4903-0x0000023155BF0000-0x0000023155C18000-memory.dmp

Filesize
160KB

Download
memory/11236-4918-0x0000023170CD0000-0x00000231712E8000-memory.dmp

Filesize
6.1MB

Download
memory/11236-4917-0x000002316FCC0000-0x000002316FCF2000-memory.dmp

Filesize
200KB

Download
memory/11236-4907-0x0000023155780000-0x00000231557DC000-memory.dmp

Filesize
368KB

Download
memory/11236-4906-0x000002316FD20000-0x000002316FD7A000-memory.dmp

Filesize
360KB

Download
memory/11236-4961-0x00000231723A0000-0x00000231725FE000-memory.dmp

Filesize
2.4MB

Download
memory/11236-4902-0x0000023155780000-0x00000231557DC000-memory.dmp

Filesize
368KB

Download
memory/12072-5078-0x000002AD39550000-0x000002AD395AC000-memory.dmp

Filesize
368KB

Download
memory/12072-5079-0x000002AD39860000-0x000002AD39B08000-memory.dmp

Filesize
2.7MB

Download
memory/12072-4966-0x000002AD38E30000-0x000002AD38E60000-memory.dmp

Filesize
192KB

Download
memory/12072-5090-0x000002AD395B0000-0x000002AD395E8000-memory.dmp

Filesize
224KB

Download
memory/12072-4965-0x000002AD38E00000-0x000002AD38E24000-memory.dmp

Filesize
144KB

Download
memory/12072-5103-0x000002AD38EC0000-0x000002AD38EEA000-memory.dmp

Filesize
168KB

Download
memory/12072-5106-0x000002AD39680000-0x000002AD39706000-memory.dmp

Filesize
536KB

Download
memory/12116-5089-0x000001956EC00000-0x000001956EC28000-memory.dmp

Filesize
160KB

Download
memory/12116-5091-0x0000019571320000-0x00000195714B4000-memory.dmp

Filesize
1.6MB

Download
memory/12116-5092-0x000001956EC00000-0x000001956EC28000-memory.dmp

Filesize
160KB

Download