Analysis Overview
Threat Level: Likely malicious
The file https://en.softonic.com/download-launch?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJhZmZpbGlhdGlvbkRvd25sb2FkIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2xlYXAubGRwbGF5ZXIuZ2cvVDRsTjlwMWNMIiwiYXBwSWQiOiI1Y2RlODExNi00NjRjLTQ0ZWEtODllYy03ZWFlYjY4MGEzNjEiLCJwbGF0Zm9ybUlkIjoid2luZG93cyIsImlhdCI6MTcxNjg0NDg3MywiZXhwIjoxNzE2ODQ4NDczfQ.noBfldTdXH-uMv8xBQg0xNk8qEYMYyR1NVnjCRrkr1w was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Possible privilege escalation attempt
Creates new service(s)
Modifies file permissions
Executes dropped EXE
Registers COM server for autorun
Reads user/profile data of web browsers
Loads dropped DLL
Checks computer location settings
Checks installed software on the system
Drops file in Program Files directory
Launches sc.exe
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Runs net.exe
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Kills process with taskkill
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Uses Task Scheduler COM API
NTFS ADS
Enumerates system info in registry
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-27 22:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 22:09
Reported
2024-05-27 22:13
Platform
win10v2004-20240508-en
Max time kernel
154s
Max time network
220s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\qbayetsi.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\RAVEndPointProtection-installer.exe | N/A |
| N/A | N/A | C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| N/A | N/A | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\qbayetsi.exe | N/A |
| N/A | N/A | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon.png | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-v.css | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sk-SK.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\securesearchhandler.luc | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hu-HU.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-overlay-ui.html | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\wssdep.cab | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\jslang\wa-res-install-el-GR.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sv-SE.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\jslang\eula-pt-PT.txt | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-MX.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-window.png | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nl-NL.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pt-BR.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-de-DE.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exe | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check.png | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close2.png | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-es-ES.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fi-FI.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\taskmanager.dll | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\jslang\eula-es-MX.txt | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\jslang\wa-res-shared-it-IT.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-logo.png | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nb-NO.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-cs-CZ.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\jslang\wa-res-install-nb-NO.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sv-SE.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sv-SE.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\wa-install.css | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-de-DE.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\jslang\wa-res-shared-el-GR.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-options.css | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ko-KR.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-TW.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\jslang\wa-res-shared-nb-NO.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_2.png | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nb-NO.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-CA.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\core\uihandler.luc | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-tr-TR.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sr-Latn-CS.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-zh-CN.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fr-CA.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\jslang\wa-res-install-sr-Latn-CS.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\logic\tests_logic.luc | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dialog-balloon.html | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-el-GR.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\jslang\wa-res-install-cs-CZ.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-ES.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fi-FI.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-MX.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-en-US.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pl-PL.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\main_close_large.png | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\jslang\eula-sv-SE.txt | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\loading-spinner.gif | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.firefox.extension.json | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-zh-TW.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nl-NL.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pl-PL.js | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1031027621\webadvisor.ico | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\core\uithreadexithandler.luc | C:\Program Files\McAfee\Temp1031027621\installer.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046} | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\ = "McAfee SiteAdvisor MISP Integration" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046} | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046} | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\win32\\WSSDep.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046} | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\ = "McAfee SiteAdvisor MISP Integration" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046} | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046} | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 1611.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_25567197_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://en.softonic.com/download-launch?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJhZmZpbGlhdGlvbkRvd25sb2FkIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2xlYXAubGRwbGF5ZXIuZ2cvVDRsTjlwMWNMIiwiYXBwSWQiOiI1Y2RlODExNi00NjRjLTQ0ZWEtODllYy03ZWFlYjY4MGEzNjEiLCJwbGF0Zm9ybUlkIjoid2luZG93cyIsImlhdCI6MTcxNjg0NDg3MywiZXhwIjoxNzE2ODQ4NDczfQ.noBfldTdXH-uMv8xBQg0xNk8qEYMYyR1NVnjCRrkr1w
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0e46f8,0x7ffa5c0e4708,0x7ffa5c0e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7324 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_25567197_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_25567197_ld.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1896 /prefetch:2
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=969ea1cb70381ef7ec48cdce582491fd122a67dc&dit=20240527221021260&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i
