Analysis Overview
Threat Level: Likely malicious
The file http://google.com was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Drops file in Drivers directory
Downloads MZ/PE file
Manipulates Digital Signatures
Creates new service(s)
Modifies file permissions
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
Reads user/profile data of web browsers
Checks installed software on the system
Adds Run key to start application
Drops file in System32 directory
Launches sc.exe
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Kills process with taskkill
Uses Task Scheduler COM API
Enumerates system info in registry
Checks processor information in registry
Suspicious use of SetWindowsHookEx
NTFS ADS
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Modifies system certificate store
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: LoadsDriver
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-28 15:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-28 15:08
Reported
2024-05-28 15:21
Platform
win11-20240426-en
Max time kernel
810s
Max time network
810s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\rsCamFilter020502.sys | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsKernelEngine.sys | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.2\FuncName = "WVTAsn1IntentToSealAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2221\FuncName = "WVTAsn1CatNameValueDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\FuncName = "WVTAsn1SpcSigInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2223\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\FuncName = "WVTAsn1SealingSignatureAttributeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.3\DefaultId = "{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130\FuncName = "WVTAsn1SpcSigInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\DownloadScan.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\rundll32.exe | N/A |
Checks installed software on the system
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ru-RU.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-hr-HR.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vk_swiftshader_icd.json | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-es-ES.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\manifest.json | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-cs-CZ.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1120296313\jslang\wa-res-install-cs-CZ.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-it-IT.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-CA.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsEngine.config | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-processenvironment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1120296313\jslang\eula-de-DE.txt | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hu-HU.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-ES.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-es-MX.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fi.pak | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-libraryloader-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\telemetry.luc | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-FR.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nb-NO.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\dimensionconfig.luc | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.IO.Pipes.dll | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-controller-checklist.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-options.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pl-PL.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-es-MX.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-hr-HR.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\securesearchtoast.luc | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nl-NL.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sr-Latn-CS.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-zh-TW.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vulkan-1.dll | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Linq.Parallel.dll | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-logo.png | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp100.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetLwfUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\es.pak | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1120296313\jslang\wa-res-shared-cs-CZ.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-lg.png | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\mwb\wa-mwb-checklist.html | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1120296313\downloadscan.cab | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\dictionary.json | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1120296313\eventmanager.cab | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\logic\ss_logic.luc | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\contexthandler.luc | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmittimeout_azure.luc | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\jquery-1.9.0.min.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fr.pak | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpsdayssinceexpiry.luc | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File opened for modification | C:\Program Files\McAfee\Webadvisor\Analytics\sha256.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup-PreW10.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nb-NO.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Primitives.dll | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-h.css | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-ui-dialog.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.js | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.DriveInfo.dll | C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSampleDriver.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.html | C:\Program Files\McAfee\Temp1120296313\installer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\3704ED4E-B36B-4228-835F-32AB6B82C978\dismhost.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CD54-400C-B858-797BCB82570E}\NumMethods\ = "25" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}\ = "IKeyboard" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2E88-4436-83D7-50F3E64D0503}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\NumMethods\ = "32" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session.1\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057d-4391-b928-f14b06b710c5} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CC7B-431B-98B2-951FDA8EAB89}\NumMethods\ = "31" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6989-4002-80CF-3607F377D40C}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6e15-4f71-a6a5-94e707fafbcc} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-800a-40f8-87a6-170d02249a55} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FF5A-4795-B57A-ECD5FFFA18A4} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\ = "IGuestMonitorChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E72-4F34-B8F6-682785620C57}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2354-4267-883F-2F417D216519}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\CLSID\ = "{20191216-c9d2-4f11-a384-53f0cf917214}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3188-4C8C-8756-1395E8CB691C}\NumMethods\ = "13" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4430-499F-92C8-8BED814A567A}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\ = "IFile" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\NumMethods\ = "18" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.ldbk\Shell\Open\Command | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6}\ = "IAppliance" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1BCF-4218-9807-04E036CC70F1}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\DownloadScan.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5}\ = "IAdditionsFacility" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F04-4191-AA2F-1FAC9646AE4C} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AE84-4B8E-B0F3-5C20C35CAAC9}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Interface | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\NumMethods\ = "26" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC7B-431B-98B2-951FDA8EAB89}\NumMethods\ = "31" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\ = "IProgress" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BF98-47FB-AB2F-B5177533F493}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2}\NumMethods\ = "14" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-057D-4391-B928-F14B06B710C5}\ = "IGuestFileEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C60-11EA-A0EA-07EB0D1C4EAD} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}\ = "IGuestSession" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-762E-4120-871C-A2014234A607}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B}\NumMethods\ = "15" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7BA7-45A8-B26D-C91AE3754E37} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC6-4883-801D-77F56CFD0103}\ = "INetworkAdapterChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-762E-4120-871C-A2014234A607}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\NumMethods\ = "22" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session.1\CLSID\ = "{20191216-c9d2-4f11-a384-53f0cf917214}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\ = "IExtraDataChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-808E-11E9-B773-133D9330F849} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 832697.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\LDPlayer9_ens_daniillnull.nulls.brawlstars.b_3040_ld.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\fltmc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_daniillnull.nulls.brawlstars.b_3040_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9b9493cb8,0x7ff9b9493cc8,0x7ff9b9493cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8944 /prefetch:8
C:\Users\Admin\Downloads\LDPlayer9_ens_daniillnull.nulls.brawlstars.b_3040_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_daniillnull.nulls.brawlstars.b_3040_ld.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=91e515b9e3255f51801acae6eab2816b2de87b34&dit=20240528150932136&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=3040 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\Users\Admin\AppData\Local\Temp\r5j2yr0a.exe
