Malware Analysis Report

2024-09-11 05:56

Sample ID 240529-xafhmaed32
Target wp12122634-virat-kohli-2023-wallpapers-transformed.jpeg
SHA256 2d83f92e347e90cdb65feb937f7f359ddf9f8355cc0af3dc436014b2652f0dae
Tags
cobaltstrike backdoor discovery evasion execution exploit persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2d83f92e347e90cdb65feb937f7f359ddf9f8355cc0af3dc436014b2652f0dae

Threat Level: Known bad

The file wp12122634-virat-kohli-2023-wallpapers-transformed.jpeg was found to be: Known bad.

Malicious Activity Summary

cobaltstrike backdoor discovery evasion execution exploit persistence spyware stealer trojan

Cobaltstrike

Cobalt Strike reflective loader

Manipulates Digital Signatures

Drops file in Drivers directory

Creates new service(s)

Possible privilege escalation attempt

Downloads MZ/PE file

Reads user/profile data of web browsers

Registers COM server for autorun

Loads dropped DLL

Checks computer location settings

Checks BIOS information in registry

Executes dropped EXE

Modifies file permissions

Adds Run key to start application

Checks whether UAC is enabled

Modifies powershell logging option

Enumerates connected drives

Checks installed software on the system

Drops file in System32 directory

Checks system information in the registry

AutoIT Executable

Drops file in Program Files directory

Launches sc.exe

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Suspicious behavior: LoadsDriver

Uses Task Scheduler COM API

Kills process with taskkill

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry class

Runs net.exe

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
System Services
T1569
Service Execution
T1569.002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Subvert Trust Controls
T1553
SIP and Trust Provider Hijacking
T1553.003
Install Root Certificate
T1553.004
File and Directory Permissions Modification
T1222
Modify Registry
T1112
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-29 18:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 18:38

Reported

2024-05-29 18:57

Platform

win10v2004-20240226-en

Max time kernel

1054s

Max time network

1061s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\wp12122634-virat-kohli-2023-wallpapers-transformed.jpg

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

Creates new service(s)

persistence execution

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A
File opened for modification C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Windows\system32\drivers\rsCamFilter020502.sys C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Windows\system32\drivers\rsKernelEngine.sys C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2223\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\FuncName = "WVTAsn1SealingSignatureAttributeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCertPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wpsua0kb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
N/A N/A \??\c:\program files\reasonlabs\EPP\ui\EPP.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\program files\reasonlabs\epp\rsLitmus.A.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wpsua0kb.exe N/A
N/A N/A C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\DownloadScan.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\rundll32.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Modifies powershell logging option

evasion

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_C4502B2ED7ABD16FF1FA41F55DB2B363 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A3D5BF1283C2E63D8C8A8C72F0051F5A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0972B7C417F696E06E186AEB26286F01_30B4D916E12169D9CB0BC7A11DE46EA6 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D97B1EC1F43DD6ED4FE7AB95E144BC_1FBF5CC64736DEDD3EE6301DFD848080 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_686A447EF0220EBC1D36EF897F31F606 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FA C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_C4502B2ED7ABD16FF1FA41F55DB2B363 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DB145CFEEC544B1582FED1ADA3370DD C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07A7CCFBD28A674D95D3BF853C9007C6 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_686A447EF0220EBC1D36EF897F31F606 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0972B7C417F696E06E186AEB26286F01_30B4D916E12169D9CB0BC7A11DE46EA6 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0FD7C8CB35A5508C225BD37696B3744C C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2F23D0F5E4D72862517E1CB26A329742_59C6B5742244136A08A70F9396A5A57A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0FD7C8CB35A5508C225BD37696B3744C C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_0D0888CE7AC1F2D5AD77780722B1FE14 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DB145CFEEC544B1582FED1ADA3370DD C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_0D0888CE7AC1F2D5AD77780722B1FE14 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2F23D0F5E4D72862517E1CB26A329742_59C6B5742244136A08A70F9396A5A57A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07A7CCFBD28A674D95D3BF853C9007C6 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A3D5BF1283C2E63D8C8A8C72F0051F5A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_C33468BC5883F8C26A2F912726D45EFA C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\McAfee\Temp1499536332\jslang\wa-res-install-ja-JP.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\Temp1499536332\jslang\wa-res-install-sv-SE.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sr-Latn-CS.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-CN.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.Primitives.dll C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-el-GR.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\ldplayer9box\bldRTIsoMaker.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-el-GR.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\edgesecuresearchonboarding.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxSup.inf C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDD.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ru-RU.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.chrome.extension.json C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Reflection.dll C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\McAfee\Temp1499536332\jslang\wa-res-shared-fi-FI.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pt-BR.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\telemetryversion.luc C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9VirtualBox.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Win32.Primitives.dll C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\formatters\eventformatter_aws.luc C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxSup.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDragAndDropSvc.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp1499536332\jslang\wa-res-shared-pl-PL.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-ES.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-MX.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\navigatedtoday.luc C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\ldplayer9box\NetLwfInstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\platforms\qoffscreen.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\suitestatus.luc C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\ldplayer9box\SUPUninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-da-DK.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sr-Latn-CS.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\domainmembership.luc C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\navigatedtoday.luc C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.Specialized.dll C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-de-DE.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pt-BR.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ko-KR.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sk.pak C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pt-BR.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDDU.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sr.pak C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-hr-HR.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\preprocessors.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ldplayer9box\VBoxNetDHCP.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp1499536332\jslang\wa-res-install-fr-FR.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\core\uihandler.luc C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-confirm.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\searchsuggestcounter.luc C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\events.json C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ldplayer9box\VirtualBoxVM.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-BR.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\emitter.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-datetime-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\amd64\vcruntime140_1.dll C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ldplayer9box\concrt140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-CA.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-da-DK.js C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\sendonping.luc C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\commonlogicloader.luc C:\Program Files\McAfee\Temp1499536332\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\dataset_da.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \Registry\Machine\Hardware\Description\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94cf-ca250036308f} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E254-4E5B-A1F2-011CF991C38D} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC6-4883-801D-77F56CFD0103}\NumMethods\ = "13" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\CLSID\ = "{20191216-c9d2-4f11-a384-53f0cf917214}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.apk\Shell\Open\Command C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4453-4F3E-C9B8-5686939C80B6}\ = "IGuestProcess" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\ = "IMachine" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D8ED-44CF-85AC-C83A26C95A4D}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CF37-453B-9289-3B0F521CAF27}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B855-40B8-AB0C-44D3515B4528}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E8B8-4838-B10C-45BA193734C1}\NumMethods\ = "25" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C9D6-4742-957C-A6FD52E8C4AE}\NumMethods\ = "16" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\NumMethods\ = "19" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\NumMethods\ = "39" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CF37-453B-9289-3B0F521CAF27}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B4A4-44CE-85A8-127AC5EB59DC}\ = "ICPUExecutionCapChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44A0-A470-BA20-27890B96DBA9} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.apk C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3534-4239-B2DE-8E1535D94C0B}\ = "ISharedFolderChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1A29-4A19-92CF-02285773F3B5}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\ = "IGuestSessionRegisteredEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2E88-4436-83D7-50F3E64D0503}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E5DB-4D2C-BAAA-C71053A6236D}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2E88-4436-83D7-50F3E64D0503}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AEDF-461C-BE2C-99E91BDAD8A1} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}\ = "IGuestProcessInputNotifyEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\NumMethods\ = "26" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D4FC-485F-8613-5AF88BFCFCDC}\ = "IVBoxSVCAvailabilityChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient.1 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E191-400B-840E-970F3DAD7296} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A161-41F1-B583-4892F4A9D5D5} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5FDC-4ABA-AFF5-6A39BBD7C38B}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\snapchat.apk:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3764 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 4556 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 4556 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 1036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 1036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 1036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\wp12122634-virat-kohli-2023-wallpapers-transformed.jpg