C:\Users\Admin\AppData\Local\Temp\qbayetsi.exe
"C:\Users\Admin\AppData\Local\Temp\qbayetsi.exe" /silent
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\RAVEndPointProtection-installer.exe
"C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\qbayetsi.exe" /silent
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Program Files\McAfee\Temp1031027621\installer.exe
"C:\Program Files\McAfee\Temp1031027621\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=131746
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\FB6D040E-59CE-4E82-A798-B8DCE9E4726A\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\FB6D040E-59CE-4E82-A798-B8DCE9E4726A\dismhost.exe {55E9E43B-B74F-4768-A827-A9B2750DD8C0}
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.supercell.brawlstars|package=com.supercell.brawlstars
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3dc 0x31c
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffa5c0e46f8,0x7ffa5c0e4708,0x7ffa5c0e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12839097585162253251,9449021844497616045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 151.101.1.91:443 | en.softonic.com | tcp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| US | 163.181.154.237:443 | leap.ldplayer.gg | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 163.181.154.231:443 | www.ldplayer.net | tcp |
| US | 163.181.154.231:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| FR | 142.250.179.118:443 | play-lh.googleusercontent.com | tcp |
| FR | 3.162.38.2:443 | cdn.ldplayer.net | tcp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| US | 8.8.8.8:53 | 237.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 6.4.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | tcp |
| FR | 142.250.179.118:443 | play-lh.googleusercontent.com | udp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.30.18.104.in-addr.arpa | udp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | invite.ldplayer.net | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| FR | 52.222.169.124:443 | apien.ldplayer.net | tcp |
| US | 8.8.8.8:53 | api.ldshop.gg | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| SG | 8.222.229.130:443 | api.ldshop.gg | tcp |
| FR | 172.217.18.194:443 | www.googletagservices.com | tcp |
| SG | 47.245.114.192:443 | invite.ldplayer.net | tcp |
| SG | 8.222.229.130:443 | api.ldshop.gg | tcp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.18.217.172.in-addr.arpa | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| SG | 47.245.114.192:443 | invite.ldplayer.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| FR | 99.86.91.43:443 | tagan.adlightning.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 130.229.222.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.114.245.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | oss.ld-space.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 163.181.154.147:443 | oss.ld-space.com | tcp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.154.181.163.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| FR | 52.84.174.75:443 | config.aps.amazon-adsystem.com | tcp |
| US | 18.245.175.156:443 | aax.amazon-adsystem.com | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| FR | 18.155.129.56:443 | tags.crwdcntrl.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| FR | 52.84.174.75:443 | config.aps.amazon-adsystem.com | tcp |
| US | 18.245.175.156:443 | aax.amazon-adsystem.com | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 3d2a873da0afcc7e52661c0cb45907e9.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 8.8.8.8:53 | rtb.adxpremium.services | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | 122.194.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.223.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| FR | 216.58.214.161:443 | 3d2a873da0afcc7e52661c0cb45907e9.safeframe.googlesyndication.com | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| DK | 37.157.2.230:443 | adx.adform.net | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 172.64.153.78:443 | mp.4dex.io | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| IE | 52.17.55.191:443 | bcp.crwdcntrl.net | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| US | 8.8.8.8:53 | 75.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.140.106.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.55.17.52.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | 8proof.com | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 52.116.53.150:443 | 8proof.com | tcp |
| FR | 142.250.179.123:443 | storage.googleapis.com | tcp |
| FR | 142.250.179.123:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 63.215.202.178:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.53.116.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.202.215.63.in-addr.arpa | udp |
| FR | 216.58.215.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 1x1.a-mo.net | udp |
| US | 8.8.8.8:53 | 0a962f25fc0c79c65e2f144bdfc3e540.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| DE | 52.29.0.150:443 | 1x1.a-mo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| DE | 52.29.0.150:443 | 1x1.a-mo.net | tcp |
| US | 142.250.72.131:443 | csi.gstatic.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.0.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.250.142.in-addr.arpa | udp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 79.125.111.123:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.92.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.111.125.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 172.67.23.234:443 | ids.ad.gt | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 185.89.211.116:443 | secure.adnxs.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | setupad-d.openx.net | udp |
| US | 172.67.23.234:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| NL | 185.89.211.116:443 | secure.adnxs.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| BE | 23.55.98.169:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| US | 172.67.23.234:443 | ids.ad.gt | tcp |
| IE | 52.18.219.127:443 | dpm.demdex.net | tcp |
| BE | 23.55.98.169:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| NL | 89.149.192.245:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.219.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.158.19.104.in-addr.arpa | udp |
| NL | 185.89.211.116:443 | secure.adnxs.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 89.149.192.245:443 | ssbsync.smartadserver.com | tcp |
| NL | 89.149.192.200:443 | sync.smartadserver.com | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| DE | 18.194.142.248:443 | match.sharethrough.com | tcp |
| NL | 81.17.55.172:443 | rtb-csync.smartadserver.com | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| NL | 81.17.55.172:443 | rtb-csync.smartadserver.com | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | pixels.ad.gt | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.142.194.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| FR | 185.235.86.143:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.211:443 | ag.gbc.criteo.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| US | 8.8.8.8:53 | 91.130.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.4dex.io | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | pxl.iqm.com | udp |
| US | 8.8.8.8:53 | a.audrte.com | udp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | wt.rqtrk.eu | udp |