"C:\Users\Admin\AppData\Local\Temp\r5j2yr0a.exe" /silent
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe
"C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\r5j2yr0a.exe" /silent
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4984 /prefetch:2
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=131672
C:\Program Files\McAfee\Temp1120296313\installer.exe
"C:\Program Files\McAfee\Temp1120296313\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\3704ED4E-B36B-4228-835F-32AB6B82C978\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\3704ED4E-B36B-4228-835F-32AB6B82C978\dismhost.exe {02202BBD-130A-402D-A11A-478BC28FF7ED}
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=daniillnull.nulls.brawlstars.b|package=daniillnull.nulls.brawlstars.b
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004DC
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9b9493cb8,0x7ff9b9493cc8,0x7ff9b9493cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9416 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10492 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4629716557850881404,16828935439867843483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| FR | 142.250.179.110:80 | google.com | tcp |
| FR | 142.250.179.110:80 | google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| FR | 142.250.179.78:443 | ogs.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.72:443 | th.bing.com | tcp |
| NL | 23.62.61.72:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 20.190.160.20:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 163.181.154.237:443 | ldcdn.ldmnq.com | tcp |
| US | 163.181.154.237:443 | ldcdn.ldmnq.com | tcp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| US | 172.67.29.120:443 | nulls.gg | tcp |
| GB | 3.162.20.3:443 | cdn.ldplayer.net | tcp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| FR | 142.250.179.78:443 | ogs.google.com | tcp |
| FR | 142.250.179.78:443 | ogs.google.com | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| US | 163.181.154.231:443 | ldcdn.ldmnq.com | tcp |
| US | 163.181.154.231:443 | ldcdn.ldmnq.com | tcp |
| US | 163.181.154.231:443 | ldcdn.ldmnq.com | tcp |
| US | 163.181.154.231:443 | ldcdn.ldmnq.com | tcp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | udp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| GB | 3.162.20.72:443 | apien.ldplayer.net | tcp |
| FR | 142.250.179.118:443 | play-lh.googleusercontent.com | tcp |
| FR | 142.250.179.118:443 | play-lh.googleusercontent.com | tcp |
| FR | 142.250.179.118:443 | play-lh.googleusercontent.com | tcp |
| FR | 142.250.179.118:443 | play-lh.googleusercontent.com | tcp |
| SG | 8.222.160.10:443 | api.ldshop.gg | tcp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| FR | 172.217.20.194:443 | www.googletagservices.com | tcp |
| SG | 8.222.160.10:443 | api.ldshop.gg | tcp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| GB | 18.172.89.125:443 | tagan.adlightning.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 3.162.21.19:443 | c.amazon-adsystem.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| GB | 18.165.160.129:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 3.162.16.219:443 | aax.amazon-adsystem.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| GB | 18.172.89.74:443 | tags.crwdcntrl.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| IE | 63.33.74.9:443 | bcp.crwdcntrl.net | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| NL | 89.207.16.146:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 8.8.8.8:53 | 19.21.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.16.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.74.33.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.16.207.89.in-addr.arpa | udp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| NL | 145.40.97.67:443 | sync.a-mo.net | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| DK | 37.157.6.233:443 | adx.adform.net | tcp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| FR | 216.58.214.161:443 | bac77cc387c01f3018cbcadc2fa09b7e.safeframe.googlesyndication.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | udp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| NL | 89.149.192.75:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 52.116.53.150:443 | 8proof.com | tcp |
| FR | 172.217.18.219:443 | storage.googleapis.com | tcp |
| FR | 172.217.18.219:443 | storage.googleapis.com | tcp |
| DK | 37.157.4.29:443 | cm.adform.net | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 104.22.50.98:443 | spl.zeotap.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| NL | 185.89.210.90:443 | ib.adnxs.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| DE | 3.69.205.38:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | 233.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.53.116.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| FR | 142.250.179.118:443 | play-lh.googleusercontent.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 216.58.214.162:443 | cm.g.doubleclick.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| FR | 172.217.18.219:443 | storage.googleapis.com | udp |
| FR | 216.58.214.162:443 | cm.g.doubleclick.net | udp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| NL | 35.214.161.100:443 | csync.loopme.me | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 193.3.178.3:443 | ads.us.e-planning.net | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| DE | 3.125.128.81:443 | match.sharethrough.com | tcp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| US | 104.21.48.215:443 | adxbid.info | tcp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | tcp |
| US | 50.31.142.31:443 | b1sync.zemanta.com | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| GB | 18.172.89.86:443 | s.ad.smaato.net | tcp |
| DE | 57.129.18.111:443 | wt.rqtrk.eu | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 185.235.87.103:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.206:443 | ag.gbc.criteo.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| GB | 89.187.167.5:443 | vid.vidoomy.com | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| GB | 195.181.164.15:443 | vpaid.vidoomy.com | tcp |
| IE | 52.211.179.172:443 | ap.lijit.com | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| GB | 3.162.19.47:443 | d3n1ms4uhtqgov.cloudfront.net | tcp |
| GB | 18.172.99.65:443 | d1arl2thrafelv.cloudfront.net | tcp |
| GB | 18.172.99.65:443 | d1arl2thrafelv.cloudfront.net | tcp |
| GB | 3.162.20.75:443 | encdn.ldmnq.com | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| GB | 18.172.99.149:443 | d1arl2thrafelv.cloudfront.net | tcp |
| GB | 18.165.160.67:443 | shield.reasonsecurity.com | tcp |
| US | 52.26.75.78:443 | analytics.apis.mcafee.com | tcp |
| GB | 18.165.160.67:443 | shield.reasonsecurity.com | tcp |
| US | 2.17.251.50:443 | sadownload.mcafee.com | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| GB | 3.162.20.31:443 | update.reasonsecurity.com | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| US | 2.17.251.50:443 | sadownload.mcafee.com | tcp |
| GB | 3.162.20.21:443 | electron-shell.reasonsecurity.com | tcp |
| US | 54.186.16.32:443 | analytics.apis.mcafee.com | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| BE | 104.68.84.174:443 | home.mcafee.com | tcp |
| US | 54.186.16.32:443 | analytics.apis.mcafee.com | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| GB | 3.162.20.122:443 | cdn.reasonsecurity.com | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| US | 44.206.168.227:443 | track.analytics-data.io | tcp |
| US | 2.17.251.22:443 | sadownload.mcafee.com | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| GB | 18.172.89.75:443 | ad.ldplayer.net | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 18.165.156.46:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.237:443 | en.ldplayer.net | tcp |
| US | 8.8.8.8:53 | advertise.ldplayer.net | udp |
| US | 163.181.154.248:443 | advertise.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 75.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.156.165.18.in-addr.arpa | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.248:443 | advertise.ldplayer.net | tcp |
| GB | 18.172.89.75:443 | ad.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| GB | 3.162.20.11:443 | encdn.ldmnq.com | tcp |
| US | 163.181.154.234:443 | www.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| FR | 142.250.179.78:443 | ogs.google.com | udp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 3.162.20.108:443 | encdn.ldmnq.com | tcp |
| GB | 3.162.20.108:443 | encdn.ldmnq.com | tcp |
| GB | 3.162.20.108:443 | encdn.ldmnq.com | tcp |
| GB | 3.162.20.108:443 | encdn.ldmnq.com | tcp |
| GB | 3.162.20.108:443 | encdn.ldmnq.com | tcp |
| GB | 3.162.20.108:443 | encdn.ldmnq.com | tcp |
| FR | 142.250.179.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 108.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.179.250.142.in-addr.arpa | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| DK | 37.157.6.233:443 | adx.adform.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 216.58.213.74:443 | jnn-pa.googleapis.com | tcp |
| FR | 142.250.75.230:443 | static.doubleclick.net | tcp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | tcp |
| FR | 216.58.213.74:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 193.20.217.172.in-addr.arpa | udp |
| DK | 37.157.4.29:443 | cm.adform.net | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| IE | 52.17.55.191:443 | bcp.crwdcntrl.net | tcp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| GB | 18.172.89.111:80 | apien.ldmnq.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.55.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | udp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| GB | 18.172.89.111:443 | apien.ldmnq.com | tcp |
| BE | 2.21.18.175:443 | eus.rubiconproject.com | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | udp |
| NL | 185.235.87.103:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.206:443 | ag.gbc.criteo.com | tcp |
| IE | 54.229.235.11:443 | ap.lijit.com | tcp |