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.0.1401521650\732158579" -parentBuildID 20221007134813 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53625898-a0f4-45b1-b89b-96b9b083d89f} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 2000 1a444bdc458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.1.699373516\2026665546" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd56b5fa-5838-4bfb-bcd9-0cacfa62724c} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 2376 1a444afa258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.2.1249860940\1389244387" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 2920 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fd13048-c06c-405c-bf26-4ebdc49ffe52} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 2988 1a448b98e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.3.749040931\1316491222" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ca23ecb-4ed5-44cc-97fd-a133fa31840b} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 3632 1a430f70658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.4.1241357120\1037756863" -childID 3 -isForBrowser -prefsHandle 4992 -prefMapHandle 5000 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f6e247b-5178-4298-ab9a-0734f4761caa} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 5016 1a44b4fbf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.5.1519556037\1353617250" -childID 4 -isForBrowser -prefsHandle 3760 -prefMapHandle 5032 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a037a05-0780-4dba-b24e-3fb227e940c6} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 4616 1a44ae45558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.6.1349658290\34650857" -childID 5 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e931e5c6-3610-4856-bb26-a1482dc045c0} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 5360 1a44ae46158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.7.922723552\638216044" -childID 6 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c8b5383-f670-4eff-95ae-c5e220218aa7} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 5540 1a44ae48558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.8.869815358\1891462884" -childID 7 -isForBrowser -prefsHandle 3536 -prefMapHandle 3264 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {317015a6-cdc3-4182-a6c1-7c4544302bc5} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 5908 1a44adeee58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5072 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.9.126749993\863184107" -childID 8 -isForBrowser -prefsHandle 5072 -prefMapHandle 5552 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f18c2bb-92aa-436b-bf64-aa24f2666c82} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 5112 1a44b4fb058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.10.645838743\2060270653" -childID 9 -isForBrowser -prefsHandle 5564 -prefMapHandle 5568 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {945755ad-683a-450a-a49f-fd8e7205a8cb} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 4852 1a4475c5958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.11.897430894\2109034144" -childID 10 -isForBrowser -prefsHandle 9492 -prefMapHandle 9712 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fecf517-3715-4053-8dec-66301b269c76} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 9480 1a44da4f758 tab

C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.12.453604961\328552806" -childID 11 -isForBrowser -prefsHandle 8708 -prefMapHandle 8712 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecfd49d0-65df-48a3-acfc-14c28ae1a19f} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 8724 1a44c846a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.13.591110532\450345169" -childID 12 -isForBrowser -prefsHandle 8464 -prefMapHandle 8468 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0255cd8d-38f3-4cbe-9f0e-f8f693396f96} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 8456 1a44d1ca258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.14.537833440\1415289740" -childID 13 -isForBrowser -prefsHandle 8312 -prefMapHandle 8308 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {becfb37c-c906-4a25-8399-a042e17ee91d} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 8320 1a44d1ca858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.15.1402988060\487681435" -childID 14 -isForBrowser -prefsHandle 8300 -prefMapHandle 8096 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b736dc3-cd21-4079-9c82-16cc753dbf21} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 8240 1a44d8aae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.16.60031237\51255126" -childID 15 -isForBrowser -prefsHandle 8312 -prefMapHandle 8228 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c7100e4-bd54-4d91-930e-e7c4619e23ad} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 8320 1a44db6fb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.17.113238381\943124737" -childID 16 -isForBrowser -prefsHandle 7824 -prefMapHandle 7820 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4778ea3-db93-4237-8393-de331bda5784} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 8604 1a44db05f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.18.407112096\725411832" -childID 17 -isForBrowser -prefsHandle 7544 -prefMapHandle 8300 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9df64768-74b6-40ac-9852-80bdcabc3df3} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 7548 1a44f6b6858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.19.785634859\1398689609" -childID 18 -isForBrowser -prefsHandle 7516 -prefMapHandle 7480 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c504309e-896d-41e9-a406-315a1f289da4} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 7424 1a44fa6e558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.20.1958075881\784924816" -childID 19 -isForBrowser -prefsHandle 7756 -prefMapHandle 7508 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b12ed07-b771-4e3e-a0f4-0fe02fad373d} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 7972 1a44fa71858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.21.1507881117\440014769" -childID 20 -isForBrowser -prefsHandle 7764 -prefMapHandle 7632 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80ab653c-e11c-4682-bd0b-5c8b6b8c1b8d} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 7308 1a44fa6eb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.22.1181757038\621979141" -childID 21 -isForBrowser -prefsHandle 9300 -prefMapHandle 8216 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3e142b0-042a-47a2-8900-16027708d3cb} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 8532 1a44cbc4258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.23.1358104052\724377006" -childID 22 -isForBrowser -prefsHandle 7424 -prefMapHandle 7532 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b2a8487-6ff0-4f86-91a9-bc3c16ab68c5} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 5076 1a4465b5f58 tab

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnplayer.exe /T

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=dd7d433d869aa9862cdf0ae5eb9ab29544b8a53d&dit=20240529184241952&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayerex.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM bugreport.exe /T

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1001 -language=en -path="C:\LDPlayer\LDPlayer9\"

C:\Users\Admin\AppData\Local\Temp\wpsua0kb.exe

"C:\Users\Admin\AppData\Local\Temp\wpsua0kb.exe" /silent

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe

"C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\wpsua0kb.exe" /silent

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp1499536332\installer.exe

"C:\Program Files\McAfee\Temp1499536332\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=524886

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.24.1154902039\90760133" -childID 23 -isForBrowser -prefsHandle 5272 -prefMapHandle 5440 -prefsLen 27474 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b48acda-416f-415a-9842-ad968b328825} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 8592 1a449449b58 tab

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\8EB8CB98-0995-4E73-BCB4-7546B0A18A4C\dismhost.exe {20F44746-49DF-43C6-825F-01C4A4AE14D4}