| DE | 57.129.18.121:443 | wt.rqtrk.eu | tcp |
| DE | 57.129.18.121:443 | wt.rqtrk.eu | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | 121.18.129.57.in-addr.arpa | udp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 34.193.171.116:443 | pxl.iqm.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.171.193.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.40.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| US | 34.98.64.218:443 | setupad-d.openx.net | tcp |
| US | 34.98.64.218:443 | setupad-d.openx.net | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | node.setupad.com | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| US | 8.8.8.8:53 | 223.25.89.159.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3n1ms4uhtqgov.cloudfront.net | udp |
| FR | 52.84.186.217:443 | d3n1ms4uhtqgov.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| FR | 52.222.161.177:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 217.186.84.52.in-addr.arpa | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | 177.161.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| FR | 52.222.161.177:443 | d1arl2thrafelv.cloudfront.net | tcp |
| FR | 18.155.129.82:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.193.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.200.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 146.48.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| FR | 52.222.161.138:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 138.161.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shield.reasonsecurity.com | udp |
| FR | 52.222.161.138:443 | d1arl2thrafelv.cloudfront.net | tcp |
| GB | 18.165.160.99:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 54.149.56.253:443 | analytics.apis.mcafee.com | tcp |
| FR | 52.222.161.138:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | shield.reasonsecurity.com | udp |
| US | 8.8.8.8:53 | 99.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.56.149.54.in-addr.arpa | udp |
| FR | 52.222.201.5:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| US | 2.17.251.50:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 5.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 34.228.124.198:443 | track.analytics-data.io | tcp |
| US | 34.228.124.198:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 198.124.228.34.in-addr.arpa | udp |
| US | 34.228.124.198:443 | track.analytics-data.io | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| US | 34.228.124.198:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 97.136.219.8.in-addr.arpa | udp |
| US | 2.17.251.50:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | home.mcafee.com | udp |
| US | 8.8.8.8:53 | update.reasonsecurity.com | udp |
| US | 18.245.199.91:443 | update.reasonsecurity.com | tcp |
| BE | 104.68.84.174:443 | home.mcafee.com | tcp |
| BE | 104.68.84.174:443 | home.mcafee.com | tcp |
| US | 34.228.124.198:443 | track.analytics-data.io | tcp |
| US | 54.149.56.253:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | electron-shell.reasonsecurity.com | udp |
| US | 34.228.124.198:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 91.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.84.68.104.in-addr.arpa | udp |
| US | 18.245.175.7:443 | electron-shell.reasonsecurity.com | tcp |
| US | 54.149.56.253:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 7.175.245.18.in-addr.arpa | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 18.213.148.86:443 | track.analytics-data.io | tcp |
| US | 18.213.148.86:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 86.148.213.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| US | 2.17.251.22:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 22.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 44.227.245.121:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 121.245.227.44.in-addr.arpa | udp |
| US | 44.227.245.121:443 | analytics.apis.mcafee.com | tcp |
| US | 18.213.148.86:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| US | 18.213.148.86:443 | track.analytics-data.io | tcp |
| FR | 18.244.28.57:443 | cdn.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 57.28.244.18.in-addr.arpa | udp |
| US | 18.213.148.86:443 | track.analytics-data.io | tcp |
| US | 18.213.148.86:443 | track.analytics-data.io | tcp |
| US | 18.213.148.86:443 | track.analytics-data.io | tcp |
| US | 18.213.148.86:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 18.213.148.86:443 | track.analytics-data.io | tcp |
| US | 18.213.148.86:443 | track.analytics-data.io | tcp |
| US | 18.213.148.86:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 18.213.148.86:443 | track.analytics-data.io | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| US | 163.181.154.235:443 | en.ldplayer.net | tcp |
| FR | 3.162.38.96:443 | cdn.ldplayer.net | tcp |
| FR | 3.162.38.96:443 | cdn.ldplayer.net | tcp |
| FR | 52.222.149.101:443 | ad.ldplayer.net | tcp |
| FR | 3.162.38.96:443 | cdn.ldplayer.net | tcp |
| FR | 3.162.38.96:443 | cdn.ldplayer.net | tcp |
| FR | 3.162.38.96:443 | cdn.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | advertise.ldplayer.net | udp |
| US | 163.181.154.248:443 | advertise.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 235.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.248:443 | advertise.ldplayer.net | tcp |
| FR | 52.222.149.101:443 | ad.ldplayer.net | tcp |
| FR | 52.222.149.101:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 248.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.181.163.in-addr.arpa | udp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| FR | 3.162.38.96:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| FR | 18.155.129.119:443 | encdn.ldmnq.com | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 119.129.155.18.in-addr.arpa | udp |
| FR | 3.162.38.96:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | sw.symcd.com | udp |
| US | 152.199.19.74:80 | sw.symcd.com | tcp |
| US | 8.8.8.8:53 | ocsp.thawte.com | udp |
| US | 152.199.19.74:80 | ocsp.thawte.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.thawte.com | udp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 163.181.154.231:443 | www.ldplayer.net | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| FR | 18.155.129.119:443 | encdn.ldmnq.com | tcp |
| FR | 18.155.129.119:443 | encdn.ldmnq.com | tcp |
| FR | 18.155.129.119:443 | encdn.ldmnq.com | tcp |
| FR | 18.155.129.119:443 | encdn.ldmnq.com | tcp |
| FR | 18.155.129.119:443 | encdn.ldmnq.com | tcp |
| FR | 18.155.129.119:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.179.86:443 | i.ytimg.com | tcp |
| FR | 52.222.149.101:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 86.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.178.130:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | alliance.ldplayer.net | udp |
| US | 18.245.199.3:443 | alliance.ldplayer.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 216.58.214.166:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| FR | 3.162.38.96:80 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.106:443 | jnn-pa.googleapis.com | tcp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| FR | 3.162.38.96:443 | apien.ldmnq.com | tcp |
| FR | 142.250.179.106:443 | jnn-pa.googleapis.com | udp |
| FR | 142.250.201.162:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | tcp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 166.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.20.217.172.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| DK | 37.157.2.230:443 | adx.adform.net | tcp |