| IE | 54.74.225.146:443 | ice.360yield.com | tcp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| NL | 35.214.161.100:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 54.88.142.103:443 | pxl.iqm.com | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| IE | 54.72.69.177:443 | ce.lijit.com | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| GB | 18.172.89.111:443 | apien.ldmnq.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 118.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.142.88.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.69.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| NL | 35.214.161.100:443 | csync.loopme.me | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 50.31.142.63:443 | b1sync.zemanta.com | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| US | 50.31.142.63:443 | b1sync.zemanta.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| NL | 74.125.8.73:443 | rr4---sn-5hneknee.googlevideo.com | tcp |
| NL | 74.125.8.73:443 | rr4---sn-5hneknee.googlevideo.com | tcp |
| FR | 142.250.179.86:443 | i.ytimg.com | udp |
| NL | 74.125.8.73:443 | rr4---sn-5hneknee.googlevideo.com | udp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | udp |
| DE | 141.95.98.64:443 | diagnostics.id5-sync.com | tcp |
| NL | 23.62.61.72:443 | th.bing.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | th.bing.com | tcp |
| NL | 23.62.61.194:443 | th.bing.com | tcp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| US | 204.79.197.201:443 | testfamilysafety.bing.com | tcp |
| US | 204.79.197.201:443 | testfamilysafety.bing.com | tcp |
| US | 204.79.197.200:443 | tse3.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse3.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse3.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse3.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse3.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse3.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse3.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse3.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse3.mm.bing.net | tcp |
| FR | 142.250.179.86:443 | i.ytimg.com | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.75.230:443 | static.doubleclick.net | udp |
| FR | 216.58.213.74:443 | jnn-pa.googleapis.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | udp |
| NL | 74.125.8.136:443 | rr3---sn-5hneknek.googlevideo.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 2.17.251.31:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.31:443 | aefd.nelreports.net | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | udp |
| FR | 216.58.214.174:443 | www.youtube.com | udp |
| FR | 142.250.179.86:443 | i.ytimg.com | udp |
| FR | 216.58.213.74:443 | jnn-pa.googleapis.com | udp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| NL | 172.217.132.137:443 | rr4---sn-5hne6nzk.googlevideo.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.179.86:443 | i.ytimg.com | udp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | udp |
| FR | 172.217.20.202:443 | jnn-pa.googleapis.com | udp |
| NL | 172.217.132.134:443 | rr1---sn-5hne6nzk.googlevideo.com | udp |
| US | 8.8.8.8:53 | 134.132.217.172.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse4.mm.bing.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 2.17.251.5:443 | aefd.nelreports.net | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | udp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | udp |
| FR | 216.58.214.174:443 | www.youtube.com | udp |
| US | 2.17.251.17:443 | aefd.nelreports.net | udp |
| US | 52.26.75.78:443 | analytics.apis.mcafee.com | tcp |
| FR | 142.250.179.86:443 | i.ytimg.com | udp |
| FR | 216.58.214.174:443 | www.youtube.com | udp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | udp |
| FR | 172.217.20.202:443 | jnn-pa.googleapis.com | udp |
| FR | 142.250.75.230:443 | static.doubleclick.net | udp |
| FR | 172.217.20.174:443 | www.youtube.com | udp |
| NL | 74.125.100.40:443 | rr3---sn-5hnekn7s.googlevideo.com | udp |
| US | 204.79.197.200:443 | tse4.mm.bing.net | tcp |
| GB | 104.91.71.143:443 | sadownload.mcafee.com | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8ff8bdd04a2da5ef5d4b6a687da23156 |
| SHA1 | 247873c114f3cc780c3adb0f844fc0bb2b440b6d |
| SHA256 | 09b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae |
| SHA512 | 5633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e |
\??\pipe\LOCAL\crashpad_1732_DMXXGURXHBNTPULI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1e4ed4a50489e7fc6c3ce17686a7cd94 |
| SHA1 | eac4e98e46efc880605a23a632e68e2c778613e7 |
| SHA256 | fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a |
| SHA512 | 5c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d779bcbf57d8fcd7d7c06d3a2ed62031 |
| SHA1 | ce242df17c9055c233c7a1320f0ecae89bfd6d6b |
| SHA256 | 471e7153d7004d5da1bf25e014a4f6faac2fba80dccbc2fae8eb5c6d1065b0cc |
| SHA512 | 34d170915d788e668db57f4774ca899f31f606d78208da739e47cbcfa90ca96756863d364beefca990b4138e9f425646d89fbfc98de0b33c56043d610f9f63d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ccdeb75a2f44ec19ad8d2fe89f4f6612 |
| SHA1 | 85b91b5f2136e0da234d4e7bc2943934acea38ff |
| SHA256 | 8ac792e8a80a32dd2f312c9b23ac4c2642d4ccb1dba08ab73f757dbaceb8c590 |
| SHA512 | 1feabe0c57ee6069e2396f6cc071cf58e0cfdab8edf5144238a055361e39f6367dfb5de251c1f8e1b0810b3c5aa2d7631fa57bca585f81109982d4ce69900011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4fb4f90a4f9115e02b3ce53ce6226fad |
| SHA1 | a8074181c9aab7c97a4653395a95a781e7e1b705 |
| SHA256 | 4cdf224d4a092f2d5503d2cb22605f5530c4941def54c8bb5bb9930cf9f312c1 |
| SHA512 | 54d4be4c69e87bc931b0238db6c887ac18b2178e08d672cdee6508bc002f1390775fc97c32bfa75f37af272707ddf669c83e1562e8ceae5883a70a81323eda86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6819936a1f73408608e3784fe718cde |
| SHA1 | 6eb13405586d6032f526668e46baa8a5c6fb686b |
| SHA256 | aeae47305b58a04c6ed53662f9fec768874b98c1f32675ff73e06b451e80e992 |
| SHA512 | 1d98bc5eb0786b4d0c625fe9395d5fa18b6828d14d063894003ab514166e0cd30ec5e3ed9752f009ac3bc3e8d82c62412ea3479ab4542bd83730ae13491b3946 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e0af3f10518ad85d60b0a30f02d52ade |
| SHA1 | 2f4f2437eff707bca58e5c0d792e7f3bd73e1763 |
| SHA256 | 10e0d1435c220d59013020d7bdb15c7bdd52c485d5c33f4dec8d0dc17598bfb9 |
| SHA512 | 0ad1fbe970685dcec9253df88e4e6b8f665ea10a9bc88921464a83d133ae7cfeab5434c6db39484a3e8d943469926208f9dd0edb0d250e4cff91fe78c8105b1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ae9f.TMP
| MD5 | 0f0b97ec1e9a0042d4f71d6f6fa6e73d |
| SHA1 | 9fafda1acbc1ae21c4dcef20d881179b0ce31064 |
| SHA256 | 14c2e1dc614d5eda266b9f836424f2a833511e926427cd9c1980f5d106c11af3 |
| SHA512 | 1b493795e146eba9e812385fa5bf1ba87decfd349d257e07f1f6b0ee63ced53f1e5adba374721547a2fd91789ba50d78fca5d5d4d033b8692356bcb8ef08a123 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e59fe09f9d2fd1297d7c88afe59f9165 |
| SHA1 | 3343847c290bb09fb59795aa24afa4a0e8b3252f |
| SHA256 | cebfebdf08ce7dea82a91ba27f73b60aef4422a9e09b161c36d3395dbca7e5e6 |
| SHA512 | aa05bce556d01e24f58ca6078fa054903d2caf55e97bc6055979a8b555d5ccf2ed3aae4248c9a5d11efbbaacbf64a811d1914e188055003e40b487b85bdb3a8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 913b34ba1422c473623b049b18ae25b2 |
| SHA1 | 86d0f8c19f957564ecd51f8afe953ca270cbe5a9 |
| SHA256 | babffee46b6a1a3cc7b3f8d617f7348bb43f0ca3afc044da46cfcf72dc85eae2 |
| SHA512 | 1930e10ecb745a04830c1072afffa94e486bede396affdbbd2d3feb87ba74b8a2128461be616d99fa3bb569afa17ecec7ff3bb6e4aa516e2d8b6e09654abfa2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 062f9e0bc50a79cef3701ad7c166b5d1 |
| SHA1 | aa9cf95aaf93094e2b6f94c483a342e8d41fbb2f |
| SHA256 | 7b6d6d0da5c1bbc6159692991b797e3f189d432e655e5e2795d4444067a87336 |
| SHA512 | 5bfcd792fa0db5d8a582161eca911939a7b9b0a3fe03b290ab10548f5cf1058b55aa88858ae20b76ccf2b317c8f2c20005b0db9bb3f6b3a09dab5da86624e061 |
C:\Users\Admin\Downloads\Unconfirmed 832697.crdownload
| MD5 | 3470dad8219537a4b4d9f1ff73436893 |
| SHA1 | fc5ba88ce9719ad6ba6febbaab971801cd625933 |
| SHA256 | 1f5cc5c2211c48f57acf7d4113a487fbbd74a423303102821c913139d7ff782a |
| SHA512 | 2cf931cf203650781ca27051cf58b61a26700cb492086ce04a8680a49126b63276c77241d5d3f31a8a948edf56e0accec57c78e620200d310af48fa076d33c94 |
C:\Users\Admin\Downloads\LDPlayer9_ens_daniillnull.nulls.brawlstars.b_3040_ld.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | 7d5d3e2fcfa5ff53f5ae075ed4327b18 |
| SHA1 | 3905104d8f7ba88b3b34f4997f3948b3183953f6 |
| SHA256 | e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4 |
| SHA512 | e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589 |
memory/5896-638-0x0000000005BB0000-0x0000000005BC4000-memory.dmp
memory/5896-639-0x0000000073C10000-0x0000000073C24000-memory.dmp
memory/5896-640-0x00000000083C0000-0x0000000008966000-memory.dmp
memory/5896-641-0x0000000007F10000-0x0000000007FA2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c750ae7597ff34cac554ad16bbc40806 |
| SHA1 | 53fe50a081a9fc57550ff8a6a49d2bf55a22abd5 |
| SHA256 | 85429a275fe128d55d7cfa7697bddf06cd1c03cbc184d5c22044bb7ea66f0518 |
| SHA512 | 6cc28c8a75b13e30c715707c9ff9a67016a5d3b1d0804455aaec51e49b0567dc08e0cc44229d2c56422e6325099bcf19cc0564908c069c7e234fd3c5e2c99a43 |
memory/5896-651-0x00000000058B0000-0x00000000058F4000-memory.dmp
memory/5896-652-0x0000000009520000-0x00000000095BC000-memory.dmp
memory/5896-653-0x0000000005980000-0x00000000059E6000-memory.dmp
memory/5896-654-0x0000000009AF0000-0x000000000A01C000-memory.dmp
memory/5896-655-0x0000000009A70000-0x0000000009A7A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a675480b41110339e71be910915845f4 |
| SHA1 | 847327e79306f0480fca4867fe4281eef154c928 |
| SHA256 | 29253a84e99074e5fc502c02bf5767110c0660211111e654dfaa767f0a749003 |
| SHA512 | 8ffb7337a943767664dc37677f087dfb14307ea2f7c93561fe34252c373849c4465893cc8b6de2283442862eed8b812138cf44c38381e47c5b8f0d6998fa07bd |
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
| MD5 | 143255618462a577de27286a272584e1 |
| SHA1 | efc032a6822bc57bcd0c9662a6a062be45f11acb |
| SHA256 | f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4 |
| SHA512 | c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9 |
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
| MD5 | 4f5309926b9843673ed50fe507d6a34c |
| SHA1 | e9ec424f2d5b634073945b9a52d174daa3fbb567 |
| SHA256 | b053c06c55bb1509f4ebc81286276736a747ab8f32fd5e1439ba60e84505270d |
| SHA512 | 6da8126b8fa9b2cb219d0151d778725a5f14ffb25d6b21a3ba51b439b30ed7a949ca8bce45e822e20c6e2708e948c76f9226688ae303359c6d3da09e85446df8 |
memory/2188-722-0x000001CCCE4F0000-0x000001CCCE4F8000-memory.dmp
memory/2188-728-0x000001CCE8FC0000-0x000001CCE94E8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\r5j2yr0a.exe