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.25.431004255\806096841" -childID 24 -isForBrowser -prefsHandle 10172 -prefMapHandle 2892 -prefsLen 27474 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5622af4-1cac-470f-ab75-1c289fe4324c} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 4384 1a44944ad58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.26.340303563\1981549094" -parentBuildID 20221007134813 -prefsHandle 2812 -prefMapHandle 4396 -prefsLen 27474 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23c3e76d-8596-4fad-91b6-e8780e8a91d6} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 7636 1a4465b6858 rdd

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\LDPlayer\LDPlayer9\driverconfig.exe

"C:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml

C:\Windows\SYSTEM32\fltmc.exe

"fltmc.exe" load rsKernelEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5064 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

\??\c:\program files\reasonlabs\epp\rsHelper.exe

"c:\program files\reasonlabs\epp\rsHelper.exe"

\??\c:\program files\reasonlabs\EPP\ui\EPP.exe

"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1612 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5408 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5360 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4784 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5304 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5000 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

C:\program files\reasonlabs\epp\rsLitmus.A.exe

"C:\program files\reasonlabs\epp\rsLitmus.A.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2204 --field-trial-handle=2216,i,14837866316459002592,13347957878863436951,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2644 --field-trial-handle=2216,i,14837866316459002592,13347957878863436951,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2748 --field-trial-handle=2216,i,14837866316459002592,13347957878863436951,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3796 --field-trial-handle=2216,i,14837866316459002592,13347957878863436951,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\dnplayer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2ec 0x4fc

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5908 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5748 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5436 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=5312 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=4812 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1536 --field-trial-handle=2216,i,14837866316459002592,13347957878863436951,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5892 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6304 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=5480 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=6224 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=3516 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=3716 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=3468 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=6420 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=7104 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=7236 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=7600 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