| DK | 37.157.2.230:443 | adx.adform.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| DK | 37.157.2.230:443 | adx.adform.net | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| FR | 3.162.38.96:443 | apien.ldmnq.com | tcp |
| BE | 23.55.97.181:80 | www.microsoft.com | tcp |
| FR | 52.222.149.101:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | config.reasonsecurity.com | udp |
| FR | 52.222.149.64:443 | config.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 64.149.222.52.in-addr.arpa | udp |
| FR | 52.222.149.101:443 | ad.ldplayer.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_952_KVQMSOVJMYBTIIEN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 544f74696f4b0ea29bed771749e9c39c |
| SHA1 | 8080ff9632574245ba9bdc16e12a0ccfeaf8766f |
| SHA256 | 98f36a7dbf69a5c2ab3ae61ec9ad4fe95f2e7bed8f96600d1e492cfe795c9c1b |
| SHA512 | d7beb7d03c0b155acb1e2ea30b84ea9c628789b1f7463dca1290a5e99414df9f0e3085cee86954d077da01206af28111d7d49464fd0da09b04637cad3a8978f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9eb9282a54443f86418971d0e2f4a9d3 |
| SHA1 | 742e76917df59526e7fc05df0a63c8774b0c5e32 |
| SHA256 | 44773859790f254eb2ea667edcd67d68b1ca60f57400b29ec6410253e0323e22 |
| SHA512 | 5710d9dfb7bfe12095b587c938ad986c7c1cbcd0c41f90e5283c9d3c860fbf35cbd811a0b4c7beb107064415a22ae937ebb537b2dfe1d7976882fe97891f8e2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4583bb65569adeb2aa6a9d893798b8de |
| SHA1 | 352564870ce2f1ff719a12dd7935342040339588 |
| SHA256 | 47550b645ac62111626adea0c9d0f8dd3ce99d45d15c70017ba835ca365be4db |
| SHA512 | 59034a15688ceff0e7585a316c31c062c4fe1d97a866602f7a57639c9029e974617845da0a5434c77a19f2429552cfeacf0a828f25487ca6101ac06ab893d1a1 |
C:\Users\Admin\Downloads\Unconfirmed 1611.crdownload
| MD5 | 3470dad8219537a4b4d9f1ff73436893 |
| SHA1 | fc5ba88ce9719ad6ba6febbaab971801cd625933 |
| SHA256 | 1f5cc5c2211c48f57acf7d4113a487fbbd74a423303102821c913139d7ff782a |
| SHA512 | 2cf931cf203650781ca27051cf58b61a26700cb492086ce04a8680a49126b63276c77241d5d3f31a8a948edf56e0accec57c78e620200d310af48fa076d33c94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c131f7e3f1a1a544744fd9986639f2b |
| SHA1 | 3ffa2e3549c6892b5acfc2087359ea5ccb93a1ab |
| SHA256 | 1c665531b93695d09898b4d465170fe82fba0c4089293c36de4d2b469475582b |
| SHA512 | ab3b94940d50f0654a40f7a95e5eac736fc92d140993be51ff96c239fd2240c80c3aa2a5372b028ac96fd40deb1e7a264cd1515d21dc7671686053b816ade141 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | da3a30ee8dfd955d3a537c2c2ff62331 |
| SHA1 | 8d5ae98d44bf40517f0b6814e3cea1ce4ffba425 |
| SHA256 | 75e3475ff408b1e9795a88477fb18cc59e36983c5a4cbf3c0967a9b3565a57fd |
| SHA512 | 3fbb44ed671768ad038d83ee22d2813eddffa26f4241ac33737cb784d20013f6ed5600c3d16b2ade5be3754c8242ec9e3e69e63b2dc0bcf6992b85fbb05a0839 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579df5.TMP
| MD5 | 3c798db489799fa4c6ae18f0786bb609 |
| SHA1 | 1aa3744dfff02c4b3295c803915614b97dfc95c3 |
| SHA256 | 743c8f0560bc6b7adedcfd58eaa7dbf42983ec15748413d6f07691e740ec8186 |
| SHA512 | e454ec5faa2fe62520d07f51e6bc2ea5bd1c18fd14f24f48c31c15b75e1d7136e2641d219493c21567c5782bb1f865e6f8965f69f595edfbc02b2b7a054265b4 |
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | 7d5d3e2fcfa5ff53f5ae075ed4327b18 |
| SHA1 | 3905104d8f7ba88b3b34f4997f3948b3183953f6 |
| SHA256 | e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4 |
| SHA512 | e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589 |
memory/6344-409-0x0000000006400000-0x0000000006414000-memory.dmp
memory/6344-410-0x00000000740F0000-0x0000000074104000-memory.dmp
memory/6344-411-0x00000000092E0000-0x0000000009884000-memory.dmp
memory/6344-412-0x0000000008ED0000-0x0000000008F62000-memory.dmp
memory/6344-413-0x000000000A210000-0x000000000A254000-memory.dmp
memory/6344-414-0x000000000A2F0000-0x000000000A38C000-memory.dmp
memory/6344-415-0x000000000A390000-0x000000000A3F6000-memory.dmp
memory/6344-416-0x000000000A930000-0x000000000AE5C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d7cba2de47e81c8f28ffb187449f3f10 |
| SHA1 | 33d718c546479102862e1453e98a05bfacb7dec5 |
| SHA256 | 06f4902f9bde2fca659859ee7dbcf515c8887509aaad40564e42133e80a0c351 |
| SHA512 | f3332d1ec551cb8b82cfe91b39fe100e419e353045a5c51d1595e29102256b1c36c8140d80e23d530076cc56b6d7e682c42dd7e0e20c6293b3c8916db8148147 |
memory/6344-443-0x000000000A910000-0x000000000A91A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | be7d3d0310fb2ec59ca6a09de30bdc70 |
| SHA1 | 8719bd97a2f2570b0372aba4ed76aa6fd06b0e71 |
| SHA256 | 1c9889e69abaac8bac04dbf74e85f1b835958dd1be1b6e91528f1b1d976e3a82 |
| SHA512 | cc6c192e6ba63c04ec75afeb57ce8bf76ec0ee1e218a411886575e9343396be36455dc6847dfd2612205e9bf80755c1b45a6a5beb38e10da676d88ebf6da0e21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | faf19c6509c3023b41019f3fd3a80c45 |
| SHA1 | 4bfc7828f17e68b4ecf71a0a22c8bb96f52d0a59 |
| SHA256 | e2ae158464b22bd37109fa7afc904af11c7aa38a66d1b00905cd990edb9a6177 |
| SHA512 | 816098c63689b542e1876762d519fc1bb6fb36dc420b32dec32bcc50cec1db6150d3f24898cb9fce14655e3063bfe0543c8270fe1f9626929fcbceb2a54f2026 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d21d44692aa95ef6e6d4ad25e9cb0c23 |
| SHA1 | 40a4650dd563119c06ef75b1e3a6a4dfeb64103e |
| SHA256 | c39be25a802baf79736a206bbf65053d8098ce250f758c23e498b581782a9fe5 |
| SHA512 | 1074323a03405e5013e2e9af44d14d54f8e7ee6c0dfcb652ba8ee4ec22679bbbfda1c93b8d2cd65a1d48b6e7f19d6a30cc711a3fa3b987010046d5bb4bde34e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 808db01e48f045637062b61b9f1d2ec3 |
| SHA1 | 572a4ca8a6d8f60269c0df60e920d04a39477506 |
| SHA256 | fd0780b1e6ba1e0083f5f4d18478e17413727ec9d1acb522219659fee1fdcad2 |
| SHA512 | df449e1768ccd553c5edb3010e31e180987b64c67483dbbcb01a415c65925a196e3d55284d156834b3c7d033d3cfed3224fad82fd091fd8f110d47c520a25d7b |
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
| MD5 | 143255618462a577de27286a272584e1 |
| SHA1 | efc032a6822bc57bcd0c9662a6a062be45f11acb |
| SHA256 | f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4 |
| SHA512 | c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9 |
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
| MD5 | 8fa189ff4776b0f158e260ee146d523c |
| SHA1 | 5c399f49cf00e080cb3022c544faa3d23ecb6ea0 |
| SHA256 | 789f3dab2e6f784a0eb0b66c7e1ea8751186ca558aaf7baae6a0d725905f5a59 |
| SHA512 | 3f8b0ab5d7a7a5b5ec35d5542140ac4e3160b583e1426a21c1c2f4fdd46ae92f16c2a817d2ffbbb71940c1df6e60cd70d33dc3fce4d3cfb6f1a5c28689fc0b8a |
memory/6652-536-0x00000127FA9E0000-0x00000127FA9E8000-memory.dmp
memory/6652-537-0x00000127FD460000-0x00000127FD988000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qbayetsi.exe
| MD5 | 35d27ecdefa345d8c3c8fc1e160d9c31 |
| SHA1 | 456f8a433ddb0d53febff5d454f43026da5db6e5 |
| SHA256 | 488edf48a0cf41350fff488b426b87006f2e1d7fb1e0a2f91db61fa8d118eaea |
| SHA512 | 78760f85f6af577d0f48027d7a8ca53563bba30faeed75d92234e3372ca75aa9d9f3c8f835e1a8ef30ef7cc0aeba66f7b54437c67a3692d402b279cf58905663 |
C:\Users\Admin\AppData\Local\Temp\nsf74CA.tmp\System.dll
| MD5 | 192639861e3dc2dc5c08bb8f8c7260d5 |
| SHA1 | 58d30e460609e22fa0098bc27d928b689ef9af78 |
| SHA256 | 23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6 |
| SHA512 | 6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc |
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\RAVEndPointProtection-installer.exe
| MD5 | 31cb221abd09084bf10c8d6acf976a21 |