| MD5 | 032ca93cab2ba2716854b31228346d76 |
| SHA1 | c3f1afc9e172c39e5c7279391f6c92b515b09611 |
| SHA256 | f7749d06cfac9d0e78fef6f974178a275bcd173732bd2ba23b2da59bb205d9c5 |
| SHA512 | d6a12316299da6b9cebe372c768c4d6c9dcaf58dfd39901400a33d731acce977329f00079f817a2b8fa09fdcdbdffb5934125b2858f8312ad1bd1cb6493c5e71 |
C:\Users\Admin\AppData\Local\Temp\nsq2AB1.tmp\System.dll
| MD5 | 192639861e3dc2dc5c08bb8f8c7260d5 |
| SHA1 | 58d30e460609e22fa0098bc27d928b689ef9af78 |
| SHA256 | 23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6 |
| SHA512 | 6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc |
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\RAVEndPointProtection-installer.exe
| MD5 | 31cb221abd09084bf10c8d6acf976a21 |
| SHA1 | 1214ac59242841b65eaa5fd78c6bed0c2a909a9b |
| SHA256 | 1bbba4dba3eb631909ba4b222d903293f70f7d6e1f2c9f52ae0cfca4e168bd0b |
| SHA512 | 502b3acf5306a83cb6c6a917e194ffdce8d3c8985c4488569e59bce02f9562b71e454da53fd4605946d35c344aa4e67667c500ebcd6d1a166f16edbc482ba671 |
memory/4924-801-0x0000029C54E60000-0x0000029C54EE8000-memory.dmp
memory/4924-803-0x0000029C56C40000-0x0000029C56C80000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\rsStubLib.dll
| MD5 | 98f73ae19c98b734bdbe9dba30e31351 |
| SHA1 | 9c656eb736d9fd68d3af64f6074f8bf41c7a727e |
| SHA256 | 944259d12065d301955931c79a8ae434c3ebccdcbfad5e545bab71765edc9239 |
| SHA512 | 8ad15ef9897e2ffe83b6d0caf2fac09b4eb36d21768d5350b7e003c63cd19f623024cd73ac651d555e1c48019b94fa7746a6c252cc6b78fdffdab6cb11574a70 |
memory/4924-805-0x0000029C6F350000-0x0000029C6F380000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\rsLogger.dll
| MD5 | 4ece9fa3258b1227842c32f8b82299c0 |
| SHA1 | 4fdd1a397497e1bff6306f68105c9cecb8041599 |
| SHA256 | 61e85b501cf8c0f725c5b03c323320e6ee187e84f166d8f9deaf93b2ea6ca0ef |
| SHA512 | a923bce293f8af2f2a34e789d6a2f1419dc4b3d760b46df49561948aa917bb244eda6da933290cd36b22121aad126a23d70de99bb663d4c4055280646ec6c9dd |
memory/4924-807-0x0000029C6F4F0000-0x0000029C6F52A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\rsJSON.dll
| MD5 | afd0aa2d81db53a742083b0295ae6c63 |
| SHA1 | 840809a937851e5199f28a6e2d433bca08f18a4f |
| SHA256 | 1b55a9dd09b1cd51a6b1d971d1551233fa2d932bdea793d0743616a4f3edb257 |
| SHA512 | 405e0cbcfff6203ea1224a81fb40bbefa65db59a08baa1b4f3f771240c33416c906a87566a996707ae32e75512abe470aec25820682f0bcf58ccc087a14699ec |
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\rsAtom.dll
| MD5 | 16d9a46099809ac76ef74a007cf5e720 |
| SHA1 | e4870bf8cef67a09103385b03072f41145baf458 |
| SHA256 | 58fec0c60d25f836d17e346b07d14038617ae55a5a13adfca13e2937065958f6 |
| SHA512 | 10247771c77057fa82c1c2dc4d6dfb0f2ab7680cd006dbfa0f9fb93986d2bb37a7f981676cea35aca5068c183c16334f482555f22c9d5a5223d032d5c84b04f2 |
memory/4924-809-0x0000029C6F4B0000-0x0000029C6F4DA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\uninstall.ico
| MD5 | af1c23b1e641e56b3de26f5f643eb7d9 |
| SHA1 | 6c23deb9b7b0c930533fdbeea0863173d99cf323 |
| SHA256 | 0d3a05e1b06403f2130a6e827b1982d2af0495cdd42deb180ca0ce4f20db5058 |
| SHA512 | 0c503ec7e83a5bfd59ec8ccc80f6c54412263afd24835b8b4272a79c440a0c106875b5c3b9a521a937f0615eb4f112d1d6826948ad5fb6fd173c5c51cb7168f4 |
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\Microsoft.Win32.TaskScheduler.dll
| MD5 | 192d235d98d88bab41eed2a90a2e1942 |
| SHA1 | 2c92c1c607ba0ca5ad4b2636ea0deb276dcc2266 |
| SHA256 | c9e3f36781204ed13c0adad839146878b190feb07df41f57693b99ca0a3924e3 |
| SHA512 | d469b0862af8c92f16e8e96c6454398800f22aac37951252f942f044e2efbfd799a375f13278167b48f6f792d6a3034afeace4a94e0b522f45ea5d6ff286a270 |
memory/4924-818-0x0000029C6F610000-0x0000029C6F668000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\rsSyncSvc.exe
| MD5 | 3068531529196a5f3c9cb369b8a6a37f |
| SHA1 | 2c2b725964ca47f4d627cf323613538ca1da94d2 |
| SHA256 | 688533610facdd062f37ff95b0fd7d75235c76901c543c4f708cfaa1850d6fac |
| SHA512 | 7f2d29a46832a9a9634a7f58e2263c9ec74c42cba60ee12b5bb3654ea9cc5ec8ca28b930ba68f238891cb02cf44f3d7ad600bca04b5f6389387233601f7276ef |
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
| MD5 | 58b8915d4281db10762af30eaf315c9e |
| SHA1 | 1e8b10818226fa29bfa5cdd8c2595ba080b72a71 |
| SHA256 | c19df49f177f0fecf2d406ef7801a8d0e5641cb8a38b7b859cbf118cb5d0684e |
| SHA512 | 49247941a77f26ab599f948c66df21b6439e86d08652caa9b52ffbcefd80a8c685d75c8088361c98dde44936e44746c961f1828a5b9909fecd6ce9e7e6d2f794 |
memory/3848-1186-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1185-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1184-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1187-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1188-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1191-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1190-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1189-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1192-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1197-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1196-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1198-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1195-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1194-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1193-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1199-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1205-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1214-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1212-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1204-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1203-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1202-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1201-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1200-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1213-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1336-0x00007FF635160000-0x00007FF635170000-memory.dmp
memory/3848-1330-0x00007FF635160000-0x00007FF635170000-memory.dmp
memory/3848-1327-0x00007FF635160000-0x00007FF635170000-memory.dmp
memory/3848-1300-0x00007FF63F030000-0x00007FF63F040000-memory.dmp
memory/3848-1299-0x00007FF63F030000-0x00007FF63F040000-memory.dmp
memory/3848-1298-0x00007FF63F030000-0x00007FF63F040000-memory.dmp
memory/3848-1297-0x00007FF63F030000-0x00007FF63F040000-memory.dmp
memory/3848-1296-0x00007FF63F030000-0x00007FF63F040000-memory.dmp
memory/3848-1281-0x00007FF63F030000-0x00007FF63F040000-memory.dmp
memory/3848-1277-0x00007FF63F030000-0x00007FF63F040000-memory.dmp
memory/3848-1275-0x00007FF63F030000-0x00007FF63F040000-memory.dmp
memory/3848-1266-0x00007FF63F030000-0x00007FF63F040000-memory.dmp
memory/3848-1227-0x00007FF668C10000-0x00007FF668C20000-memory.dmp
memory/3848-1211-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1210-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1209-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1208-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1207-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1206-0x00007FF635380000-0x00007FF635390000-memory.dmp
memory/3848-1442-0x00007FF62A5B0000-0x00007FF62A5C0000-memory.dmp
memory/3848-1415-0x00007FF67CEE0000-0x00007FF67CEF0000-memory.dmp
memory/3848-1404-0x00007FF635160000-0x00007FF635170000-memory.dmp
memory/3848-1398-0x00007FF635160000-0x00007FF635170000-memory.dmp
memory/3848-1396-0x00007FF635160000-0x00007FF635170000-memory.dmp
memory/3848-1379-0x00007FF64C260000-0x00007FF64C270000-memory.dmp
memory/3848-1363-0x00007FF635160000-0x00007FF635170000-memory.dmp
memory/3848-1361-0x00007FF635160000-0x00007FF635170000-memory.dmp
memory/3848-1357-0x00007FF635160000-0x00007FF635170000-memory.dmp
memory/3848-1355-0x00007FF635160000-0x00007FF635170000-memory.dmp
memory/3848-1353-0x00007FF635160000-0x00007FF635170000-memory.dmp
memory/3848-1340-0x00007FF635160000-0x00007FF635170000-memory.dmp
memory/3848-1261-0x00007FF63F030000-0x00007FF63F040000-memory.dmp
memory/3848-1240-0x00007FF63F030000-0x00007FF63F040000-memory.dmp
memory/3848-1235-0x00007FF668C10000-0x00007FF668C20000-memory.dmp
memory/3848-1231-0x00007FF668C10000-0x00007FF668C20000-memory.dmp
memory/3848-1229-0x00007FF668C10000-0x00007FF668C20000-memory.dmp
memory/3848-1226-0x00007FF668C10000-0x00007FF668C20000-memory.dmp
memory/3848-1223-0x00007FF668C10000-0x00007FF668C20000-memory.dmp
memory/3848-1215-0x00007FF67F190000-0x00007FF67F1A0000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | ee7ec39f46e61444ff3d09a7b68da617 |
| SHA1 | 26b2920a015830f0f7eee3885df9eb2bbb05cc0a |
| SHA256 | 2d2b52f412bd332edb3337eacd6f55ca7d8a904808dca736cc3e55b0efcde0d9 |
| SHA512 | a9fa9e9f748781018d357898283470eab4ef1fba5183592f0028786057f74fa20637c3050b78dcdcfb072847ad4846a10c92cb571bf9b634eab1a59ac5744dad |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 8c51a315696969ad867577d3f548032a |
| SHA1 | f7d89f791f9d74ba89126e03bc295d8cb3cf3024 |
| SHA256 | f8b12c4550785d7d33e9f5bff11e6ad5dd1dd26d40c57dabc62f256ac8d9d8c6 |
| SHA512 | e0345c8f3532a4778a6e832a30d15debde3c2cf635379db6c4f4f4eaa6991ca3796cfa2e6e729b88065cb41118e466e48b59ab9b08b16143e10e415eb54863bc |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 580c76460b403efc800563c958531e5d |
| SHA1 | e7938e3c618063bbfb9efc5ea634a2d5fbb0f17a |
| SHA256 | 4b3a55634357414e15a02bd43bcc8545ae1981935e3522cc2d18f427b63b88aa |
| SHA512 | 84ec2e7b174d1f86effd9278b047ee54582bafee44bfdfd88d72fc213d8cd52871197fc7bf523f9df8bfb9d09b94ac19f76eda5b8fec3d3fbf8ad32128df3e39 |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 021912481efb1e50373dcfd345e05be6 |
| SHA1 | 0dd549e69b72d0bda4b1cce1e4184e24dbf369c4 |
| SHA256 | da160b2c791e523a8703f992c77501575e094c920511588dc107135397dab0ad |
| SHA512 | 8640adc1665de904d3fb3365a461cc86dfe6114d1869721e0796ca66f775103377cdf90f901d5c25826e98a361b15594d06a1ab5748e64313a2665f995e891f7 |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | a7b0dabf4a52b6827c35de1e05111ba6 |
| SHA1 | 21065f550492165d5290446e433e0f9cdefaeecd |
| SHA256 | b92f20569bcb06eb12a87d278592af03f564281ad9803eb8ee748eed0c4afbf2 |
| SHA512 | 5c4996df6335d5cf045f09d04ccf2382306ab4ab962dc2ab1889248df00f1470a336724bf137986df7be60e6b5b2417d75e4270b18f3f87fb533a8c1c530ed3d |
C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 5b49c98423a5c63277579f567330f8c3 |
| SHA1 | 3978ed70859b1706d0fd02d5cbd765ca1841aa73 |
| SHA256 | 57b6f02a292fa1f54b50e3b9356352d4f5bb804deb73f52821bd303864e51312 |