Network

Country Destination Domain Proto
N/A 127.0.0.1:49826 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.230.111.112:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 112.111.230.44.in-addr.arpa udp
N/A 127.0.0.1:49833 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.178.3:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.178.3:443 id.google.com udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.ldplayer.net udp
US 163.181.154.235:443 www.ldplayer.net tcp
US 8.8.8.8:53 www.ldplayer.net.w.kunlungr.com udp
US 8.8.8.8:53 www.ldplayer.net.w.kunlungr.com udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 cdn.ldplayer.net udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 cmp.setupcmp.com udp
FR 3.162.38.36:443 cdn.ldplayer.net tcp
FR 3.162.38.36:443 cdn.ldplayer.net tcp
FR 3.162.38.36:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 8.8.8.8:53 d266zoinebx0lb.cloudfront.net udp
US 8.8.8.8:53 235.154.181.163.in-addr.arpa udp
FR 3.162.38.36:443 d266zoinebx0lb.cloudfront.net tcp
US 8.8.8.8:53 d266zoinebx0lb.cloudfront.net udp
GB 142.250.187.238:443 www3.l.google.com udp
FR 3.162.38.36:443 d266zoinebx0lb.cloudfront.net tcp
FR 3.162.38.36:443 d266zoinebx0lb.cloudfront.net tcp
US 8.8.8.8:53 6.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.38.162.3.in-addr.arpa udp
FR 3.162.38.36:443 d266zoinebx0lb.cloudfront.net udp
US 8.8.8.8:53 res.ldplayer.net udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 usersdk.ldmnq.com udp
US 163.181.154.241:443 res.ldplayer.net tcp
US 8.8.8.8:53 res.ldplayer.net.w.cdngslb.com udp
US 163.181.154.241:443 res.ldplayer.net.w.cdngslb.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 241.154.181.163.in-addr.arpa udp
GB 142.250.200.14:443 plus.l.google.com udp
US 163.181.154.241:443 res.ldplayer.net.w.cdngslb.com udp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
US 163.181.154.232:443 ldcdn.ldmnq.com tcp
US 8.8.8.8:53 apien.ldplayer.net udp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
US 8.8.8.8:53 ldcdn.ldmnq.com.w.kunlunsl.com udp
US 8.8.8.8:53 alb-nlrme3iinq4n8lu6ii.ap-southeast-1.alb.aliyuncs.com udp
FR 52.222.169.85:443 apien.ldplayer.net tcp
FR 52.222.169.85:443 apien.ldplayer.net tcp
FR 52.222.169.85:443 apien.ldplayer.net tcp
US 8.8.8.8:53 ldcdn.ldmnq.com.w.kunlunsl.com udp
US 8.8.8.8:53 alb-nlrme3iinq4n8lu6ii.ap-southeast-1.alb.aliyuncs.com udp
GB 142.250.178.22:443 play-lh.googleusercontent.com tcp
US 8.8.8.8:53 usersdk.ldmnq.com udp
US 8.8.8.8:53 res.ldplayer.net.w.cdngslb.com udp
US 8.8.8.8:53 d11tnhg3h7a3bd.cloudfront.net udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
GB 142.250.178.22:443 play-lh.googleusercontent.com udp
FR 52.222.169.85:443 d11tnhg3h7a3bd.cloudfront.net udp
US 8.8.8.8:53 d11tnhg3h7a3bd.cloudfront.net udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
US 8.8.8.8:53 232.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 85.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 22.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 49.4.236.47.in-addr.arpa udp
FR 52.222.169.85:443 d11tnhg3h7a3bd.cloudfront.net udp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.237:443 bat.bing.com tcp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
US 8.8.8.8:53 hm.e.shifen.com udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
CN 14.215.182.140:443 hm.e.shifen.com tcp
CN 14.215.182.140:443 hm.e.shifen.com tcp
US 8.8.8.8:53 hm.e.shifen.com udp
US 13.107.246.64:443 s-part-0036.t-0009.t-msedge.net tcp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 d11tnhg3h7a3bd.cloudfront.net udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
CN 14.215.182.140:443 hm.e.shifen.com tcp
CN 14.215.182.140:443 hm.e.shifen.com tcp
CN 14.215.182.140:443 hm.e.shifen.com tcp
CN 14.215.182.140:443 hm.e.shifen.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.192.11.51.in-addr.arpa udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.187.206:443 analytics.google.com tcp
GB 142.250.187.206:443 analytics.google.com tcp
US 8.8.8.8:53 analytics.google.com udp
GB 142.250.187.206:443 analytics.google.com udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
BE 64.233.166.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 155.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 stpd.cloud udp
US 104.18.31.49:443 stpd.cloud tcp
US 104.18.31.49:443 stpd.cloud tcp
US 104.18.31.49:443 stpd.cloud tcp
US 8.8.8.8:53 stpd.cloud udp
US 8.8.8.8:53 stpd.cloud udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 49.31.18.104.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.googletagservices.com udp
GB 216.58.204.66:443 www.googletagservices.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 www.googletagservices.com udp
GB 216.58.204.66:443 www.googletagservices.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tagan.adlightning.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
FR 99.86.91.39:443 tagan.adlightning.com tcp
US 8.8.8.8:53 tagan.adlightning.com udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 tagan.adlightning.com udp
US 151.101.1.229:443 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 39.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 script.4dex.io udp
DE 162.19.138.116:443 id5-sync.com tcp
US 8.8.8.8:53 id5-sync.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 8.8.8.8:53 rtb.adxpremium.services udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 adx.adform.net udp
US 8.8.8.8:53 rtb.adxpremium.services udp
US 8.8.8.8:53 euw1.smartadserver.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 rtb.adxpremium.services udp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 8.8.8.8:53 euw1.smartadserver.com udp
US 8.8.8.8:53 am6-prebid.a-mx.net udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
DK 37.157.6.237:443 adx.adform.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 81.17.55.99:443 euw1.smartadserver.com tcp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 am6-prebid.a-mx.net udp
US 8.8.8.8:53 track-eu.adformnet.akadns.net udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 dnacdn.net udp
NL 145.40.97.67:443 am6-prebid.a-mx.net tcp
US 172.64.153.78:443 mp.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 bidder.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 bidder.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 178.250.1.11:443 dnacdn.net tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 104.26.8.169:443 script.4dex.io tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 178.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 99.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 18.140.106.185.in-addr.arpa udp
US 8.8.8.8:53 237.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 78.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 u.openx.net udp
US 35.227.252.103:443 rtb.openx.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 104.26.8.169:443 script.4dex.io tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 track-eu.adformnet.akadns.net udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 34.98.64.218:443 u.openx.net tcp
US 34.98.64.218:443 u.openx.net tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 34.98.64.218:443 u.openx.net udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 1x1.a-mo.net udp
DK 37.157.5.84:443 cm.adform.net tcp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
DE 18.184.248.131:443 1x1.a-mo.net tcp
US 8.8.8.8:53 1x1.a-mo.net udp
US 8.8.8.8:53 1x1.a-mo.net udp
US 8.8.8.8:53 static.criteo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 20.114.190.119:443 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com tcp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 84.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 131.248.184.18.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
NL 81.17.55.109:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 ssbsync-euw1.smartadserver.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ssbsync-euw1.smartadserver.com udp
SE 104.73.92.198:443 ads.pubmatic.com tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 1b6cbb47402c9d3165bb2af431956e1b.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 109.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 198.92.73.104.in-addr.arpa udp
GB 172.217.169.65:443 1b6cbb47402c9d3165bb2af431956e1b.safeframe.googlesyndication.com tcp
IE 54.246.180.244:443 ice.360yield.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 euw-ice.360yield.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 euw-ice.360yield.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 244.180.246.54.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 a.audrte.com udp
GB 172.217.169.65:443 pagead-googlehosted.l.google.com udp
DE 51.38.120.206:443 onetag-sys.com udp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 8.8.8.8:53 eu-u.openx.net udp
NL 35.214.131.164:443 csync.loopme.me tcp
US 8.8.8.8:53 cs.admanmedia.com udp