| SHA1 | 1214ac59242841b65eaa5fd78c6bed0c2a909a9b |
| SHA256 | 1bbba4dba3eb631909ba4b222d903293f70f7d6e1f2c9f52ae0cfca4e168bd0b |
| SHA512 | 502b3acf5306a83cb6c6a917e194ffdce8d3c8985c4488569e59bce02f9562b71e454da53fd4605946d35c344aa4e67667c500ebcd6d1a166f16edbc482ba671 |
memory/6988-610-0x0000027A9A780000-0x0000027A9A808000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\rsStubLib.dll
| MD5 | 98f73ae19c98b734bdbe9dba30e31351 |
| SHA1 | 9c656eb736d9fd68d3af64f6074f8bf41c7a727e |
| SHA256 | 944259d12065d301955931c79a8ae434c3ebccdcbfad5e545bab71765edc9239 |
| SHA512 | 8ad15ef9897e2ffe83b6d0caf2fac09b4eb36d21768d5350b7e003c63cd19f623024cd73ac651d555e1c48019b94fa7746a6c252cc6b78fdffdab6cb11574a70 |
memory/6988-612-0x0000027A9ABF0000-0x0000027A9AC30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\rsLogger.dll
| MD5 | 4ece9fa3258b1227842c32f8b82299c0 |
| SHA1 | 4fdd1a397497e1bff6306f68105c9cecb8041599 |
| SHA256 | 61e85b501cf8c0f725c5b03c323320e6ee187e84f166d8f9deaf93b2ea6ca0ef |
| SHA512 | a923bce293f8af2f2a34e789d6a2f1419dc4b3d760b46df49561948aa917bb244eda6da933290cd36b22121aad126a23d70de99bb663d4c4055280646ec6c9dd |
memory/6988-615-0x0000027AB4C00000-0x0000027AB4C30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\rsJSON.dll
| MD5 | afd0aa2d81db53a742083b0295ae6c63 |
| SHA1 | 840809a937851e5199f28a6e2d433bca08f18a4f |
| SHA256 | 1b55a9dd09b1cd51a6b1d971d1551233fa2d932bdea793d0743616a4f3edb257 |
| SHA512 | 405e0cbcfff6203ea1224a81fb40bbefa65db59a08baa1b4f3f771240c33416c906a87566a996707ae32e75512abe470aec25820682f0bcf58ccc087a14699ec |
memory/6988-617-0x0000027AB4E30000-0x0000027AB4E6A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\rsAtom.dll
| MD5 | 16d9a46099809ac76ef74a007cf5e720 |
| SHA1 | e4870bf8cef67a09103385b03072f41145baf458 |
| SHA256 | 58fec0c60d25f836d17e346b07d14038617ae55a5a13adfca13e2937065958f6 |
| SHA512 | 10247771c77057fa82c1c2dc4d6dfb0f2ab7680cd006dbfa0f9fb93986d2bb37a7f981676cea35aca5068c183c16334f482555f22c9d5a5223d032d5c84b04f2 |
memory/6988-619-0x0000027AB4E70000-0x0000027AB4E9A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\Microsoft.Win32.TaskScheduler.dll
| MD5 | 192d235d98d88bab41eed2a90a2e1942 |
| SHA1 | 2c92c1c607ba0ca5ad4b2636ea0deb276dcc2266 |
| SHA256 | c9e3f36781204ed13c0adad839146878b190feb07df41f57693b99ca0a3924e3 |
| SHA512 | d469b0862af8c92f16e8e96c6454398800f22aac37951252f942f044e2efbfd799a375f13278167b48f6f792d6a3034afeace4a94e0b522f45ea5d6ff286a270 |
memory/6988-624-0x0000027AB4F00000-0x0000027AB4F58000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\uninstall.ico
| MD5 | af1c23b1e641e56b3de26f5f643eb7d9 |
| SHA1 | 6c23deb9b7b0c930533fdbeea0863173d99cf323 |
| SHA256 | 0d3a05e1b06403f2130a6e827b1982d2af0495cdd42deb180ca0ce4f20db5058 |
| SHA512 | 0c503ec7e83a5bfd59ec8ccc80f6c54412263afd24835b8b4272a79c440a0c106875b5c3b9a521a937f0615eb4f112d1d6826948ad5fb6fd173c5c51cb7168f4 |
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\rsSyncSvc.exe
| MD5 | 3068531529196a5f3c9cb369b8a6a37f |
| SHA1 | 2c2b725964ca47f4d627cf323613538ca1da94d2 |
| SHA256 | 688533610facdd062f37ff95b0fd7d75235c76901c543c4f708cfaa1850d6fac |
| SHA512 | 7f2d29a46832a9a9634a7f58e2263c9ec74c42cba60ee12b5bb3654ea9cc5ec8ca28b930ba68f238891cb02cf44f3d7ad600bca04b5f6389387233601f7276ef |
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
| MD5 | 58b8915d4281db10762af30eaf315c9e |
| SHA1 | 1e8b10818226fa29bfa5cdd8c2595ba080b72a71 |
| SHA256 | c19df49f177f0fecf2d406ef7801a8d0e5641cb8a38b7b859cbf118cb5d0684e |
| SHA512 | 49247941a77f26ab599f948c66df21b6439e86d08652caa9b52ffbcefd80a8c685d75c8088361c98dde44936e44746c961f1828a5b9909fecd6ce9e7e6d2f794 |
C:\Users\Admin\AppData\Local\Temp\mwa8CC5.tmp
| MD5 | 662de59677aecac08c7f75f978c399da |
| SHA1 | 1f85d6be1fa846e4bc90f7a29540466cf3422d24 |
| SHA256 | 1f5a798dde9e1b02979767e35f120d0c669064b9460c267fb5f007c290e3dceb |
| SHA512 | e1186c3b3862d897d9b368da1b2964dba24a3a8c41de8bb5f86c503a0717df75a1c89651c5157252c94e2ab47ce1841183f5dde4c3a1e5f96cb471bf20b3fdd0 |
C:\Program Files\McAfee\Temp1031027621\installer.exe
| MD5 | b2b02a72e98408c9e0ebd5036bd7a092 |
| SHA1 | 6d95b41ee0b8d6445e8d52048b4013afaf78109c |
| SHA256 | b2c1ad8af3439bc7458130400bd213dd3db5aee8f49e295027c97b11dbe6bf58 |
| SHA512 | b74afa38d91f41b0ffd445999905d6a2f2a88bd796b0ced6c55db10de62c7ee468cc27e94f701bca59cfa6819b22869ce33193446cec0db69eccec1dfe85654f |
C:\Program Files\McAfee\Temp1031027621\analyticsmanager.cab
| MD5 | dc4e5a62f9c5b04c8d3d20db961371f5 |
| SHA1 | 12fb6ac6d3722a8bce60f77ca808e5959de95e02 |
| SHA256 | f43f800d8d85d7c5af3bbfa5b2ea13d183be8e8ad57f7a7fa4475bf603a693e9 |
| SHA512 | c684d5c877045855df3ceffa525dffbc53d55b3559d1dca19e10c586f2db7085cb395a6f933eccf8f2248e6338dcbad294b54014f1befb6b2534879413aa3531 |
C:\Program Files\McAfee\Temp1031027621\browserhost.cab
| MD5 | ef297ee03d8ea0240a1821bcaccc1bb1 |
| SHA1 | 01825ee74143242054e399d7dcd89c1e2edb692e |
| SHA256 | b0004747c1da4ee30f93065bddda1e471338f07024d06e912cdf281333f7a0f3 |
| SHA512 | ac13a462e29b015990e2511eec9d8a3b6e224666b815a746294039296832a2699ea0f666b1a41efbe84fe145f213df297624ca69fec5f41533c247c289d3cb8d |
memory/3272-924-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-923-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-922-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-921-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
C:\Program Files\McAfee\Temp1031027621\analyticstelemetry.cab
| MD5 | 1d8f7c95a72a600b371e819b678be0f0 |
| SHA1 | 7d544961dee72463f43afe8fdadd7a5bbb14a75f |
| SHA256 | 27f810a794170a97e430dc29a26169dec6bcea373ee000785ac089cac058770a |
| SHA512 | 95987dd1f3e2de393c9f5c201b89fe4a24d6581d7a036ad5124d5d9ccb9df76ada28dff504f87bb6abcb1b1d7a4832fb57e4204e6e5c9a882bfc823e7f3189a3 |
C:\Program Files\McAfee\Temp1031027621\browserplugin.cab
| MD5 | 3afc7a2ed10d7804ee588a669a154ab2 |
| SHA1 | b5cc1d0eb51e389fd5c49a0ff354ca576e402f7d |
| SHA256 | f7f7c0fabe6d53a3e09aeb38648302523cdae1efb427205661c5567257156313 |
| SHA512 | b3d4770cb4f9c7ca98f2d655dc7bfeac06e49cabf6934a043c92e9b8959994cae55006190e88f9684dd747e26a060de80c38b922a15a0f03d0325f2915f23c34 |
C:\Program Files\McAfee\Temp1031027621\downloadscan.cab
| MD5 | 830597a39c23a1d6234ef1eb5f9476e2 |
| SHA1 | ebb05cfb80da8a6d95b4123833f6b7f0c9230328 |
| SHA256 | dce5dc71a095b82388b5945ddbdfed67a25686df0e89a3ef64681eb6a85743da |
| SHA512 | 7aa363ffbb13cbf35db4da3ca5c56588cab5737b8eacea273ba0f94c7014c849f0f080b6fdfa7a72d4981af6f4fc3aec9c5b173e0a744c9b28cd597b8c7784ed |
C:\Program Files\McAfee\Temp1031027621\eventmanager.cab
| MD5 | 4d640a7698ce8a63be145717d1384bb7 |
| SHA1 | 2aba5a5d24b66cb49da317311b8a531f993a170f |
| SHA256 | de0b3de2af79a643e4b7712563a486786f470574792ab2e655aeeb20686ac116 |
| SHA512 | f268c6cf2c638ca16aafa26c2da8cf7822c0ff2415d56df31ea91a2d79380012ef388e7a67be508c4f5f5a2f6d54e3c4ca3ee26ee7c4aeb576c69fffc49be25b |
memory/3272-995-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-932-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
C:\Program Files\McAfee\Temp1031027621\l10n.cab
| MD5 | 5ccc4c0645e5c35756c7a2e8bd6368f1 |
| SHA1 | 8fb2662037c528993ea3ed80c6384f7b2cfafbff |
| SHA256 | 3e3df2de1e9122e6f0c556e1fd557829a6f05c1d95e56ebfe7f25865825157c7 |
| SHA512 | 63da51cf8beb96f7fa3d27bd62e6655870c8e193809848450ccdd36dd28765e240279af744a54c586431e28cc02312c00ba439a205fe8725059927a3a316157e |
C:\Program Files\McAfee\Temp1031027621\logicmodule.cab
| MD5 | 9501b1366feb857135e5d252618c1eee |
| SHA1 | 75c2463c0414bd7a446fae59818b5e09079f1bf0 |