| SHA512 | 06ec34734a6d4f17eedd9bc74cedb79bb85a7d41bf828f9b9c7077af18d2eb2a7ef1b934bdaac44351274e1b19099e0c3f7ebb2dbf479e0e185f9fe63fc67be3 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 6cf94b3dbec539d95f33e245b5645b20 |
| SHA1 | 8975aee8d9144a673342aaca0f3cc29cc443b8d2 |
| SHA256 | d39d82f5ae2f781ebaed1ade862c3edd353d6d9a4597d9ae656e56a328dca995 |
| SHA512 | 83b7ed8393b727bbeb104f0df2a95924eef8fd2da5c91fe9f0264f51f80b6a73823f70b48ea0375ce8a0ab701617f0d42ac7d17064cf87422fb910859b7acc24 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 114aba5eb4ce2449873c0046a8e7e196 |
| SHA1 | 16503e2a6612405fe9900f2a5503ea15913db800 |
| SHA256 | 7a71ca66e264cb4175e83d3200e13a668a787fe0be85b847100616d8c5e1209f |
| SHA512 | 0b0fd29e3175e8e7a9ec476a467d5fbbaa5f84e5d4d43e6af78f7dd434410929720c92b6b3e3551e25ff8641ef6d7bd909911897220a04501550e7471fb9cdf0 |
C:\Windows\Logs\DISM\dism.log
| MD5 | 1e84c79152a133be0eed6e42fdbecae4 |
| SHA1 | 9d1ba35edab332f8f261cf14dccc094303b7839d |
| SHA256 | b1a17b283020468c2191b4c94f4a33fe994805e654933b36f4b87030d7c91e0a |
| SHA512 | f8f469aa2d632515bc4397d019bb2e2fee2b20a9afb3fb9093b2ca92d3ccfe4d8955fb5ffd8c2a28a4bef2480946ba7b7afef673d8ee5c4cd466a82fa35d3c75 |
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
| MD5 | 4be222b0796df9d496e9ff02c389c304 |
| SHA1 | a50131cc3683aed3c32847cdd0b8b976951296ba |
| SHA256 | ae6d512a1d4f0f4b91a699c80eb6b97acd3bc59b22375a3039d74b58b31e9c2d |
| SHA512 | 26cccea83b3f1dfe84c63cacd4698d9eea373219cdf810f5dbc1ace313b1478d753eb5547ca186076e878883b462364dd80136805d7aadabd5917cf485a55eaa |
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
| MD5 | 135353974cbebf94b8bc48d682f8f5d8 |
| SHA1 | 0d8911efa7759516fc80961ec42ed6e15764ceb8 |
| SHA256 | 3da6db19e909805066bb41b1674b76b9b1946e99aefdee3ef96a0ee73b9914c1 |
| SHA512 | 1896e77b05162f9624ecc2139866186260b1adfb6a1918f04f9696dde2e7b5b4c2fb64533c20abc44ea0bc42afed692381cff956a458b1fb420e5b490f26f998 |
C:\Program Files\ReasonLabs\EPP\mc.dll
| MD5 | c85b6e5cbc8cd0cd668a95378cf2339f |
| SHA1 | a53d71a00a4d1ee74de71543846ddbeb568b29a1 |
| SHA256 | ef6f5493f21fa5fdac8b6b669ac6dbc0923e5c7c794f075413f27ca6ebeeb4b1 |
| SHA512 | 7067887375c5aa40b1732d648185a0d231b8d87a43b63fb3670dc5099a56c7c7356cce43dc48cad6e96c1585fdb2955afa8a50d3a1c7df1994e80705f76aaec2 |
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
| MD5 | fa16d0dc50b77c9f8703b5b36d774107 |
| SHA1 | ec426639f3bf3a563491ac53b70bb5eb92e5c314 |
| SHA256 | 94ad9f2b387a5e6cbd0f7b2259e37533ca80aaa69ba044db6a022661eaeb606d |
| SHA512 | b2e50634a6a7a116c71bb56dc045f29f79abd5d831ed1ac4a4fb7ab6a452321a814b9877b1c98cc0e185c6b6cab5bfe3e9435a43f9f4d1ff4d515109779372cd |
memory/4924-3351-0x0000029C6FBB0000-0x0000029C6FC06000-memory.dmp
memory/4924-4981-0x0000029C6FC50000-0x0000029C6FC8A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\1ecb5e0b\796e9c38_11b1da01\rsJSON.DLL
| MD5 | fa63504382f4f3f92fa86841d9e97f29 |
| SHA1 | 0bde02c98741bb24eaf501bd8e2d9738742cd042 |
| SHA256 | 5f0764e1998464f63c6583f870dd3784921b752b91d8e450fe2c90153cb5e58d |
| SHA512 | c8483d9060a6800c8dedb4d5fea7cda346f742ca1a149c3eb608823209aff1f00bfcc5b0caf9c482c7b01d75f6e198edfae3b0100cb0dca6e5b5f18336abdee5 |
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\81126b56\796e9c38_11b1da01\rsLogger.DLL
| MD5 | e3fa0916f33bee8a14f28421d2dcdc9f |
| SHA1 | fd3dca4db55e81ebffc7609c5d63a4ffbd6629b2 |
| SHA256 | 29aaff11e775c800575b1a5d4160daec749dde528e68bc3b6e9b340279ed991d |
| SHA512 | fe96efd3cf162bbb766634c3d90f707d868378dd04e47aa9d55c03e03130f54827f781639383b053c9335d022ccd6b244b67e586197c2b40d193dd58a4ee8cb6 |
memory/4924-5015-0x0000029C6FC40000-0x0000029C6FC70000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\b47cfc0a\a0479538_11b1da01\rsAtom.DLL
| MD5 | 044d60780b0c40d3f9b0b5a3fc040948 |
| SHA1 | 2e16c926f11ed5faae22d9af5d935748c57ec1f8 |
| SHA256 | 7493f645bb04092aee30a47a681494251c79a38a941c9a3d2dee4293a265f428 |
| SHA512 | 7653a0a46e3eb9331e92a09937754302f939100adbfb283242c25bf0f73f8508d6f7e9d5aa08dbbefdd14bf682ad7d0d77f4999b3274d329d281e22934c445ea |
memory/4924-5032-0x0000029C6FC40000-0x0000029C6FC6A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsq2AB2.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\094858f7\796e9c38_11b1da01\rsServiceController.DLL
| MD5 | 8dcd92de516608670f57193d74824a3b |
| SHA1 | c67c347dfa47c2db1628fab8bf9906c353f33dd9 |
| SHA256 | 96db49db4dd12b9f86144fedf83ac7dc12d855c5d7e3c863fd5b1696966ac345 |
| SHA512 | e5fde81ae57e68df69fc7695b9e16d8c7d188a30a4d68ffb682a3dcfedf2c028874145815aad2f957a02b0ead6ad8f1442635dfa580339816110e7b1cdbc0c0e |
memory/4924-5047-0x0000029C6FDD0000-0x0000029C6FDFE000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngine.config
| MD5 | 0195b6f2d3e0f5a4947f353e48e15d8c |
| SHA1 | f29fb502b68a486ffee0c55ed343c15e5110e6f9 |
| SHA256 | 52b9ff10c412162ce0ac5ece6cd56b1164c209af1ad8b3b8e334149ed6e4ea56 |
| SHA512 | 65ba63d1645a1c507c2a8c4728df0f1f660f3574333925386f1b5b07f11e4e894d8404767a478a384d6a5910915ff040698c6c761047a4ce53a9fabd2d788bef |
C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys
| MD5 | 8129c96d6ebdaebbe771ee034555bf8f |
| SHA1 | 9b41fb541a273086d3eef0ba4149f88022efbaff |
| SHA256 | 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51 |
| SHA512 | ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18 |
memory/7232-5246-0x0000028FC7560000-0x0000028FC758E000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 1264314190d1e81276dde796c5a3537c |
| SHA1 | ab1c69efd9358b161ec31d7701d26c39ee708d57 |
| SHA256 | 8341a3cae0acb500b9f494bdec870cb8eb8e915174370d41c57dcdae622342c5 |
| SHA512 | a3f36574dce70997943d93a8d5bebe1b44be7b4aae05ed5a791aee8c3aab908c2eca3275f7ce636a230a585d40896dc637be1fb597b10380d0c258afe4e720e9 |
memory/7232-5247-0x0000028FC7560000-0x0000028FC758E000-memory.dmp
memory/7232-5265-0x0000028FC9200000-0x0000028FC923C000-memory.dmp
memory/7232-5264-0x0000028FC79F0000-0x0000028FC7A02000-memory.dmp
memory/8472-5266-0x00000000027B0000-0x00000000027E6000-memory.dmp
memory/8472-5267-0x0000000005270000-0x000000000589A000-memory.dmp
memory/8472-5268-0x0000000005130000-0x0000000005152000-memory.dmp
memory/8472-5269-0x0000000005910000-0x0000000005976000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 948b9ce98a3453ec1ffda7048653423d |
| SHA1 | b8dac155235fd43a9184bb652986305591992f6c |
| SHA256 | a838aa045112f16e72fb2ee3790e815cbf6a4345a4e87b897d809f4353ce4276 |
| SHA512 | ce46782c22e4b6eee511d141f03b97438a231c95ba4e7da24ddf1a5219c3bfe9e87b70cfe865414b6f3deaf5eed43c5093d91eeb6675e5003fc0f7a68b9ec6bb |
memory/8472-5284-0x00000000059F0000-0x0000000005D47000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xtj3gohm.u1l.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/8472-5296-0x0000000005ED0000-0x0000000005EEE000-memory.dmp
memory/8472-5300-0x0000000006400000-0x000000000644C000-memory.dmp
C:\Program Files\ReasonLabs\EPP\InstallUtil.InstallLog
| MD5 | 8a0b93abf7961a386f153a4165e099f1 |
| SHA1 | 388165bcf6100b6a6c69cc51693716116e4c4896 |
| SHA256 | e1eee4a919996c03ff2a0f0a3617e48bbcdf3c41c9535466de7a02fcdcae680a |
| SHA512 | 36972b5ffdde91754c3d2a336856f9bbe9f5bc7fded2420ae8f1ba66df905b0e189327eecc6eff9deb3df29c288dfb60aa16c8f9dbe501e449b92a67aaf5edac |
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 43fbbd79c6a85b1dfb782c199ff1f0e7 |
| SHA1 | cad46a3de56cd064e32b79c07ced5abec6bc1543 |
| SHA256 | 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0 |
| SHA512 | 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea |
memory/9116-5316-0x000001FEE9920000-0x000001FEE9C86000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 9f2640ec73bdb5fe801d9f2d969bd6a8 |
| SHA1 | e6df263add1577a3918844d3efa3488c55c74b7a |
| SHA256 | 2d8dc6f25f09119d9f9bc6a9e4210155d1a8cfd7870486a02a98371741dbf0ec |
| SHA512 | 97782f85529ccb7a5294cf79b43b210f426c13866d4b03964b8c785132a1a9cd2831c38ab13bc2ff3ab7d36146b278c85f9dc68b74ba4223fb07370c669c32e8 |
memory/9116-5332-0x000001FEE8D30000-0x000001FEE8D4A000-memory.dmp
memory/9116-5331-0x000001FEE9C90000-0x000001FEE9E0C000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt
| MD5 | 92fa4e135bfd1a54768df6e34737d980 |
| SHA1 | 6cd2cd95c734a8dc197db18a264807859651bf30 |
| SHA256 | 0f80745226a2aeb5a35369fa79ce2b0c613d27743aa48dcb6ae87574dfcbbb63 |
| SHA512 | c3fec0aa519b2c20ed110ad41709bcfa652d13d6491b7df165472328c0197b8ef18728cfedef2f0fb0ec8c73d4279e535719f498d3dfd259dfbf2aa623e32905 |
memory/9116-5333-0x000001FEE8D90000-0x000001FEE8DB2000-memory.dmp
memory/8472-5346-0x0000000007100000-0x00000000071A4000-memory.dmp
memory/8472-5345-0x0000000006480000-0x000000000649E000-memory.dmp
memory/8472-5336-0x000000006E4C0000-0x000000006E50C000-memory.dmp
memory/8472-5335-0x0000000006500000-0x0000000006534000-memory.dmp
memory/8472-5348-0x0000000007200000-0x000000000721A000-memory.dmp
memory/8472-5347-0x0000000007840000-0x0000000007EBA000-memory.dmp
memory/8472-5349-0x0000000007280000-0x000000000728A000-memory.dmp
memory/8472-5350-0x0000000007490000-0x0000000007526000-memory.dmp
memory/8472-5351-0x0000000007410000-0x0000000007421000-memory.dmp
memory/8472-5352-0x0000000007450000-0x000000000745E000-memory.dmp
memory/8472-5353-0x0000000007530000-0x000000000754A000-memory.dmp
memory/9464-5384-0x000000006E4C0000-0x000000006E50C000-memory.dmp
memory/9768-5410-0x000000006E4C0000-0x000000006E50C000-memory.dmp
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | f96c25bb4feee47fe4111660fa0706b3 |
| SHA1 | 284126ce4f80b6bfd6037f6137dee90c941e4eec |
| SHA256 | 9b5d44c60b18b36bcc1cc0e28585ae168d92239beda197d739c3e64edb229867 |
| SHA512 | b4297728f031863ccfb50de52d18f443d6ae893322e2f6b315497e187329275fbf41828867e614b35e9ff60ac6e3e1ae77d876fa8e131336c2d6a1fb6ff7db36 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc
| MD5 | 70058f2d60daef1ccc7bbcba210f0ace |
| SHA1 | ef214ade419a724272ac82e9de5233d7c0afa64b |
| SHA256 | 43b26f40e04ae6854569a01803541245abffcd130f1345191afd8bf6b0ca7873 |
| SHA512 | a0b3ca59ffad882fbff69012023eaa8aadb77d3ff1252562e5480e7dc3c9336afb3c5f58fb435246ec48c758d3c9d17ae9ea8a28f9d4766fad1a4c672cbf9b9a |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | a723044f1c511790dd0ee3a3fa68c4cf |
| SHA1 | 670e6f907c2557c9685ad26c26d6d8fee5139942 |
| SHA256 | 861be3e240b075752d52c7b50c41bf22eab9314db4f11a20362c648198a0f2e4 |
| SHA512 | 0fa7da71864d1abdff83d3aa01597f5902c01899513b0333bcc5d756a15be02b8c5293b55c1d88e556010f53412a7dbd27b57b63b1074565f1f6de8e2952377c |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf
| MD5 | 93b877811441a5ae311762a7cb6fb1e1 |
| SHA1 | 339e033fd4fbb131c2d9b964354c68cd2cf18bd1 |