US 104.21.48.215:443 adxbid.info tcp
US 8.8.8.8:53 envoy-hl.envoy-csync1.core-b8mf.ov1o.com udp
US 34.98.64.218:443 eu-u.openx.net tcp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 cs.admanmedia.com udp
IE 52.214.131.115:443 a.audrte.com tcp
US 8.8.8.8:53 envoy-hl.envoy-csync1.core-b8mf.ov1o.com udp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 104.21.48.215:443 adxbid.info udp
US 34.98.64.218:443 eu-u.openx.net udp
US 8.8.8.8:53 sync.a-mo.net udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 34.98.64.218:443 eu-u.openx.net tcp
US 34.98.64.218:443 eu-u.openx.net udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 pugm-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 pugm-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 164.131.214.35.in-addr.arpa udp
US 8.8.8.8:53 215.48.21.104.in-addr.arpa udp
US 8.8.8.8:53 eu-u.openx.net udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 a.audrte.com udp
US 8.8.8.8:53 a.audrte.com udp
US 8.8.8.8:53 am6-prebid.a-mx.net udp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 eu-u.openx.net udp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 115.131.214.52.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 3.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-origin.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 pixel-origin.mathtag.com udp
US 8.8.8.8:53 elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 pixel-eu.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 u.4dex.io udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 setupad-tagan.adlightning.com udp
US 104.22.51.98:443 spl.zeotap.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 eu-west-dual.ads.stickyadstv.com.akadns.net udp
FR 3.162.38.36:443 setupad-tagan.adlightning.com tcp
FR 3.162.38.36:443 setupad-tagan.adlightning.com tcp
FR 3.162.38.36:443 setupad-tagan.adlightning.com tcp
FR 3.162.38.36:443 setupad-tagan.adlightning.com tcp
FR 3.162.38.36:443 setupad-tagan.adlightning.com tcp
FR 3.162.38.36:443 setupad-tagan.adlightning.com tcp
US 8.8.8.8:53 eu-west-dual.ads.stickyadstv.com.akadns.net udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
NL 185.235.87.83:443 gem.gbc.criteo.com tcp
US 34.149.40.38:443 u.4dex.io tcp
NL 185.235.87.59:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 imagsync-lhrpairbc.pubmatic.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 outspot2-ams.adx.opera.com udp
US 8.8.8.8:53 imagsync-lhrpairbc.pubmatic.com udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 34.149.40.38:443 u.4dex.io udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 outspot2-ams.adx.opera.com udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 setupad-tagan.adlightning.com udp
US 8.8.8.8:53 setupad-tagan.adlightning.com udp
US 8.8.8.8:53 u.4dex.io udp
US 8.8.8.8:53 gbc2.nl3.eu.criteo.com udp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 38.40.149.34.in-addr.arpa udp
US 8.8.8.8:53 59.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 83.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 u.4dex.io udp
NL 89.149.192.201:443 rtb-csync.smartadserver.com tcp
GB 142.250.187.194:443 cm.g.doubleclick.net tcp
NL 89.149.192.201:443 rtb-csync.smartadserver.com tcp
DE 18.197.7.178:443 elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com tcp
US 216.200.232.249:443 pixel-origin.mathtag.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.net.akadns.net tcp
NL 185.89.210.20:443 ib.anycast.adnxs.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.net.akadns.net tcp
NL 82.145.213.8:443 outspot2-ams.adx.opera.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 gbc2.nl3.eu.criteo.com udp
US 8.8.8.8:53 rtb-csync-euw1.smartadserver.com udp
US 8.8.8.8:53 rtb-csync-euw1.smartadserver.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
GB 142.250.187.194:443 cm.g.doubleclick.net udp
GB 185.64.191.214:443 imagsync-lhrpairbc.pubmatic.com tcp
NL 35.214.149.91:443 user-data-eu.bidswitch.net tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 201.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 178.7.197.18.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 161.182.54.209.in-addr.arpa udp
US 8.8.8.8:53 node.setupad.com udp
DE 159.89.25.223:443 node.setupad.com tcp
US 8.8.8.8:53 node.setupad.com udp
US 8.8.8.8:53 node.setupad.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 223.25.89.159.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 as.ck-ie.com udp
US 8.2.110.113:443 as.ck-ie.com tcp
US 8.8.8.8:53 as.ck-ie.com udp
US 8.8.8.8:53 as.ck-ie.com udp
US 8.8.8.8:53 vid.vidoomy.com udp
GB 89.187.167.2:443 vid.vidoomy.com tcp
US 8.8.8.8:53 1651846316.rsc.cdn77.org udp
US 8.8.8.8:53 1651846316.rsc.cdn77.org udp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 assets.a-mo.net.cdn.cloudflare.net udp
US 8.8.8.8:53 assets.a-mo.net.cdn.cloudflare.net udp
US 8.8.8.8:53 113.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 2.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 20.114.190.119:443 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com tcp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 104.18.36.155:443 ssum.casalemedia.com tcp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 104.18.36.155:443 ssum.casalemedia.com udp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 180.201.192.209.in-addr.arpa udp
US 8.8.8.8:53 ap.lijit.com udp
IE 176.34.175.132:443 ap.lijit.com tcp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 d3n1ms4uhtqgov.cloudfront.net udp
FR 52.84.186.203:443 d3n1ms4uhtqgov.cloudfront.net tcp
US 8.8.8.8:53 132.175.34.176.in-addr.arpa udp
US 8.8.8.8:53 203.186.84.52.in-addr.arpa udp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
FR 52.222.161.190:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
US 8.8.8.8:53 190.161.222.52.in-addr.arpa udp
FR 18.155.129.14:443 encdn.ldmnq.com tcp
FR 52.222.161.190:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 133.200.245.18.in-addr.arpa udp
US 8.8.8.8:53 90.193.84.52.in-addr.arpa udp
US 8.8.8.8:53 14.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 20.114.190.119:443 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com tcp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 20.114.190.119:443 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 49.4.219.8.in-addr.arpa udp
US 8.8.8.8:53 vpaid.vidoomy.com udp
GB 195.181.164.17:443 vpaid.vidoomy.com tcp
US 8.8.8.8:53 1099493781.rsc.cdn77.org udp
GB 195.181.164.17:443 vpaid.vidoomy.com tcp
US 20.114.190.119:443 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com tcp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 1099493781.rsc.cdn77.org udp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
NL 69.173.156.148:443 pixel.rubiconproject.net.akadns.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 17.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 a.vidoomy.com udp
US 8.8.8.8:53 lb.vidoomy.com udp
ES 212.36.83.246:443 lb.vidoomy.com tcp
US 8.8.8.8:53 lb.vidoomy.com udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 246.83.36.212.in-addr.arpa udp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
DE 23.53.40.129:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 129.40.53.23.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
FR 52.222.161.171:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 171.161.222.52.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 shield.reasonsecurity.com udp
FR 52.222.161.171:443 d1arl2thrafelv.cloudfront.net tcp
FR 52.222.201.5:443 shield.reasonsecurity.com tcp
FR 52.222.201.5:443 shield.reasonsecurity.com tcp
US 8.8.8.8:53 5.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 52.43.54.91:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 sadownload.mcafee.com udp
US 2.22.144.157:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 91.54.43.52.in-addr.arpa udp
US 8.8.8.8:53 157.144.22.2.in-addr.arpa udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 track.analytics-data.io udp
US 34.228.124.198:443 track.analytics-data.io tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 198.124.228.34.in-addr.arpa udp
US 8.8.8.8:53 home.mcafee.com udp
US 34.228.124.198:443 track.analytics-data.io tcp
BE 104.68.84.174:443 home.mcafee.com tcp
US 8.8.8.8:53 174.84.68.104.in-addr.arpa udp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 52.42.241.50:443 analytics.apis.mcafee.com tcp
US 34.228.124.198:443 track.analytics-data.io tcp
US 34.228.124.198:443 track.analytics-data.io tcp
US 8.8.8.8:53 50.241.42.52.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
US 2.22.144.157:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.178.3:443 id.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 52.39.98.228:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 228.98.39.52.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
US 2.22.144.157:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 snapchat.fileplanet.com udp
US 104.27.203.89:443 snapchat.fileplanet.com tcp