| SHA256 | 2d0ae00abb55e00f80a39a155272839d315f2c874ce597c3b2c49f89e8a34321 |
| SHA512 | 05ddf40cc35a4d087033e9fa60c61e783e254d1d7f826078588a275502ea5f0ad68788213f73e8281262facaabbc80f613215d2a1f876e89948b8835cd0a19f9 |
C:\Program Files\McAfee\Temp1031027621\lookupmanager.cab
| MD5 | ccd008b192ef72a73b1cde8e8da62d9c |
| SHA1 | e907b1f670e0336fdc5085e30447b3accd932a3d |
| SHA256 | 7b6edb3ff653a4e35d46b7df1d38758bdf818de7c11b58960933aa60d0b9906c |
| SHA512 | 089c1ff9947ae2add2700580ca9481bf4dee7b258431bf8d25efb4fe8682ddca4f85956c3037919888c959a9a823889959dfce1f9a1b84938da5359dbbf39aba |
memory/3272-1027-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1026-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1023-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
C:\Program Files\McAfee\Temp1031027621\mfw-mwb.cab
| MD5 | 1753f1f1a623519d38631a1ff7237fb2 |
| SHA1 | b3f2e94372d3bdbde8c99593f68d93fd224999ff |
| SHA256 | 83f3e39419cc39af3b448b12ce9223b9f1ab344d5fce9c0bddb8553ef8058cd4 |
| SHA512 | 34a62b1c61ec80c07ef9df669d7de77bd671b801289f8bb2739f57f989281e96513489a90e9a5872ef949ffb559b2036e9ef4afb4d6066921075b0d71ec66bc4 |
memory/3272-1020-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1013-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
C:\Program Files\McAfee\Temp1031027621\logicscripts.cab
| MD5 | 3b9b80964bbfecac64f133b8969a7afc |
| SHA1 | 3bcd2415169b348bbc88b23285e71ac898c7c617 |
| SHA256 | 1883bb949ed1f2f180a418b06745168a7123b378339f6bfccaae7a1acbdbfbf6 |
| SHA512 | 8ca928177f69b5238639c5e11dbfdc02fd1d2bd46e3ff72c67f24965cb754c16ff72af730a2e31ccf95390fd41e03c354353bbde68711a7f76fc4b38681136fa |
memory/3272-1010-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1007-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-998-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1029-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1030-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1034-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1039-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1054-0x00007FF7977C0000-0x00007FF7977D0000-memory.dmp
memory/3272-1050-0x00007FF7878F0000-0x00007FF787900000-memory.dmp
memory/3272-1258-0x00007FF741860000-0x00007FF741870000-memory.dmp
memory/3272-1255-0x00007FF741860000-0x00007FF741870000-memory.dmp
memory/3272-1253-0x00007FF741860000-0x00007FF741870000-memory.dmp
memory/3272-1251-0x00007FF741860000-0x00007FF741870000-memory.dmp
memory/3272-1243-0x00007FF741860000-0x00007FF741870000-memory.dmp
memory/3272-1241-0x00007FF741860000-0x00007FF741870000-memory.dmp
memory/3272-1237-0x00007FF741860000-0x00007FF741870000-memory.dmp
memory/3272-1235-0x00007FF741860000-0x00007FF741870000-memory.dmp
memory/3272-1233-0x00007FF741860000-0x00007FF741870000-memory.dmp
memory/3272-1230-0x00007FF741860000-0x00007FF741870000-memory.dmp
memory/3272-1214-0x00007FF741860000-0x00007FF741870000-memory.dmp
memory/3272-1206-0x00007FF76BD30000-0x00007FF76BD40000-memory.dmp
memory/3272-1205-0x00007FF76BD30000-0x00007FF76BD40000-memory.dmp
memory/3272-1181-0x00007FF77DBE0000-0x00007FF77DBF0000-memory.dmp
memory/3272-1163-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1140-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1135-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1133-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1129-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1127-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1125-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1123-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1120-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1118-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1100-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1095-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1093-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1073-0x00007FF77B740000-0x00007FF77B750000-memory.dmp
memory/3272-1064-0x00007FF76BD30000-0x00007FF76BD40000-memory.dmp
memory/3272-1063-0x00007FF77E580000-0x00007FF77E590000-memory.dmp
memory/3272-1062-0x00007FF77E580000-0x00007FF77E590000-memory.dmp
memory/3272-1061-0x00007FF77E580000-0x00007FF77E590000-memory.dmp
memory/3272-1047-0x00007FF788B40000-0x00007FF788B50000-memory.dmp
memory/3272-1045-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1043-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1042-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1041-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1040-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1044-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1038-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1037-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1036-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1035-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
memory/3272-1033-0x00007FF7AFF70000-0x00007FF7AFF80000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 58bcb1a467b7b521893f835e79258ac0 |
| SHA1 | 0330b9afa23b07efb6a24423ae5908b4f340376f |
| SHA256 | c61816c6763a8aef49e679af17b56ef2ca6e476d49ba6a7e701bf6487ea7c08c |
| SHA512 | d8f8e636cd7edbe2e274a3d1ef62bc997e0f815c0dbf70838e9ccd14f4f143e07282503eb798d1ca9c5037403a73c38c789c9da3b4686f895fe9d7475693a575 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 2cc8175c3f18e1a06bc80f350684f1be |
| SHA1 | 3f2506ca224ee722374dd17044467285ae55766d |
| SHA256 | c32f1d2a1704898e2d4fc7db44cfcb8423c718b0372d9aadcd53d0c0f1c73d1d |
| SHA512 | e77f1abaff73a08bfa060b6425bb1b42b2c02bde6f30fe04d53bdf37f068ee7a4352b9fbd19e229b45a9990bf44d4d2e222156d9ad79aac22f53d50d02689a6a |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 20ac2cf670bec7c2e0882a874f39d4e7 |
| SHA1 | 471410c9093941a5138e50393b696fe00868c9b7 |
| SHA256 | 3451202b8bc39d32c52270fcf921d465e926a369c3527b0f5643fe2b00e0470a |
| SHA512 | 2c93110110d0ec9eb9b21c9afcd51419985161183f5734088f584e5522eb4cb7ae2c81f0a5c4539042229f5a350b599fc690580cb102e7784887fa4450837a60 |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | a7b0dabf4a52b6827c35de1e05111ba6 |
| SHA1 | 21065f550492165d5290446e433e0f9cdefaeecd |
| SHA256 | b92f20569bcb06eb12a87d278592af03f564281ad9803eb8ee748eed0c4afbf2 |
| SHA512 | 5c4996df6335d5cf045f09d04ccf2382306ab4ab962dc2ab1889248df00f1470a336724bf137986df7be60e6b5b2417d75e4270b18f3f87fb533a8c1c530ed3d |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 3eb4159a221f4bc12be2e3f696b78e7a |
| SHA1 | 2b3217531ab719dae94d39cbbd57bc5e85e4e271 |
| SHA256 | 0bb5df05aa70eb007829b1e7b95a82292c3386debbbd2aa25bc05b3ebe4330c8 |
| SHA512 | d8b37f8d7fcfde1a46f850997366ae90bd1c674243b69ff467482c6fe395156d7c19e8b6a66f386f1a9574efce72b72f4488149e9293acf5e94dc48060a70997 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | d8461bd643a533c45a4780ff0aea6d28 |
| SHA1 | ee825466c9d9eac05227f1f5821a0dceb48a70c0 |
| SHA256 | c88930e3d0a8338dbf98c66a22cebabe87d90f32499569827153847b25ad854f |
| SHA512 | 2f7ef5da33c6a74565eff870d555c722f61dc62d29d967f0eba5d89c4341027fe78d5fccb035bd9a94d5f6ae3f5cdc55ed888fe8ac1c286887904050b2772875 |
C:\Windows\Logs\DISM\dism.log
| MD5 | 6c8b379f8394f35d819b8775997e6c9f |
| SHA1 | 3adfecaf322da706725fd9a27d03427ecf2f5e62 |
| SHA256 | d62a0c4d6c0acda7a5daf406938c7143040bf650cebb4760f85794c34f83125e |
| SHA512 | b3851f16a959f6c1695e0dba566f26613fe34135c4c3d0e6489d34066b9bbdc22ae9663e78fe4acdf651ff7d92277f0f8521625e3bd77548937c5527c01682e1 |
memory/6244-3284-0x0000000002360000-0x0000000002396000-memory.dmp