| SHA256 | b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b |
| SHA512 | 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | 6de0ef4a83aadebe5d7e07a64fc9d220 |
| SHA1 | f2162f30992ced0b882bfced0477ebf62b7ce186 |
| SHA256 | b7c4de833b0e2689724414802fbdda35d7cc1c4529eb95282fd0ffd175119008 |
| SHA512 | eebe007e0ece66c08138720bb46864470826a6b49a8edb1fd1593c4efade4bbf32c764d205383ef4745a738a1242f92e4c396abeb56e6ff9e785977ce8f646da |
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 53e67bb21679ab970e4f7a531354f84a |
| SHA1 | f5e07f442ab72fbfc196244eb6e96a60aa213e8f |
| SHA256 | 6205bc5f81bf669328d15552e20cf77eaaf636c8d7f79739bf56261471d85e05 |
| SHA512 | 69d7516a9acdacea59c789f31e8bcc09ace10d6069e36ee5ba12993b216613048b72f5499a5a046061657b010a619ae479a6f2dfcb98db46f05763711bd583c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | 05e9679509b61424a07cc4d4efb7247f |
| SHA1 | db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81 |
| SHA256 | 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b |
| SHA512 | 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | afccfa4bfda2733a2eb4be7bb1ac909f |
| SHA1 | 125f469a0d51d9c70c9ceabcebe7ff78eab7d2a7 |
| SHA256 | d8cd5a4872c7003715d80cbcb04bf0d2968532393999aae1bbe1104fa7b0e1e1 |
| SHA512 | 04329d563e750d04ab5249a5f7038b458955250dcbb586d0801f2bfd3f74cd8b01cf7fe995c467f11775f853543419ffc5a36514f89ee1b86bd6b7012668f20e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047
| MD5 | d41d72406bf403e2a2d1ec60ef889531 |
| SHA1 | 3af9e732d1366595da6737bd0f943df4704ac4ac |
| SHA256 | 913bf99a86dde22866e137811794ce0a5737a1741583c2e06483c31a6b43629c |
| SHA512 | e1268f335a51062f1d59dd392e13730045cf0b4eac1eef48659f280330a0c280aa3d28064a94918acb3b1c6f6d53ee674f9ecb51eb0e78729672205c25f490ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
| MD5 | cfa2ab4f9278c82c01d2320d480258fe |
| SHA1 | ba1468b2006b74fe48be560d3e87f181e8d8ba77 |
| SHA256 | d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e |
| SHA512 | 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | 7dc9131ce9fac23dbc0b548f1469984c |
| SHA1 | 2e1aab9c7508ba7f61039d245632920735fa5656 |
| SHA256 | b689e35ce912af97827b4d77b3f9890c0185b03d9dbb8f7ca3a237fa3667af72 |
| SHA512 | 0b50bb304cfddcd8bd39552e65d931564189655043498ebd1835647a63a08f91f65edc22ceca502df1e6f5372268d9e78099cb9eb5c39f5b9b2c7e583f4581b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
| MD5 | 69ef77257c7fa3a494a232f90b05d55c |
| SHA1 | 19dc83dc05f718e9693de231d48bf0307d8d29a2 |
| SHA256 | d1ec04bcd468208a30012d660d1e857bd9d4d937957d45bb10cc7483de435421 |
| SHA512 | 1b95ee10d622e1468e04691dc47fcb59da6349ba8cdc0814ac8d27a0ebcb9c09692ef1b86533ebd59f2bca87f3340cbe032a011223afe4e7db018af47bab38ea |
C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt
| MD5 | 8896b47e47fedcd7b00b747736aa3b9b |
| SHA1 | 65f7c49bcd077df15939f045e49f5bdb73d10fab |
| SHA256 | 338613b061706a2a8d743e52face7b7040346a860e7e5e030b831fed49dd0c45 |
| SHA512 | 6ba31d7c7914bc576aa6b7667e244a473298e98b96e7d2b8ca5fe6b7a619c11ca8aaf9fe3c5ca51efdd1ad90513db0e4facfff0d6867adbf25807e535bc81082 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053
| MD5 | d453eca18d366c4054d2efd57717cf9d |
| SHA1 | c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4 |
| SHA256 | be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc |
| SHA512 | a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054
| MD5 | 2335c53afb1602527663457cc9c69410 |
| SHA1 | 8f5fc5d6c267d93a855106d908eb3e29c6b77d11 |
| SHA256 | 9eace0b1569f237f159f7f0a949ba8c435b994331aea1f5c7f73c88d2383da89 |
| SHA512 | fb5c29cc151f75126a610aa2b81f05f0cc74ae3a115846ae3e0ea2ce5d233b48c3807868ea9043945de64107af790931fd44938ba28e8ceb90c0d549b0834984 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aaa419cf546df36d5d9b71e2cf7d2a15 |
| SHA1 | a86adad2e1e5a9fd1ad2c50100c0fbb1e74fa4a2 |
| SHA256 | 123bcad4fa39d0aa7a888a09e6ceffd888d02c06d003c6d32eefcd8fec488f61 |
| SHA512 | 1efb770b62ec90c7a630a3e717eef22e0fbfe80e6950e1bf7d87575e2e0190e5bcb1ff7f8046430c9bcc932f777e3186ef045c8f3ea2d71669d064bcae7b6c78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3855b8bcf12f28d9933a7dd138acdc8d |
| SHA1 | 920f7da0f3f8ab2dc93baa7d1df9ef15e91936b3 |
| SHA256 | 12e522d4fef28e20422aac52891d0cd0f91ff68c2759d812d1159184caa9e843 |
| SHA512 | 9a0916641a5fddd23a8ae5eaadb589fd60654cc0ab97cc188eca1932753dc71b70ccef2be63c30623f8dccb915fb2f297816251c3d2e41ef9304a16adf50a5ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 61010498b601e485771c9019732fb53b |
| SHA1 | edb260b4bc80c2fdc2582a5cde7bf55aae8887d2 |
| SHA256 | 115e5725701cc10b5d2e6d566cbf99b974295103e155e1683b683871057dcd38 |
| SHA512 | 85d6486fc3a6c736300a5e60ec840a48ebcd5d8e6cea228d7bdf2eee589002f7277184cf4c83685383900a00a9e7a468687d9affeb359a29811e0d248aad100a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0254e93ba51b9bda265ab47c62955cc6 |
| SHA1 | 90e59aef596484ffe2bfa1e028cb4a18af01747b |
| SHA256 | 935e87b76e00f31f7e79824dee1ab5d296d66d3718b1139c5e11e6e78c6d7b1f |
| SHA512 | fd34c58e6dd2c54b67872b809b4c36fb0efadbb3ada744210c5cb68da43f82d03673843c0ed5ff2ad44b36c5013db340dee5d51266d8498b295a7a432cab241e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | d2d55f8057f8b03c94a81f3839b348b9 |
| SHA1 | 37c399584539734ff679e3c66309498c8b2dd4d9 |
| SHA256 | 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c |
| SHA512 | 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 423885818d67bfcf00e21be13f6f3a71 |
| SHA1 | a79144758af1204bb161fcd79e74c1f692afb7a5 |
| SHA256 | 5bb552beb00af20a3a39660decabba8520cf53ff43594d1cd923f9217081d169 |
| SHA512 | 99343f25ec96fe803d57a1787ceff649a5350de6e5624990214d604cdd6cb3a4c5a8c069a024712c83e70ab91424ac1ac1f7d3c7e16f9fd498342c46ded593a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 3c2ac6ed09323fe172784cdec7f3d671 |
| SHA1 | 79eb656ac99f1a2efa7fbf8e8923f84dd2b63355 |
| SHA256 | 67d42a456baa3edbec1eb21c94f294c04a72bac350acfae80f4f2b65afe8bc5f |
| SHA512 | ac95a571afa882744a42447e84c1ca5231303ba33700f63e99d58860e9635ddc861745678d5c74b137af3d50daf05ea710abe65b11ffba95e2b2f6aaafb65071 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 047dbaf7429bd6fb2e31adc052b78641 |
| SHA1 | e6a965deb29062afffdd1778d12d49c51bd92910 |
| SHA256 | 9057108a2b9a91d3b01e29aef1222826876f3922c704a3759ffa474b0b876132 |
| SHA512 | a4d0971c9ca2740336c02ef9e703010585ddbd977197d97f85a6e0f43d67ecb7af71db6e5b83a34c05c1e076124ff63da2cc3634108389fc55cab7026fdaacc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b67693ab6656f06d57739dc4e25b8011 |
| SHA1 | d059368229049010af45cd8b9111d962c6815a59 |
| SHA256 | 512cb3e6e1f5cfeae93f99cd673dc3949e30c1c981658aa1ff84bce467bde68a |
| SHA512 | 329ba8ad38d678bd0d0d5016c52df146cb8637f5d39911e71b5d665f5ab254717e5b78f9e0cfe68687dbbd53fb40b173eb011c96a91db8101a62d0876dc3049c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad872ea0650db56fd2011bd89bd399c5 |
| SHA1 | 16f6541520f6e6de866815c5da4298d55b643553 |
| SHA256 | 14369e7b105ff199110204b2199bf68d441dc6030dca71d2f49f9cc84559a63b |
| SHA512 | 70429eebcf9f57e120403bc2621b7826af7f3d3f1a476d1e172106adc6ccfd8ac3f3f62e28e04f7b5c202ba5097510002838491fea8ead84881547319e58e577 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f397d1e69aee9fcc3b5bdf1f5a530317 |
| SHA1 | fa540d539a1f70a32c902fc0ebf25773f67af116 |
| SHA256 | 434cb4d42d98a4fb953d34b378b352ac07271f602e591c33c6d7457a66c7c1b3 |
| SHA512 | 726ba4c30f6dcab9cd2c8b78f66f2e74fb4c9c7549797c42f61cda97ed2980e0ce3a9f4220f88ded40027ee16f873aa66a06e49684a92abf4e2306e569ddaac2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8d3be0e01f71670e3cdf670fdeadde7 |
| SHA1 | d1b884b2df6296f573e18863ba49c3509b0bf839 |
| SHA256 | 67c2b7697d4e0e19fe3bd0e312de715616dce704216853c0e89718edf7620eac |
| SHA512 | cac99a96d05539a8c1b24c9886c397590c7c0c10df3c6922dca1b842202a789af0ce3f747fe8b7583603718f89f9765233adc5bc484e834b82df0161cd63622b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d1bf662f43859d14568c79fcb6a2a95 |
| SHA1 | 17c32e1bde1cd78c1a3e0f8064ff9f91e3934872 |
| SHA256 | 5be02d12ed31a09d524e2273b15cf8e6547e5e9c1a418b846746508188305b7c |
| SHA512 | 3ff893f9ddc2ce968f741b6d5d929068b7e65320ebc1b73bcb3b3642f4968a31b0283859ee7586876c36c66394b1e969cfcb4e46c26e51153bd8daf7c35b0880 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
| MD5 | c3056f0a76b10a43698d9e222b68db2a |
| SHA1 | 9160f3d74d06359441a4eea7ca38af5aa0ff6465 |
| SHA256 | 77045f0bae7b92e7199643b9ccfe437e4ccbb670bdb66b52ea8e7b25638f15bd |
| SHA512 | cc62b0978ebeeff8dd7e21ff2a7a409bb9f73b5d6c607e356b27ae4f78ca44288c0a3c45dcc9756c24170700742e1043a40ee2dc3976f24e96f3627559b868c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
| MD5 | 90da4b073ce1505cec82c3fb1421e004 |
| SHA1 | 077d2cad23ab7b932d6cf7c648b7f4dc217f0b5a |
| SHA256 | 50635a5d4dc9aec069bd5fe5c9c791cd685a8f8ec4fc2da95d3bea1d9b1b31e2 |
| SHA512 | 941cd39190fb0f5902f0f3d807c22dbf62f8190b2dcf6c37828b32e8e167e80e9977e2501c55b7d987fe32e41c13031607995e504b770587ac08bbcd59a6533a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
| MD5 | 5b4b46396c2ced4afe7d0be79d496599 |
| SHA1 | 2b73188280f2d14eb3110304fcadc6d142811174 |
| SHA256 | 1fe520afadece163536b7879acfcffa3352279036d6a7d9f04dea652bea5855a |
| SHA512 | 5e3aa8f5e22f1f0a0de078ffb576a4f49f3de931f43e06c2eee779c4c0946f88a8c5f19e25eaebb6a33d9175325550968b738f31c073f262f76b55c343baacb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee78db1f46fcf47c_0
| MD5 | ed9f1913f43aed5fb6795e5713b9d947 |
| SHA1 | 50166442a51f43562e9e05efcde10dc88673e24f |
| SHA256 | 5735e3770cfc203f31de68802ad3806007420c3756345bee9845e10b457262ee |
| SHA512 | c0311f3226a9a18dc93cde1480fa97d2290f0858bcfcb98adf97686c14d1aa109f586af2efdb87b994f44d706793a5474c2e2e4576d1935f1e7d33999eb1a15c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0
| MD5 | db845f2bb68bc0e33ea03ad0178bfa92 |
| SHA1 | 4c2202b28c4b3d4e67b85f9044b144d2d0eee311 |
| SHA256 | ba9f5702cdaaf93df67200f485d87bbf538479c9fcdd3e81f071ec57783c6719 |
| SHA512 | 66d3de25fa9abb84fec780cf640324ca1a13eafa8fadac19e8bc7f401d9ac0d5af51e06ea13c5d61a46e0d2244472999e126d6cd556fad0d66b7ee7e8d90f85f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0
| MD5 | 5316b22d19af0fe48eed12a6b4ddd297 |
| SHA1 | ea30fa87e236cd91ed855303c54b9312f69cc607 |
| SHA256 | 1e88c1a06428c1dd8b5d6bdaa61bc781baaad4db79fd83f624bd4dbae99e22ad |
| SHA512 | 83d160b78d6fac02d5783ac8a1ff79c2efc6db953657ff1f8e1e3d647ef33b0518f1ca1f0e1dbe81faa8b49f5da55b2c1c6c4b5e702827fbcfecda2c69b5edd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0
| MD5 | 5fa348a65707b25c6d62c541682a13cc |