US 8.8.8.8:53 snapchat.fileplanet.com udp
US 8.8.8.8:53 snapchat.fileplanet.com udp
US 104.27.203.89:443 snapchat.fileplanet.com udp
US 8.8.8.8:53 cdn.fileplanet.com udp
US 8.8.8.8:53 89.203.27.104.in-addr.arpa udp
US 104.27.204.89:443 cdn.fileplanet.com tcp
US 8.8.8.8:53 cdn.fileplanet.com udp
US 104.27.204.89:443 cdn.fileplanet.com tcp
US 104.27.204.89:443 cdn.fileplanet.com tcp
US 104.27.204.89:443 cdn.fileplanet.com tcp
US 104.27.204.89:443 cdn.fileplanet.com tcp
US 104.27.204.89:443 cdn.fileplanet.com tcp
US 104.27.204.89:443 cdn.fileplanet.com udp
US 8.8.8.8:53 cdn.fileplanet.com udp
US 104.27.204.89:443 cdn.fileplanet.com tcp
US 8.8.8.8:53 89.204.27.104.in-addr.arpa udp
US 8.8.8.8:53 cmp.quantcast.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
US 18.245.199.60:443 cmp.quantcast.com tcp
US 8.8.8.8:53 60.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.234:443 ajax.googleapis.com tcp
US 8.8.8.8:53 secure.statcounter.com udp
FR 52.222.149.52:443 cmp.inmobi.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 d23sp3kzv1t6m5.cloudfront.net udp
GB 142.250.187.234:443 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 104.20.94.138:443 secure.statcounter.com tcp
US 8.8.8.8:53 secure.statcounter.com udp
US 8.8.8.8:53 d23sp3kzv1t6m5.cloudfront.net udp
US 8.8.8.8:53 secure.statcounter.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 52.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 138.94.20.104.in-addr.arpa udp
US 8.8.8.8:53 c.statcounter.com udp
US 104.20.95.138:443 c.statcounter.com tcp
US 8.8.8.8:53 c.statcounter.com udp
US 8.8.8.8:53 c.statcounter.com udp
US 8.8.8.8:53 138.95.20.104.in-addr.arpa udp
US 8.8.8.8:53 www.fileplanet.com udp
US 104.27.204.89:443 www.fileplanet.com tcp
US 8.8.8.8:53 www.fileplanet.com udp
US 8.8.8.8:53 www.fileplanet.com udp
US 104.27.204.89:443 www.fileplanet.com udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 3.69.64.73:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com udp
DE 3.69.64.73:443 choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com tcp
US 8.8.8.8:53 update.reasonsecurity.com udp
US 18.245.199.36:443 update.reasonsecurity.com tcp
US 8.8.8.8:53 73.64.69.3.in-addr.arpa udp
US 8.8.8.8:53 36.199.245.18.in-addr.arpa udp
US 34.228.124.198:443 track.analytics-data.io tcp
US 34.228.124.198:443 track.analytics-data.io tcp
US 8.8.8.8:53 electron-shell.reasonsecurity.com udp
US 18.245.175.7:443 electron-shell.reasonsecurity.com tcp
US 8.8.8.8:53 7.175.245.18.in-addr.arpa udp
US 104.27.204.89:443 www.fileplanet.com udp
US 8.8.8.8:53 secure.downloadfp.com udp
NL 95.168.168.24:443 secure.downloadfp.com tcp
US 8.8.8.8:53 secure.downloadfp.com udp
NL 95.168.168.24:443 secure.downloadfp.com tcp
US 8.8.8.8:53 secure.downloadfp.com udp
US 8.8.8.8:53 24.168.168.95.in-addr.arpa udp
US 34.228.124.198:443 track.analytics-data.io tcp
US 34.228.124.198:443 track.analytics-data.io tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.179.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.228.124.198:443 track.analytics-data.io tcp
US 8.8.8.8:53 cdn.reasonsecurity.com udp
US 34.228.124.198:443 track.analytics-data.io tcp
FR 18.244.28.10:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 10.28.244.18.in-addr.arpa udp
US 34.228.124.198:443 track.analytics-data.io tcp
US 34.228.124.198:443 track.analytics-data.io tcp
US 34.228.124.198:443 track.analytics-data.io tcp
US 34.228.124.198:443 track.analytics-data.io tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:80 www.microsoft.com tcp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 146.48.219.8.in-addr.arpa udp
US 8.8.8.8:53 track.analytics-data.io udp
US 44.206.168.227:443 track.analytics-data.io tcp
US 44.206.168.227:443 track.analytics-data.io tcp
US 8.8.8.8:53 227.168.206.44.in-addr.arpa udp
US 44.206.168.227:443 track.analytics-data.io tcp
US 44.206.168.227:443 track.analytics-data.io tcp
BE 104.90.25.175:80 www.microsoft.com tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 config.reasonsecurity.com udp
FR 52.222.149.7:443 config.reasonsecurity.com tcp
US 8.8.8.8:53 7.149.222.52.in-addr.arpa udp
US 44.206.168.227:443 track.analytics-data.io tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 44.206.168.227:443 track.analytics-data.io tcp
GB 216.58.204.67:443 update.googleapis.com udp
US 8.8.8.8:53 msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com udp
US 2.22.144.169:80 msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 169.144.22.2.in-addr.arpa udp
US 44.206.168.227:443 track.analytics-data.io tcp
US 44.206.168.227:443 track.analytics-data.io tcp
US 44.206.168.227:443 track.analytics-data.io tcp
US 44.206.168.227:443 track.analytics-data.io tcp
US 44.206.168.227:443 track.analytics-data.io tcp
US 8.8.8.8:53 api.reasonsecurity.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 235.1.22.104.in-addr.arpa udp
US 44.206.168.227:443 track.analytics-data.io tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 edr-api.reasonlabsapi.com udp
FR 18.155.129.115:443 edr-api.reasonlabsapi.com tcp
US 8.8.8.8:53 115.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 56.94.73.104.in-addr.arpa udp
US 44.206.168.227:443 track.analytics-data.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 mc6.reasonsecurity.com udp
US 52.34.150.127:443 mc6.reasonsecurity.com tcp
US 8.8.8.8:53 127.150.34.52.in-addr.arpa udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 apien.ldmnq.com udp
FR 3.162.38.119:80 apien.ldmnq.com tcp
FR 3.162.38.119:443 apien.ldmnq.com tcp
US 8.8.8.8:53 119.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 ad.ldplayer.net udp
FR 52.222.149.79:443 ad.ldplayer.net tcp
US 8.8.8.8:53 sw.symcd.com udp
US 152.199.19.74:80 sw.symcd.com tcp
US 8.8.8.8:53 ocsp.thawte.com udp
US 152.199.19.74:80 ocsp.thawte.com tcp
US 8.8.8.8:53 crl.thawte.com udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 79.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 en.ldplayer.net udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
FR 3.162.38.96:443 cdn.ldplayer.net tcp
US 163.181.154.238:443 en.ldplayer.net tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 96.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 238.154.181.163.in-addr.arpa udp
FR 3.162.38.96:443 cdn.ldplayer.net tcp
SE 192.229.221.95:80 crl.thawte.com tcp
FR 3.162.38.96:443 cdn.ldplayer.net tcp
FR 3.162.38.96:443 cdn.ldplayer.net tcp
FR 3.162.38.96:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 advertise.ldplayer.net udp
US 163.181.154.248:443 advertise.ldplayer.net tcp
US 8.8.8.8:53 res.ldplayer.net udp
FR 3.162.38.119:443 apien.ldmnq.com tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 8.8.8.8:53 248.154.181.163.in-addr.arpa udp
US 163.181.154.241:443 res.ldplayer.net tcp
FR 52.222.149.79:443 ad.ldplayer.net tcp
US 163.181.154.248:443 advertise.ldplayer.net tcp
FR 52.222.149.79:443 ad.ldplayer.net tcp
FR 3.162.38.96:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
US 8.8.8.8:53 middledata.ldplayer.net udp
FR 18.155.129.14:443 encdn.ldmnq.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
FR 3.162.38.96:443 cdn.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
FR 3.162.38.96:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 97.136.219.8.in-addr.arpa udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
FR 52.222.149.79:443 ad.ldplayer.net tcp
FR 52.222.149.79:443 ad.ldplayer.net tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
FR 52.222.149.79:443 ad.ldplayer.net tcp
FR 52.222.149.79:443 ad.ldplayer.net tcp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 163.181.154.232:443 www.ldplayer.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 8.8.8.8:53 encdn.ldmnq.com udp
US 8.8.8.8:53 encdn.ldmnq.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
FR 3.162.38.2:443 cdn.ldplayer.net tcp
FR 3.162.38.2:443 cdn.ldplayer.net tcp
FR 18.155.129.82:443 encdn.ldmnq.com tcp
US 2.22.144.159:443 bzib.nelreports.net tcp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
FR 52.222.149.79:443 ad.ldplayer.net tcp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 172.67.70.36:443 cmp.setupcmp.com tcp
US 172.67.70.36:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 stpd.cloud udp
US 8.8.8.8:53 stpd.cloud udp
FR 3.162.38.2:443 cdn.ldplayer.net udp
GB 172.217.169.14:443 www.youtube.com tcp
US 104.18.30.49:443 stpd.cloud tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 2.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 159.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 36.70.67.172.in-addr.arpa udp
GB 172.217.169.14:443 www.youtube.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 49.30.18.104.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
FR 52.222.149.79:443 ad.ldplayer.net tcp
FR 52.222.149.79:443 ad.ldplayer.net tcp
SE 192.229.221.95:80 crl.thawte.com tcp
FR 52.222.149.79:443 ad.ldplayer.net tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