memory/6244-3285-0x0000000004E50000-0x0000000005478000-memory.dmp
memory/6244-3286-0x0000000004DF0000-0x0000000004E12000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_eg4qnd44.nwa.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/6244-3297-0x00000000056D0000-0x0000000005A24000-memory.dmp
memory/6244-3287-0x00000000055F0000-0x0000000005656000-memory.dmp
memory/6244-3298-0x0000000005C90000-0x0000000005CAE000-memory.dmp
memory/6244-3299-0x0000000005CD0000-0x0000000005D1C000-memory.dmp
memory/6244-3307-0x000000006EA50000-0x000000006EA9C000-memory.dmp
memory/6244-3306-0x00000000062A0000-0x00000000062D2000-memory.dmp
memory/6244-3318-0x0000000006CA0000-0x0000000006D43000-memory.dmp
memory/6244-3317-0x0000000006260000-0x000000000627E000-memory.dmp
memory/6244-3340-0x0000000006FC0000-0x0000000006FDA000-memory.dmp
memory/6244-3339-0x0000000007600000-0x0000000007C7A000-memory.dmp
memory/6244-3343-0x0000000007030000-0x000000000703A000-memory.dmp
memory/6244-3346-0x0000000007240000-0x00000000072D6000-memory.dmp
memory/6244-3347-0x00000000071C0000-0x00000000071D1000-memory.dmp
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
| MD5 | 0678a30cb21fd2f510d570ded7ff1641 |
| SHA1 | a25625e520e5a39ce0e536096f75edbcdd49ddab |
| SHA256 | 345442b06ec29a461ad61bb35e13d7c8d87ee136b9ad172f12b17b2a9da7c69b |
| SHA512 | 7de35b4861a1ce05b34244773644b9f8039a0e2795432007762c0149978d1917d4007e79df793faaece4106cf6de7f991d753749529ec1753a92d122c63f6696 |
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
| MD5 | 555033ada2832dbb1fe7c44beaf9851e |
| SHA1 | 5d58f893215b1a776a02ec19cc5fe3c35f59ef42 |
| SHA256 | 24b19c67ff6b6492e76cb525b88489f93c5fe4e6910d146b0bc9d0a7dc890e2c |
| SHA512 | 7b50527d69e411aea832711f51d29da84a05a51d6ab4b5f4e754be565bb9bd41ef08051ea366e8d6061abc26abb1377775b29ce63876bf788b6b19b9a2eb3063 |
C:\Program Files\ReasonLabs\EPP\mc.dll
| MD5 | 84595dac668b842a044a3045e2245627 |
| SHA1 | f9eb2f8c19b28743e095ac3cd510d8b85e909c20 |
| SHA256 | 747ccb6d77d99aeb867b08b92e9804ae222f1809d767359f8535adf8f5e03e5b |
| SHA512 | 8564bd487e002f300c636936fc26d8019135a43ae71797424c9ec161c466346a24dd420339c628dc7566b67cc0c64d93f055061700aaf1c62a1db56bc0e7ea27 |
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
| MD5 | 4886ebd59ff6473e5953f1c0500fbb3e |
| SHA1 | 1be2d630be3d2662665bd79c92fbbc5d75327335 |
| SHA256 | 55afb6b03acf5666b639952ea09318f2431dda0e2e7486d50c2be49be848c02d |
| SHA512 | b0c4faf8b10162a175da075cca7e5ca179de62704b27464f1855a73dbf6a545050f828c1ca47148b6e31574d52fcdaaf86374771ef35619406552a81b9ffbd67 |
memory/6988-3677-0x0000027AB5340000-0x0000027AB5396000-memory.dmp
memory/6244-5300-0x0000000004A30000-0x0000000004A4A000-memory.dmp
memory/6244-5299-0x0000000004A00000-0x0000000004A0E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\0803ab15\2e1e3afd_82b0da01\rsJSON.DLL
| MD5 | a10d8940e7153cf5bdec83f51481b48a |
| SHA1 | 98915a7da3e830eb9a081393a6477d3d5c6722f3 |
| SHA256 | 6d6c8530e2d203a7dd838ddffe1ab1a21919a78608e26c80f9cf781c16c1cb83 |
| SHA512 | 954ae7972b625307e0b123ac35a722d82453c012938f1667fb867639a23a89a3e8e9daca1a7ab0fe906886bf11d2b2c0535eaa663f0b2850412d19202ffcc15f |
memory/6988-5291-0x0000027AB53E0000-0x0000027AB541A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\012c82bb\7e803cfd_82b0da01\rsLogger.DLL
| MD5 | 572db1ac3da7e1de6d7df097ca616967 |
| SHA1 | aab90fe5b4f4f299035dbbab8ab5195c434264b2 |
| SHA256 | e2321f6c4f330c2856f047f713143d1e777a6bae47858d92f2861f9f64cda521 |
| SHA512 | 07ce10821cc26345450b63af39b6288b58d113604fe837c3c4eaa4f062c6756b0f4f0dbae02e621b57fdf60b7412f42cc20cbfc55e1a40c6943eff543acc9037 |
memory/6988-5304-0x0000027AB53B0000-0x0000027AB53E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\b9a06bfe\05bb37fd_82b0da01\rsAtom.DLL
| MD5 | c0e115eb5bc2449ca73cd370bcb66ac9 |
| SHA1 | 7a6ae7f6c00aeeb9a3aef8d8971c2cf20e08a6b6 |
| SHA256 | 31913b02f7ca4eac19e335f2db7915998db7138c8cda17fd0a162a43ca62818b |
| SHA512 | 1ce8c5ce6ddcbde306de1c1e138359a9abc0b1a56dc61146a66ce49285c5e624ae0a24ac9d6d0f7cbec3c8e67b1eaefc1c36eca21a56ef571f818762e9762ea7 |
memory/6988-5316-0x0000027AB5460000-0x0000027AB548A000-memory.dmp
memory/6988-5329-0x0000027AB5580000-0x0000027AB55AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsf74CB.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\dcd893d5\7e803cfd_82b0da01\rsServiceController.DLL
| MD5 | 3d83a836aec36f388628c88589f78d4b |
| SHA1 | 9d567d79a58f14e51ff1919379a8d9e218ffcb5a |
| SHA256 | bf1e77211fe2a32efc6ef1833ffd23f3e720e6ecd363fa5f7199a4c863d41b70 |
| SHA512 | 01892e60e44697af7f2988dc6cb0ee8b6b1f0b95374cf55a331dd92a6e856b4cb41f173c00c2519fdc20190dbc5b54342f65a2db0da45ae9e44c4b5075fbd610 |
C:\Program Files\ReasonLabs\EPP\rsEngine.config
| MD5 | 9ac767636384aefbe78cf0287a6a4873 |
| SHA1 | aa707666cc97b654c3001c57b39d45950e253fd9 |
| SHA256 | b34c5a5f66a49de1ab02487e15ab6d0a667244f2aea3f95afdc7a5ed1c1d735c |
| SHA512 | ed9114ec6dab10067a6e9d326658bfe567d7d07bb95c514f428813d3a9512225edf5ed9de773114c231535c3761a84ecf15e97d082b97e690eabf4134f8f689b |
memory/5956-5348-0x00000000054D0000-0x0000000005824000-memory.dmp
memory/5956-5359-0x000000006EA50000-0x000000006EA9C000-memory.dmp
C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys
| MD5 | 8129c96d6ebdaebbe771ee034555bf8f |
| SHA1 | 9b41fb541a273086d3eef0ba4149f88022efbaff |
| SHA256 | 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51 |
| SHA512 | ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18 |
memory/9380-5377-0x000001CDB6870000-0x000001CDB689E000-memory.dmp
memory/9380-5378-0x000001CDB6870000-0x000001CDB689E000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | b2ec2559e28da042f6baa8d4c4822ad5 |
| SHA1 | 3bda8d045c2f8a6daeb7b59bf52295d5107bf819 |
| SHA256 | 115a74ccd1f7c937afe3de7fa926fe71868f435f8ab1e213e1306e8d8239eca3 |
| SHA512 | 11f613205928b546cf06b5aa0702244dace554b6aca42c2a81dd026df38b360895f2895370a7f37d38f219fc0e79acf880762a3cfcb0321d1daa189dfecfbf01 |
memory/9380-5391-0x000001CDD0C30000-0x000001CDD0C42000-memory.dmp
memory/9380-5392-0x000001CDD0C90000-0x000001CDD0CCC000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 43fbbd79c6a85b1dfb782c199ff1f0e7 |
| SHA1 | cad46a3de56cd064e32b79c07ced5abec6bc1543 |
| SHA256 | 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0 |
| SHA512 | 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea |
memory/10204-5413-0x0000025D4AF10000-0x0000025D4B276000-memory.dmp
memory/10204-5415-0x0000025D324A0000-0x0000025D324BA000-memory.dmp
memory/10204-5416-0x0000025D4ABD0000-0x0000025D4ABF2000-memory.dmp
memory/10204-5414-0x0000025D4AD90000-0x0000025D4AF0C000-memory.dmp
memory/9728-5417-0x0000000005600000-0x0000000005954000-memory.dmp
memory/10776-5428-0x0000029114CA0000-0x0000029114CFC000-memory.dmp
memory/10776-5429-0x00000291169C0000-0x00000291169E8000-memory.dmp
memory/10776-5430-0x0000029116B80000-0x0000029116BDA000-memory.dmp
memory/10776-5431-0x0000029114CA0000-0x0000029114CFC000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
| MD5 | 2afb72ff4eb694325bc55e2b0b2d5592 |
| SHA1 | ba1d4f70eaa44ce0e1856b9b43487279286f76c9 |
| SHA256 | 41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e |
| SHA512 | 5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e |
memory/10776-5441-0x0000029116B20000-0x0000029116B52000-memory.dmp
memory/10776-5442-0x000002912FA90000-0x00000291300A8000-memory.dmp
memory/9728-5446-0x000000006EA50000-0x000000006EA9C000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
| MD5 | 705ace5df076489bde34bd8f44c09901 |
| SHA1 | b867f35786f09405c324b6bf692e479ffecdfa9c |