| SHA1 | 91e044c947bd685c388f620dce1ca8f8c5a8c901 |
| SHA256 | edb6f5dac33f1911e865d07684e30b2fbf7c6ada0c3dac7d6490cd3cc50d70df |
| SHA512 | 2bdd49de497c7c0418e9ae48868aff82c7054661ce9d03017b3c5243896f0f884ea83153e1c20a851d1f8037ef9acd28a6f0d9ef699cfb7e256d79aefdcb3938 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f05d59e6df9a390_0
| MD5 | 88b22bbf8f4b525f4eddf511c7c3a696 |
| SHA1 | 8b945740e3dde8cf5126a243ddb2088ce1a37dae |
| SHA256 | 32d10995d7e2b4530db85faa3ebe3806156612f22db2161317c41c5275e66051 |
| SHA512 | ae08d68484dc8bbef0e4965772466236360241bbf1bba0eb8d457f6aa751e93fcdcbeecf066fead947dfe1c1a76c5596111057fd9e175914435c8554489be417 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0
| MD5 | 8f3f26171f6d92d37d3f1188151ebed7 |
| SHA1 | c4d8d13f412fa0c08d341edd5f2671f170c0b3ac |
| SHA256 | 0e9db32ebc5766addd6c11e6469a3e7766cba064d4eccfb8346b6e35f7b353e1 |
| SHA512 | d866868b925add84e5df1426d8c2f65b30cdd066e6a982799d4a1b8e69ab3d7f108ceb7b46823621267eab276fd8c857235e43c10d7dbdec2c16d5162927f498 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1b86314be845e5f4_0
| MD5 | 1dc71200bda9f80170ccab3bfea9050e |
| SHA1 | 124e3611d738213866e686cff12d572abde9ddce |
| SHA256 | feb83a660c84e34c60391d052c07cfef1db65ce60140a54231eb372849794c64 |
| SHA512 | a608591b4284eda497716665d866689efe5141a333fc6cbaf1be05ef255cfef9df40f547470cb7bae0dca781e2f4f6fb3dc8a6e3c9c107fab70265a6eceadd00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0
| MD5 | 0955ceda6dc0097854dc9794baa8ec0d |
| SHA1 | 6160b5fb6514d296c18eac37fdf85b38283828dd |
| SHA256 | 5c2b55a539cefed50b5804174d1789c724eda45f819e41c988f1ca19454d330e |
| SHA512 | fc7ae29d79d3c508166df50b6f89d5da0ade3c3851ac9ff5881af7667d11e68975de6189131e1f859b3b0cc951542ffc9a731c2cc56eb7a734d3278bb7778734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c035c55e661cf4e0_0
| MD5 | 48d42cbd0d02a129ed7a892fc7d95b1f |
| SHA1 | 1f4c6bf0a98f424271347c8f7ea01a1c6a733f26 |
| SHA256 | 54b45f452b544d6b500c2de4a1c64e885cfb47626662048d0691f485332aa5f5 |
| SHA512 | c46d02cccf46107e2bfe010120d816aec85ebd7201c7f9d210d8f327b87ffbe4ed2bdec1c0e3baa52181c481b2ab07f5f8522aeac40437d965649ba0f02496e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
| MD5 | 57308db8ba9fd5af0c3f1e341d7d734f |
| SHA1 | 1b4b5c8820d4e50c5ab89f61542bedcfa6bad994 |
| SHA256 | bb4e40486734b63986141065225dc7ec4900bf404b9f40bea24a2ab1cd9c47ff |
| SHA512 | 2ea3569696a16954101197b66a64ebc9e45331ed7a308ef744ba59058ef4459d7e9acfb31e31a4c96a67e8a42facf539ac895244e5f2fd52226883933c8aacaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | 3f3d6aa658cb82a3aaf09f6af9ce8196 |
| SHA1 | 546bae1b96cc43157064499f330febddb154e0cc |
| SHA256 | 2bcaca6d84222ca5abf676fec7e5383276cc7b15f2221dd2c4d33816598aabcf |
| SHA512 | b5ce4a978e620f4743ed73f565a343b2181848ea2fce7132feb26e713869784b26da9dd9ecb84d253dd179833a4d070ac7f8d4436d21c2e139ca8ab479a1934e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0
| MD5 | 655e4e1785a236a7795a4f0472d83d37 |
| SHA1 | 38d7790608e5e7fdc38562bb97a4de5b3dd358dc |
| SHA256 | f450c945fae85485cbcaa3b5b4e84f2ec22b6ee44dc391a97fdc179359de71b2 |
| SHA512 | e5279ed36f479bfc60460000ae1223f28cd15722a8848e4754a651d5dbfdd35d9a056d53f41825cea424b6f9226b51a571753cd1208cd7acfa22805c613303af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a
| MD5 | 111a850fdac66c90573d45a178e05ff5 |
| SHA1 | 596eb78f1325d5ce58c222891f4700a59c82ade5 |
| SHA256 | 6c27f8dc2e88d702c44ed6a0f74f8ea65294340619e67589f4381675aa7726a7 |
| SHA512 | fbc1d450215b1a215a4d5e058a3b5ec981599fc21a6ca0d54c432b8a25728834fb6a54c2ebd46020e25c1ca7ab197203c59beae10c0569aa5b0532b63ec88903 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0
| MD5 | 64fa012ba2ba18e3853054a282c45d07 |
| SHA1 | 5fecbcc317c4858fc2166000fe8065c7cce0a245 |
| SHA256 | f58d48e275e3c59ebecf6e9a90a92682905fbefe39ee3e55a70c92fe13524b31 |
| SHA512 | 0831d26989bdc39e287e38ef6121ef6c7d986ed5914a73d3266606072e8833549e625f14da6bf0f07f509c07daef03267ea9ecd98e1679feca8ea094d8db0d18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0
| MD5 | 5be3c56472ceeac7d6cf5a9647645684 |
| SHA1 | 53419e477510fdf9ab1ee55a6204279679143eaf |
| SHA256 | 876889e4b961b578050423c3a1ba022206878db8daa679b50a703df201a64c03 |
| SHA512 | 363576ce434b8cc81cb1f647aa56c97e695963fa7e9560bd0044e21d25bf89bc9369120257957dbb97bcf5c26458d2be5cb5df3a68b29fedb6f0141c85795a59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\960f838b42b585c9_0
| MD5 | da5d377ee15a2afe7a32137986125157 |
| SHA1 | 67cd318dc672944de135e70af23096729fe9aaa8 |
| SHA256 | b7cefc56ea5e776dc211c5fca8b9e92943234b941faa96a048403023a1988e4b |
| SHA512 | 372bd618509de516bf4cedd9ce87d38f0fbf3c8f87b63fffed0737c28bec256899cf7a005b98f698899842880fca4f4570f91c95165e2585f3a81ebde06f4ad3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0
| MD5 | 0d538f67b13d78314cb41551429a94c3 |
| SHA1 | a2020e0e619e1c2a9b6cddf92f8b01aaf5a6739b |
| SHA256 | 33feb8d82b89e10b6db2744a7a6ff495249efd0709f2185ea0110b4a6161df9c |
| SHA512 | 66db24104dd45d629f01856f5eb29162970a06a17fcebab7b579814149de8d456cac72f940e35e007bb179c709ca5c081672c9a7584167542772bea84275b8db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0
| MD5 | f0f6f915c80ed826e0800e8e5c37698e |
| SHA1 | 34ba043b17c6b150653a4486716a98b426f2ec57 |
| SHA256 | 5f370a9365e1ea586c3f289084447fc6d6821f5ca4d86158669128dab7ef8f99 |
| SHA512 | 49dd8a86ff08fd57b96889e069737133f44df820f8cd5cfb7baf1acdae489acd0b7d05a37ba5ab84ec9c96a056af762e65a1cdd019fd5e1c38f065e392f295b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0
| MD5 | 5c6d38a69631617b04c2b1268e221eb7 |
| SHA1 | 2f4faf29183c8ccc80cec6296a445962abf1fec3 |
| SHA256 | 25fa399a79be466f6aaeef2f8328f9d19cd61a96b20fe22b698055e45775399f |
| SHA512 | 683ef1016d949d24654d1f35020da2c0e0c3bac6b0869602b8030caeb3f0f955dd16acfcf7df04e7fcadfef10de1b2692213118d06501c3ee6ad78da84a05daf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0
| MD5 | 5c865ae5b5561cc3576a1d49e499f3ac |
| SHA1 | 6816ced95a5076d17bd2e6690bcfd128cee3a37d |
| SHA256 | 41088859cc0b7e08b563733da0444ba5dea34abefc05b73b8dd2741e4520fd1a |
| SHA512 | 35b14ccab17a813d1e5747098a3d4e7312bb45839820fb307147841841744b69b5ff7e06816bf1d43be50352aa62f09aec27cf8c8684d1b1804e5af53e28d7b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0
| MD5 | d768c5c53f00e048eeeafb80e85ab74b |
| SHA1 | 55814215a588bf49400f8544752fde22d84754c0 |
| SHA256 | 75c3aef9d806c9e817ff491c596bbc4c642068402a5fba411eaad88b772c3543 |
| SHA512 | d9bb7d4e33db9859a6c006d6ac7ee5d1616d39e54be02ceaadeedd9f1538726f1f6e2d5247a6da4c01b3240a1dafe2276016ddc6b8ae46151cabcefbf88f72b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c
| MD5 | 94fd864eff41d2466c55e3d0d47e92c7 |
| SHA1 | 2c8ab5e8d1ac7f09af3c09de7575f8ad55706094 |
| SHA256 | b7b245e311013279605a274aacf18e2f9314ea6c275aa4c54f7676c63f9b9248 |
| SHA512 | 4e1f2656222174c5442a5af47a63bc56acb71d8f34809aec6f33e15f6e15d6e8e81f72a8aff925c09bc2d4a0d9f55b408d7d8dcb7ec01519e431a3dd28e1f682 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d
| MD5 | ca5cfb80b6185013a1fe31a3440817f8 |
| SHA1 | eec5dbaba370417b8e3caa91b1445fbfed18e60c |
| SHA256 | 4a6342c556481a2b534b42756a4c74ebf2d336b4a27a1e5a52cf0ad1b99566ec |
| SHA512 | 859024738b2a7b95aa6d70bff42824e01bf0f484bb4cd8208f56916a5ea7ec97ebd4f92734a44092574aaa2a5a6ab63f5e43d26dd9f8f2fac5b38275392ad045 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b
| MD5 | e39b6cf311ba32121329e891bbd5d8ed |
| SHA1 | b7c0f44c75c46ced9864b9a1543d4d8ba7f98219 |
| SHA256 | a1edcc8a3157c491ce4f40f425938446f5820bd652c79cfdfed43597d9f5fc3f |
| SHA512 | 2d555c51fcee9f10f17fc3029ba6367262572280b9983f90e07c9ce1603e6b9739ff0bc3ade14f33d7df91d66a6d72535208b4cb1be5d356d6449fe086367ce0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 72c4ca40411910efd45cfb834f7bdf07 |
| SHA1 | 8900d60abc1cfbf2558ec0cb19cf47cc6a9f97a5 |
| SHA256 | bab31d77d3f4443d55a9f45cea680caaa4182d78eb2d63bf1c3a3fe5b0a2f10c |
| SHA512 | 279038ed58201be6be78d5b347de90be08a5e168b982566fde5b6f77277094790fd6fdd41e2359f00754ae65b81b4d77ee3fd4cc6504cdbef01262daecc3407c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d9b655cd47796c7afda507b5cedaea85 |
| SHA1 | 3eb6a6aa1043b1102b484ee57bb93e06db7c7cc4 |
| SHA256 | fecfb650d83b88fb13a576e5785837419b8de51a3b6914e757845637dcbdeb65 |
| SHA512 | 15176a3408171fb8680aa25d61f476448bc9603319a87cb70d4eda0d78c4d4ad04197155f4583cff0f87904577a8dd47472b347baf874f34efd0226ffd65a9cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 86ce969aaa78e58519d26f9c885976e9 |
| SHA1 | 278fe3f846c426efb433ab66e010c029764058a0 |
| SHA256 | 319ba457a5aacc7b9e84a046dd0fc90cfe3febe9b7da257eb9ba4852fca828df |
| SHA512 | 518f947c105db59610aea9e5ef71000a535b02f0fbb1e17b518c830defeabd2bb6b9cfaf3ead9f908c7ac8a5e021ed3162712716600d10b18d0e890e73a70334 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a
| MD5 | dcd403bf81b7bb7940f0eed212f8b967 |
| SHA1 | 8a101418b7605a762f6087f20560e3e46a072982 |
| SHA256 | ea8ea1a94311e13c3b661a3f469655e763a207eb06c50488adb11cd8a6cbb7bb |
| SHA512 | a2ec65f1473fff2054693df81df9fa387a98ac30c78a07cd5ec8fea7cd67949607ddfc89230b1ee9adaa5831cc22b67bbac30994098ada2e96d0635fdab91a03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5bfc9865d8ded0289b9e7a3d1a5a0514 |
| SHA1 | 0cfdf231b3f807ac34bd3400a39cb315d94d4341 |
| SHA256 | a51c6e8e7e9532eb97695913ff54ed53135f38ac944ccde5811e3b443b2c7904 |
| SHA512 | ed9765e2f626e516513a189b3af2bf21fbc3f9a7e55f24fa9d749459f3d831e99a83213fa5044a830394a9e799e057b74d9f0bc99a1d5ffc39ba314e44c36fd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67391d7ea53efdc3_0
| MD5 | 564f83655de42920ef5a35094aab54f5 |
| SHA1 | 4ea4005fe326b5757f5669b7cce453faf96766b3 |
| SHA256 | a36d9a7d366e0cab972e59668891269d2193b63dc15109294fe8430e6f6e1c16 |
| SHA512 | c72f6cffd53eee3a256021065298cbea5e60a7b92c8bbbb00dceff63e7a5bf68ae1ea57e87a816e2470f3e5d32790f155a5d1235921c7bc28ced38f4f705c794 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\43604d2a195c1916_0
| MD5 | cb7eb88e78af9a39571c8f9d923057ae |
| SHA1 | 7012c07a08b8a0990af4e80494ccd2040a355b70 |
| SHA256 | 716384d63b16cfe216c07c8f81cfa555cfcbe8006a703a49eac04fe824e34fbd |
| SHA512 | 31aea04073890eac9b633893c95c20d6a08b47e24c850a7b2812905b6e52e9cc859198d3c4fd9716fc405b99a643380a54cf13024bcdcb8792c211cdd4a10c3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d11df596af7121d_0
| MD5 | b6abe91fc551ee69cab9562eba477430 |
| SHA1 | 459fb2163e7bf0502e5a3c5b7169866351fda856 |
| SHA256 | a51bb35e3168c6e78917391f1f8de2a27192f6b4281c035d932d304f915d3d02 |