FR 52.222.149.79:443 ad.ldplayer.net tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
FR 52.222.149.79:443 ad.ldplayer.net tcp
US 8.8.8.8:53 ad.ldplayer.net udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 30.149.222.52.in-addr.arpa udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.196:443 www.google.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
GB 142.250.187.246:443 i.ytimg.com udp
FR 3.162.38.2:443 cdn.ldplayer.net udp
US 172.67.70.36:443 cmp.setupcmp.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 104.18.30.49:443 stpd.cloud tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 172.217.169.14:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 apien.ldplayer.net udp
US 8.8.8.8:53 apien.ldplayer.net udp
US 8.8.8.8:53 usersdk.ldmnq.com udp
US 8.8.8.8:53 usersdk.ldmnq.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
FR 52.222.169.29:443 apien.ldplayer.net tcp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 www.googletagservices.com udp
GB 142.250.200.2:443 www.googletagservices.com tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
FR 52.222.169.29:443 apien.ldplayer.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 29.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 172.67.70.36:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 tagan.adlightning.com udp
US 8.8.8.8:53 tagan.adlightning.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
FR 99.86.91.84:443 tagan.adlightning.com tcp
US 18.245.174.120:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 84.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 120.174.245.18.in-addr.arpa udp
US 18.245.174.120:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
FR 52.84.174.6:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
FR 18.155.124.109:443 aax.amazon-adsystem.com tcp
FR 18.155.124.109:443 aax.amazon-adsystem.com tcp
FR 18.155.124.109:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 6.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
FR 18.155.129.34:443 tags.crwdcntrl.net tcp
DE 184.30.211.26:443 secure.cdn.fastclick.net tcp
DE 184.30.211.26:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 id.hadron.ad.gt udp
IE 52.49.45.15:443 bcp.crwdcntrl.net tcp
IE 52.49.45.15:443 bcp.crwdcntrl.net tcp
IE 52.49.45.15:443 bcp.crwdcntrl.net tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 63.215.202.178:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 34.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 26.211.30.184.in-addr.arpa udp
US 8.8.8.8:53 15.45.49.52.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.5.69:443 a.ad.gt tcp
US 163.181.154.232:443 www.ldplayer.net tcp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
US 8.8.8.8:53 178.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 163.181.154.232:443 ldcdn.ldmnq.com tcp
NL 142.250.27.84:443 accounts.google.com udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
N/A 224.0.0.251:5353 udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 rtb.adxpremium.services udp
US 8.8.8.8:53 rtb.adxpremium.services udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 adx.adform.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.169:443 script.4dex.io tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 35.227.252.103:443 rtb.openx.net tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 172.64.153.78:443 mp.4dex.io tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 172.64.153.78:443 mp.4dex.io tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 cadmus.script.ac udp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 adx.adform.net udp
US 8.8.8.8:53 adx.adform.net udp
FR 149.202.238.97:443 prg.smartadserver.com tcp
FR 149.202.238.97:443 prg.smartadserver.com tcp
FR 149.202.238.97:443 prg.smartadserver.com tcp
DK 37.157.5.133:443 adx.adform.net tcp
DK 37.157.5.133:443 adx.adform.net tcp
DK 37.157.5.133:443 adx.adform.net tcp
US 8.8.8.8:53 178.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 66.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 97.238.202.149.in-addr.arpa udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.18.23.145:443 cadmus.script.ac tcp
DK 37.157.5.133:443 adx.adform.net tcp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 133.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 static.criteo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 172.67.138.13:443 adxbid.info udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 172.67.138.13:443 adxbid.info tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 172.67.138.13:443 adxbid.info tcp
US 8.8.8.8:53 13.138.67.172.in-addr.arpa udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 34.98.64.218:443 setupad-d.openx.net tcp
US 34.98.64.218:443 setupad-d.openx.net tcp
US 34.98.64.218:443 setupad-d.openx.net tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 34.98.64.218:443 setupad-d.openx.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 as.ck-ie.com udp
US 8.2.110.113:443 as.ck-ie.com tcp
US 8.8.8.8:53 vid.vidoomy.com udp
US 8.8.8.8:53 vid.vidoomy.com udp
US 8.8.8.8:53 adxbid.info udp
GB 195.181.164.20:443 vid.vidoomy.com tcp
US 8.8.8.8:53 vid.vidoomy.com udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 vid.vidoomy.com udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 crt.sectigo.com udp
US 8.8.8.8:53 crt.sectigo.com udp
US 172.64.149.23:80 crt.sectigo.com tcp
US 8.8.8.8:53 20.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 172.64.151.101:443 ssum.casalemedia.com tcp
US 172.64.151.101:443 ssum.casalemedia.com udp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 adxbid.info udp
SE 104.73.92.198:443 ads.pubmatic.com tcp
SE 104.73.92.198:443 ads.pubmatic.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 vpaid.vidoomy.com udp
US 8.8.8.8:53 vpaid.vidoomy.com udp
GB 195.181.164.16:443 vpaid.vidoomy.com tcp
US 8.8.8.8:53 ad.ldplayer.net udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 16.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
IE 52.212.148.172:443 ap.lijit.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 cm.adform.net udp
DK 37.157.6.233:443 cm.adform.net tcp
US 8.8.8.8:53 172.148.212.52.in-addr.arpa udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 vid.vidoomy.com udp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 vid.vidoomy.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 vid.vidoomy.com udp
US 35.227.252.103:443 rtb.openx.net tcp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 image6.pubmatic.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 35.227.252.103:443 rtb.openx.net udp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 8.8.8.8:53 vid.vidoomy.com udp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 8.8.8.8:53 vid.vidoomy.com udp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 8.8.8.8:53 vid.vidoomy.com udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
NL 23.62.61.97:443 www.bing.com udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 163.181.154.232:443 www.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 34.216.87.223:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 223.87.216.34.in-addr.arpa udp
US 8.8.8.8:53 ad.ldplayer.net udp
FR 52.222.149.101:443 ad.ldplayer.net tcp
US 8.8.8.8:53 101.149.222.52.in-addr.arpa udp
FR 52.222.149.101:443 ad.ldplayer.net tcp
NL 23.62.61.171:443 www.bing.com udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
FR 52.222.149.101:443 ad.ldplayer.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
US 8.8.8.8:53 ad.ldplayer.net udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 163.181.154.231:443 www.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 231.154.181.163.in-addr.arpa udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 ad.ldplayer.net udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 54.148.86.228:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 228.86.148.54.in-addr.arpa udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
BE 88.221.83.178:443 www.bing.com udp
US 8.8.8.8:53 178.83.221.88.in-addr.arpa udp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
FR 52.222.149.30:443 ad.ldplayer.net tcp
US 8.8.8.8:53 ad.ldplayer.net udp
FR 52.222.149.35:443 ad.ldplayer.net tcp
US 8.8.8.8:53 35.149.222.52.in-addr.arpa udp
FR 52.222.149.35:443 ad.ldplayer.net tcp
FR 52.222.149.35:443 ad.ldplayer.net tcp
FR 52.222.149.35:443 ad.ldplayer.net tcp
FR 52.222.149.35:443 ad.ldplayer.net tcp
US 8.8.8.8:53 sadownload.mcafee.com udp
US 2.22.144.157:443 sadownload.mcafee.com tcp
FR 52.222.149.35:443 ad.ldplayer.net tcp
FR 52.222.149.35:443 ad.ldplayer.net tcp
FR 52.222.149.35:443 ad.ldplayer.net tcp
FR 52.222.149.35:443 ad.ldplayer.net tcp
FR 52.222.149.35:443 ad.ldplayer.net tcp
FR 52.222.149.35:443 ad.ldplayer.net tcp
FR 52.222.149.35:443 ad.ldplayer.net tcp
US 8.8.8.8:53 ad.ldplayer.net udp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp
FR 52.222.149.101:443 ad.ldplayer.net tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