| SHA256 | f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950 |
| SHA512 | 1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7 |
memory/10776-5481-0x0000029130310000-0x000002913056E000-memory.dmp
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | f96c25bb4feee47fe4111660fa0706b3 |
| SHA1 | 284126ce4f80b6bfd6037f6137dee90c941e4eec |
| SHA256 | 9b5d44c60b18b36bcc1cc0e28585ae168d92239beda197d739c3e64edb229867 |
| SHA512 | b4297728f031863ccfb50de52d18f443d6ae893322e2f6b315497e187329275fbf41828867e614b35e9ff60ac6e3e1ae77d876fa8e131336c2d6a1fb6ff7db36 |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | a723044f1c511790dd0ee3a3fa68c4cf |
| SHA1 | 670e6f907c2557c9685ad26c26d6d8fee5139942 |
| SHA256 | 861be3e240b075752d52c7b50c41bf22eab9314db4f11a20362c648198a0f2e4 |
| SHA512 | 0fa7da71864d1abdff83d3aa01597f5902c01899513b0333bcc5d756a15be02b8c5293b55c1d88e556010f53412a7dbd27b57b63b1074565f1f6de8e2952377c |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf
| MD5 | 93b877811441a5ae311762a7cb6fb1e1 |
| SHA1 | 339e033fd4fbb131c2d9b964354c68cd2cf18bd1 |
| SHA256 | b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b |
| SHA512 | 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc
| MD5 | 70058f2d60daef1ccc7bbcba210f0ace |
| SHA1 | ef214ade419a724272ac82e9de5233d7c0afa64b |
| SHA256 | 43b26f40e04ae6854569a01803541245abffcd130f1345191afd8bf6b0ca7873 |
| SHA512 | a0b3ca59ffad882fbff69012023eaa8aadb77d3ff1252562e5480e7dc3c9336afb3c5f58fb435246ec48c758d3c9d17ae9ea8a28f9d4766fad1a4c672cbf9b9a |
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
memory/10164-5560-0x0000022B3B8B0000-0x0000022B3B8D4000-memory.dmp
memory/10164-5561-0x0000022B3B8E0000-0x0000022B3B910000-memory.dmp
memory/10164-5571-0x0000022B540D0000-0x0000022B5412C000-memory.dmp
memory/10164-5581-0x0000022B54A00000-0x0000022B54CA8000-memory.dmp
memory/1552-5684-0x0000024F7FA30000-0x0000024F7FA58000-memory.dmp
memory/10164-5685-0x0000022B54130000-0x0000022B54168000-memory.dmp
memory/1552-5686-0x0000024F1A3F0000-0x0000024F1A584000-memory.dmp
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
| MD5 | 1068bade1997666697dc1bd5b3481755 |
| SHA1 | 4e530b9b09d01240d6800714640f45f8ec87a343 |
| SHA256 | 3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51 |
| SHA512 | 35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329 |
memory/1552-5687-0x0000024F7FA30000-0x0000024F7FA58000-memory.dmp
memory/10164-5700-0x0000022B3B970000-0x0000022B3B99A000-memory.dmp
memory/10164-5701-0x0000022B54750000-0x0000022B547D6000-memory.dmp
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState
| MD5 | 362ce475f5d1e84641bad999c16727a0 |
| SHA1 | 6b613c73acb58d259c6379bd820cca6f785cc812 |
| SHA256 | 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899 |
| SHA512 | 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b |
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
| MD5 | 6895e7ce1a11e92604b53b2f6503564e |
| SHA1 | 6a69c00679d2afdaf56fe50d50d6036ccb1e570f |
| SHA256 | 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177 |
| SHA512 | 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2 |
C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog
| MD5 | 789f18acca221d7c91dcb6b0fb1f145f |
| SHA1 | 204cc55cd64b6b630746f0d71218ecd8d6ff84ce |
| SHA256 | a5ff0b9a9832b3f5957c9290f83552174b201aeb636964e061273f3a2d502b63 |
| SHA512 | eae74f326f7d71a228cae02e4455557ad5ca81e1e28a186bbc4797075d5c79bcb91b5e605ad1d82f3d27e16d0cf172835112ffced2dc84d15281c0185fa4fa62 |
memory/10164-5714-0x0000022B54170000-0x0000022B541A2000-memory.dmp
memory/10164-5716-0x0000022B540A0000-0x0000022B540C8000-memory.dmp
memory/10164-5717-0x0000022B54340000-0x0000022B54366000-memory.dmp
memory/10164-5718-0x0000022B547E0000-0x0000022B54814000-memory.dmp
memory/10304-5719-0x000001E9416A0000-0x000001E941990000-memory.dmp
memory/10304-5720-0x000001E9287A0000-0x000001E9287CE000-memory.dmp
memory/10164-5731-0x0000022B543B0000-0x0000022B543DE000-memory.dmp
memory/10304-5750-0x000001E941120000-0x000001E941158000-memory.dmp
memory/10164-5751-0x0000022B54880000-0x0000022B548DE000-memory.dmp
memory/10164-5752-0x0000022B54F10000-0x0000022B55279000-memory.dmp
memory/10164-5753-0x0000022B54820000-0x0000022B5486F000-memory.dmp
memory/10164-5756-0x0000022B55710000-0x0000022B55996000-memory.dmp
memory/10164-5810-0x0000022B54990000-0x0000022B549F6000-memory.dmp
memory/10164-5853-0x0000022B3B820000-0x0000022B3B846000-memory.dmp
memory/10164-5852-0x0000022B55280000-0x0000022B552BA000-memory.dmp
memory/10164-5854-0x0000022B55370000-0x0000022B553D6000-memory.dmp
memory/10164-5855-0x0000022B56B60000-0x0000022B57104000-memory.dmp
memory/10304-5856-0x000001E9414F0000-0x000001E94154E000-memory.dmp
memory/10304-5874-0x000001E941610000-0x000001E941626000-memory.dmp
memory/10304-5875-0x000001E941600000-0x000001E94160A000-memory.dmp
memory/10304-5876-0x000001E942A50000-0x000001E942A58000-memory.dmp
memory/10304-5877-0x000001E942A60000-0x000001E942A6A000-memory.dmp
memory/10304-5878-0x000001E942B10000-0x000001E942B60000-memory.dmp
memory/10304-5879-0x000001E942D10000-0x000001E942D32000-memory.dmp
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | 6de0ef4a83aadebe5d7e07a64fc9d220 |
| SHA1 | f2162f30992ced0b882bfced0477ebf62b7ce186 |
| SHA256 | b7c4de833b0e2689724414802fbdda35d7cc1c4529eb95282fd0ffd175119008 |
| SHA512 | eebe007e0ece66c08138720bb46864470826a6b49a8edb1fd1593c4efade4bbf32c764d205383ef4745a738a1242f92e4c396abeb56e6ff9e785977ce8f646da |
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
memory/10304-5939-0x000001E944AA0000-0x000001E944AA8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 3c78f42e52d6de58e73ae21e2cf1ce56 |
| SHA1 | 95d45f11832ea39057972909c42175448ef5c1d0 |
| SHA256 | 04ba5103e3c56c29fe2b756510c0404446d3ff404924b177017b2d9ce264f455 |
| SHA512 | 6e47c3af7dee53c7c1a4f06582a41cde9782a25ab6928138f16babad7570483c8c47ae3e2ccd51bd0e9e42264eb4e42a5983e3dee3f92a2908b73bad8ea3a369 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | e6a0b2f66c2ffbde5d72eeca24a87d94 |
| SHA1 | a72f6324c754515b1a0d26126a6920a685845912 |
| SHA256 | 1c8cfccbfd6de610283743e5885a37d8346d0163336c3e2960abf93b9aa1b032 |
| SHA512 | 0e290c74bbae2b630695b1c23265e88c2c0933666bbeb948c78d85bbb56e1aabe4944e123c6d3277d1aaaeec4499e38e94e07a09043d741231f5330e6de930eb |
memory/10164-6346-0x0000022B566F0000-0x0000022B56732000-memory.dmp
memory/10164-6347-0x0000022B57110000-0x0000022B57390000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5cc4f9cdf33c9498458b24e09a39acae |
| SHA1 | 5c8f5e0cc22ee9042f30038fa427ef45d74839cf |
| SHA256 | 23138d8d3b951d42e369977aef99f8de2caf9398e24ef3a466af75efb43632dc |
| SHA512 | 2aa097ae8d61230b0805b8b0dcd3d16adb4d9225dc1a274bbfa7f4ce808b58e05a91313e03ce3fc8a58c2a578728c6280621ce88ec18f60ef11daa8d8f0178ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6094ede7fb5ed68afdf161b6024fc3a2 |
| SHA1 | 40b5e0b0013e5d166fb27f537894bd3fc2a91036 |
| SHA256 | bb9393b92f353d53f749d4f390b2b2814a420983e4ad0388d084fa54aca7b574 |
| SHA512 | 6692cc580ffbb0b1235df1e187e72b4a45ebb0ea2e19adb81816f5f51b6a73149080586fcb2d5f7d7c2281652dd934eedf25457cba3b0fdf871d3b234038bd7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 64e912c75d626dddc53dbe60602db05c |
| SHA1 | 00eafb5128cdc443ee2c0f23e5c44e9e00055df1 |
| SHA256 | 04e81e397164af6b2c845f08d81f5626b4017aea57e5be3f58b92a0cf49dd515 |
| SHA512 | 1697bc1ee652bcb293a9add1882e3555cb7282d881e9074ce032d85c023b436634aca03bd42c51c9b79ce7bf67fe3df7550bc9925851d6dcfc431b59732bab43 |