| SHA512 | f25fd26ee84de057903b2991b28caabcc18df25bc9921a60646da7e7c186d745780d11d4947f461bedd20a5e19ddd0d57c2446dd99963e5e73eb0ce177d66ea4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\165ea510aa7bffcb_0
| MD5 | e66cce5ce3dd97ce45cc86f4f5ee84e2 |
| SHA1 | c3bd0059e4af49cd31b47fce4c9dc9fd50def3ea |
| SHA256 | 4555c739da353f137ab98b432d187662cf90bfef6372e08db83c0238a3d3f769 |
| SHA512 | 9966dd7e2d98ee3e2404c2a85024e82f48c621e58f9af48da219a5720dacafbb6fa52365ac35366478e3670472ce945ae4f36dc04943effb6ffcb28b27b65bd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec6ef41cf9d139a5_0
| MD5 | bc2ec7bb84ec0a45710e455f95ffb3bd |
| SHA1 | fa6eb49d84d13a71ce5e90a8814c9a3349790ecf |
| SHA256 | 4994ad74f95db04c21365f9592047690fd1c7af7795805781dc87351fc8ec8ad |
| SHA512 | 79c5afd36d095e16cbd435272c9026add6322ea778093fa69f37fa20de2b4ad58552ddb3c21f4e08eab3617301fc312cb59529aa82e0409c79c141b984945873 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f908eb48725b239_0
| MD5 | a6b855571e5d9bc5b41830ca6775988f |
| SHA1 | 5679067829c771c6fa7afb5825a7fd8e9bf0a202 |
| SHA256 | b5e87af2f610381e474b9eda96eba3aa30a0636b8f7e17e6e62a2d9a5b9892a6 |
| SHA512 | 49456f8695938cd7f62a62df34a76e73a9e03477a4256e250d000e08ad35378e53ec9771b555e6f4fd586dc1c1a22914ef88e0fa4fd6375cdb9a82c1f1a73c79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0
| MD5 | 2a51cb94943aaf405993fa71734d8879 |
| SHA1 | 399ffdbb9deef4a0358ea77ce348407efe8677bc |
| SHA256 | 269c94003e9f8b0c55b1beaa1787ce2aced4747afe6c17f2008f015834d4a746 |
| SHA512 | 97fb71f1b1763188e62e404a8cb69ddc9a5f38e686a85ec6a492908a758d21ece07f7f2df10a042c507e081e2e5f7a1fd89e1aecf4bd53799c1e02d6634bad52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\59fc8adf66a76ab9_0
| MD5 | e4d2e693520fb4e915407cfabbed0897 |
| SHA1 | 193f69cec5f32ebc6bfa5120276d74a3daad0d37 |
| SHA256 | e85632af1464b38df5f239728bf0f1232d51049b309d5737e343848e39a572ff |
| SHA512 | dce4b77af21bf71976261fb73243f8ad9c0bff6309e2948b3edf5c7572be13f5c4b58927b3cb0a44f413c749f4079536dbe2ac6065b4634ba96b79e5742c8c6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71da22abe269277d_0
| MD5 | 2d0daad2d8111f839df03645f20de4b1 |
| SHA1 | bd96af1c97911307774a8aa0cfd0182c6ad89d0f |
| SHA256 | 59e7cf47b43ffb6e0bb0d9d5498ea2ecf1e8685897496ff9164a6edee6877b8b |
| SHA512 | 7af24ec6df8d7f785a62d0a9f31b8eb540c466c26d7ec3cf845f583fe1df84eb46799308b96bdf77bf94a4ca712e92e47ea1d00002230710958448eedb6cc54e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\052d5fdea9272438_0
| MD5 | 95af7efb11ec63c4d6b86afa276b7db0 |
| SHA1 | 4fb0712587826df3b843059730f37521cd9f8e2e |
| SHA256 | dacc18a23074836039a50d6f50a83af2f09143c06a1401e894ecf8fe8e5f1aa8 |
| SHA512 | 55d99ccaf1c4093dd10165e80bc5671e69973a1e59084568d662468de34d90f4e950fa0985192d1bab30459959621bd61dd5972f5bc4fd7e720766dbe03b7478 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1b330dfdbc3ac8f4_0
| MD5 | c0b02328c0227ae64871f5d3d2ceb2f0 |
| SHA1 | 900a8cf682f85702913cd96349a82a3b09ad4f26 |
| SHA256 | 6805e1f67b2ae8e082f11fb305ec32fb2c39f4ce35256f977b5e9b10757da107 |
| SHA512 | 7d418fd2592c5fbedacc42dd2d2601629f356f5a38b354c62a4739afa7579f057ec6120b77b0cbc9c466e94f6b2c1e3c0219991913af9a77b9bb3b9e1956fed9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b90f32a9f5621963_0
| MD5 | 7578f1a2a0829ffc464afb84d306ebb8 |
| SHA1 | 86fa6b622735ccc3c4f7ab5823ee96d7fe4542e1 |
| SHA256 | 3411fb7dcf70e27038e3b9ddbed468c964ec5d4510ab552323231ecda2ab759b |
| SHA512 | ab59a25bda060475dbadfbe92d5e93b3199ccc9cc058134768c3c565fccc54a5f5514daed27c353db23b6f6dcd4500e8397346daafebf577bafff40922e89d34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 402062361b77a6f25f1c015772b34cba |
| SHA1 | 65cfe3c0a4ac04ac7e1894f13be338c8517dcc2b |
| SHA256 | 0cd0e17f1feef9e60d97f21981413f256d94f37fa370f8d9c204930d0a781e9c |
| SHA512 | bb5d153198933d20712df8a15da67f0620cbc200bc7eb3d32158f09764f3c6b95157d31f5c54f88414ae4fbcb43273929c3fbb6a06d65658e31defe31ef75a4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0
| MD5 | 6f424b9bdf0749b99f882165726213a0 |
| SHA1 | bda2b6ad5628d7943b047fb097305515fbe59e8d |
| SHA256 | e8f13e2623aed35ff08441b35a9bbf7ba81584facbb7d05eda317cff628d044d |
| SHA512 | 02e6f715d74114045c9e728ee5910c4aa9bea5ff0558354c223ecfaee673f9f036943a4584699bc37773072f74e3c3c467681a9481aebcd723c841f053ec7ddd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbbc3b076556d40d_0
| MD5 | db6494b30f593cea1fff819f9867cb50 |
| SHA1 | 2063ed294e2e1eb9072a81e0b907f53eabd2fbe5 |
| SHA256 | b0c6a09b9331354fd0886ff3ea703ad379bd780cb77e8407e5ccecaff168c95b |
| SHA512 | 604c31c3b05832680fcaa3783d02b2756260c4284afd4e45a3f02b2c374107086c2f6baf64fd435b124a6af236d2547919c6cf2305a53ba24f5bea37d8d94dd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0
| MD5 | 365c357723d1311131251be12c010940 |
| SHA1 | 4e258eeff7c63eb15f67a1f87eb5ffa42199fee9 |
| SHA256 | 498e8316d77109c874540e23240aac3e53eab6fbea5d9f1472fa2179a26a430f |
| SHA512 | 72d2ec8a1874891f7801d326969323377e759a0d3ca31a87ff77170a76ba8df6bcb9fdc3560b3942cf0f7656e67922ba69943638192fe919dae3b158d2e143c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0
| MD5 | 4f556546b054a95733944b4aff8f68fe |
| SHA1 | a4841c2791c5cc3b0e8cd476b8470979fdfe8361 |
| SHA256 | 024249e70da582f846b50a26b45e8ffb159274850d62eecb2dcce9c982530cf7 |
| SHA512 | 824ec2309fcff4628239a76f3a5cfc17c90c90c9ce821e8ac0b4def4a4a97784bf6da8914bfb6094a4a076beb01bdc74d1edef24b5b0befe7021c28baacfcd85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\62f20db8aae8f96d_0
| MD5 | 6a491abfaa2535d91d53e1bf1ca5268c |
| SHA1 | 3d9a89ba07887a4266027a1f9153324c0c415019 |
| SHA256 | daa209ceb05ce390313dd8aaf12fb9485c2796001da979d7aefc5808fe76f9df |
| SHA512 | a511e0b0888938e0598f1f7e393a9c6e5658f2bac4569d11a55661e9936991549fd108286865e80b14cfad3879da36be88f599fb560afc10d03bfe6939941564 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
| MD5 | afaa2e8577bc7854824991223841d038 |
| SHA1 | 170836ec98241b8d8c935e82781643238b3787d1 |
| SHA256 | 34adfa128df53cccd66d35a80c90ac6aa13a50cf0650162d0ed6a72e00dd1197 |
| SHA512 | 672cea6acfea01a5961523f20cf4f45e087fd7973a193a7546a314ca1a7141b0671ed40a6df5b35f85d3e71d2ac34ea5c6a0f659cf11426b66d7a9fe413bd6e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a1e516bd9b6707c9_0
| MD5 | 9993cbb9fc58b7a94e36dcde9d3c26b7 |
| SHA1 | 3d47a4bb476836660aa680fb8202088e451b5fc1 |
| SHA256 | 59c8d2c06aba8f441ee2cd606c7778221cea2e08558c2b3bfbcbac743e40c86e |
| SHA512 | 0581908bd9edfadb99dde5262157a4ef35873ce48a7264db44339851c6ef2e4973ae6cf0635bf6cc49c4f6752bbd51ab0103ed9617a39b871196233a8fcb895e |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 0bf865e7ac42854270736c9101952e5e |
| SHA1 | 4e53ed4d19434262a084c33d5fe88693ae9e5b21 |
| SHA256 | b5c0ef3570ac5529b3cfe4e97cf7717f36e3d213185b5698d4aefbc03b431b72 |
| SHA512 | e0c6d36de14d7cc9be7bc3a094581bb4c63c8140feb09f58738b07abedbd69e8bf65df6e166504c58e65813c33ba124534d80dfa8f7d0e4da76d9796fdacefa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ccd58ef72c90542346d589fc42533070 |
| SHA1 | 09fd3e7b003c0402c37bf7b37fa0e5eb31634af6 |
| SHA256 | 7ccb95cddcbb3eea3ea755e3917ea1319cc8103967444be80da6c1722aabdb0f |
| SHA512 | 770409c750fac16bec820241a640eed3a01fd36a24d2bdf4847e3f93152c2dbdeaa3f31063a3c89ba0e6495f41c48a245148b92e4c6df4ba1b6b2e9118c93b10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 19bd72b11add59c0e79d5cd35fea4c40 |
| SHA1 | 867dcdfcc7e10c768ed403b0fb769b1d08f668f3 |
| SHA256 | e5e46dac2ae6dec3c0ff1adecdc93cc65b3eeb34c3e1cf22224e8c7d7ff0ccd8 |
| SHA512 | 8c908b0a5849ae8adb0c65fb70c73208c2a8a3e810215ecb2deaba24e72b667f29e58cb70daf35f2c7fd23a4d6640e7216a69d1056d0b2216f29015bcbdc7dc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9b97f89f2565877d1274718d4855a443 |
| SHA1 | 8d9bb090678b432f549216facc95b8aeec41b518 |
| SHA256 | 9c1e92f1b490be03b2eb0932d7d3980d0dd3406a68882b960fb7d401279a13dc |
| SHA512 | 7b6264815ecd0fb11f108a55930dc99a6c0026bb4e27054855ce0cb89f75e66ca5f2a5ccee54776b3cad6ca63e957608c7da989a6d116a3161f2c20ef159a953 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dba8239ff841cc039cc4fd2d95266937 |
| SHA1 | e843104717a69cae9b5c6ea826df4f2413fefb73 |
| SHA256 | 8344a74e8bb6e3f7b86cc266f26e2cf117a24f6b64b02e585665f2f62ea192d9 |
| SHA512 | 4ce9362f202ee3cde189ca363fd25da0bcbe466f9fab28c4f8d1a8b2535bff9b368635c85eced565479abe79b78f1284387519b021f3727410502480af386ec2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2180b3ce6b72616678b803c015762781 |
| SHA1 | 0b396ca71a6c02362f578ca48bbdf2877597adc9 |
| SHA256 | 1e3ef4a14552a2b5daac467f28f6ebfd3ddc31dccb364cdc9d9556dcf4657ef3 |
| SHA512 | 7374ef73758bc01b52efa692a60f073cc0f294d9ef6216eeff7c6b2e0221f9f48222ab78e2230e2006d90e6c8072c38a6e5d46ec7780887ef41ea9e279c27ff0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1a33c14fa75d28caea44db40def3b423 |
| SHA1 | 85399c62b7cce5b939bc230e38cf8cc0edb532e2 |
| SHA256 | fc4928cd65fac0106f9cbd67c1fb663b1b944bc1a57f983b8d09852b0ea34183 |
| SHA512 | bfa48da8a400e1348a7701b06f232c923602fc3ba5bdd537eaa2f0c807d6559b25b0014015ed824234427ae49f798f05c772e40f2df53555f3c4bcf17e87e930 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fd29c42c6aec11d66a75373da01c70a4 |
| SHA1 | 1e9ae9ca43c856b5f83b99b6f562fb6d247cec79 |
| SHA256 | b21c6c2e4e5911e72d4ac40f1bb5f1ba01c3f14ec726526ad19ab5309af83510 |
| SHA512 | 82016c8a961d791c2bc8026c68ea5c78615496a5f55b6012f334b3b640ab423c998bb87d3aa360ae904d304b2ad598c1bb4301d3b664c1db51100c1fa76b5c16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 15526c7ecf7bcd71377e494fe6fbe9ff |
| SHA1 | af5f3c3101d2008af5cefe0f37e0c141a4a87ea2 |
| SHA256 | a79c3493550ede04e0cf33d5ede93e53fe2eebaaf570bcf71fa9db21e2a95aaf |
| SHA512 | dbbf9c160eac53326870de8ff62b787d79f789c949b5e70294c916094cb854d3d882bc7118b2a570ac7a7d833d4371792ed76cddea33e38d1f833273d0c1c131 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dceccd184f85f8f9742b91ecd81f1df6 |
| SHA1 | e12ef61329da9465a009f673cb9d373942e09498 |
| SHA256 | ab259f552883cc2f21f65e947de6f502d55dfb64313d6db044b8ec9a6bb819f6 |
| SHA512 | ef746868ff3b6c712f42bf3bbeb7557559f52abda127e51ec5bdd1cb42d30f51c79c996bc1f374f42e8b17d4b25aeb61bab125269407e75174c3334059aaac6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f0431545d0a1c42302e09f90095f865d |
| SHA1 | f6379c6a642467e0337a99672997ab632e6a5434 |
| SHA256 | ecd4485674250847997436ea7a49f43af63ee8993787cdc210350a4f902af934 |
| SHA512 | 2a4d135f4ae590f4b7884f6d67c461080f65fe7da54b4f8a3d67a2d5cb2744cf063c3e6ef22a06721a0cb3d05f8bcf5ecbb3131cf331a334aa759d2c0b1ae4d9 |