MD5 0eb80bc0e0934edd5d2562d13ed0a8f9
SHA1 e4ff7180b48358edb50bec1464b6095f96cd2d30
SHA256 a65885ab36b174857b64e72317bfc3145dc41e5b8e33fc29a37355cc62e4f90c
SHA512 1e0e4d20d0ebb9c76974ef9bb23d3c86c3d3dd9c7e14609bcaa72cad568156d0613cd31503e5b3a1a0e5c961b07af3c62c9de5e82371637b1691b7fcfdbf674f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\46d10254-191b-4aea-a0ab-97e37b21a5b3

MD5 23dc8864ac20094df6ce012fb983427c
SHA1 fc4cc397747c1468a6b14822cbe3482eeb1ca2af
SHA256 1353519e2048bd9a3c67579ba127ea52412fd9d27e66572feaec3d69faf88436
SHA512 182317e1b713ce29de872e2e3d49733943f83befd391bace2fbf529d656d660191f7e1c9cf28255da764b5a71363f06190203e1a5622da920b62d8e65fea1273

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\4cb19e6f-dfbe-4336-ba85-0a6b867a86dc

MD5 93c148663da1b72194c4c2ed274ba984
SHA1 238e8c46695c86b3688cce271cf7576e1bba733a
SHA256 30cdca5e913e5f75644f9206c41c2b90bfb41a7e503e2e167b0c605fd1ce7c21
SHA512 7b79b9e0c30612a282b8bb61d5351c09c1281583d1badd79f105a53e34a8cce8e405a3c0b0e22f53bf545cccc3fbc2fa48953f8923d513fe6ce37280c4dcaebb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 b01efd0877d8bb4a5d754d6d5a5922cf
SHA1 6dfaecd4219afbb206185171c64c777e9c73ae21
SHA256 ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90
SHA512 6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 45b8ae617e6f03057bb8f7e1f090fe3c
SHA1 e26869aa552f1867d9b2e816813b4b151a3ecc0e
SHA256 979d3a74d0bff70642af68dce8618dd8e3fb952b3e6092cdecae5db5676c0edb
SHA512 ba530c5a8212c3f82a52309cd062f315589db753e3c6f3798b6301203c5e85d108e11d5abdd970f202d699527d6860ffe1e065578c2ca519690dc120b4a1f09f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 8eda4e61a31b854c6ba1ffb7e3f9ceb8
SHA1 1b6b67d7c7c73ebe7e5632a590382dfadc7ecc44
SHA256 aab7c345fdf3e131faaf53a3c1fd84677ca56d4bcbacef316dbc143003dca13f
SHA512 0fdc433b4176a5bf555eee4ca4a06eefc3ad4c38e0ac887783f0a020dcfbbf497ad5278cca0c84b3477106f3efd7df84c6227b0027a1f62d3f534d967429b10f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\83E9220200E1571B8A9D3BD22F093A31723DBB86

MD5 0c86b5628d657f74f6b3319bc1e21275
SHA1 cb58f57e20f632a3f88955a0a69ffbe8ec3566fa
SHA256 b2cefab5b5637298a8d4f1b6bf7ea064353053f9e29e33c7bdd3c1cf6001a814
SHA512 77f63171276996fb8a5ecc79373f0c89108b28e8dce0b8322779019bd4ba3e88e787d1d63858f504f7219b96721c4d6cdb4f410d25fb976a7657fad9b1a2de62

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 783c51120cfdc7f5c950b65e1dc36970
SHA1 76409224d250d61cf597e67a68e56a61fb7d47ff
SHA256 4dcae1caf23cea1c8f6c7a5bf33a5302a64f12a4263a29019ecc491cfe82018f
SHA512 58679afcd6d0281776cf0edacf402a754ba4261ef5da1f9abfeb74c71772ec84285b8bdb875c5af7cfed87520fdaafa0ecef17f9c1b25ada3ec02024774b2457

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a52b5e8d26385c805438fe5defd483c8
SHA1 05536430121f5d8af95b107af9cc4b264578e214
SHA256 77e59dcea6ef50d7689a39c59afe457cb11721584128651bde209d215413ea42
SHA512 b1316f772a70ebc72eb100e6839d782fd1c77e7727c185dbbb77d6ff871db975e9b1006ae8f1d7e71443e8648038b05050477f0afc6646e74dbf9664ba31d992

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4695ea458d117421984dd18e10c21e54
SHA1 7cb058d9a152bc094809253eee1fb45f39a826c0
SHA256 21ef5ceb4477195a2e5d347437c195e9c033fc14e00d8d280007ee80574367c6
SHA512 bcebecca5429bb090580c085941dca847b193df5f30bb05295644a872dfcb0d1f1629da525c5f143d0941168902cc96d39ec65187c084396144ed462a216d268

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\F418EE6A69EE0D4BEE92A028326F7F1CAA0585F3

MD5 2bb58e1a75101e228fe783f1220e86c5
SHA1 067d5244b4560be68707f858c4598e2377ba5697
SHA256 c569b58711543c656c8a69890a56fff0e527fa0f9e375cd58ee921fad17232d5
SHA512 59382ac176c25bc11cfee3d67a6709895516ed3939e935588507baed02d4aa783770fbcf1a909500a1a4ce35e1f9b04283ec642e0a84e4e73fcc24cea4808823

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a7a27b0694e8a35613273a81f2ff78f7
SHA1 ffab4dea36a0080d041397e22d79296c5af25188
SHA256 3a36a834e9dfb9c83a8aa3b0939a1f3e738bac89dbeea329a0e4cdddfc8c98c7
SHA512 fd0083b9c7abfdf8c5bb7372a78ede0cd89d10ea655939610d2c381bb587d6f46fa8432e26932f7f8191e964d9c96ceaacce19a986995be4894b27de006b93cf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b0eb013afe559b154d291d9202678383
SHA1 715ca43a42a82bb1534cd2dc085d0bfaaadd8306
SHA256 4ec6b74d8291916ce7ea058d72a7c820a91d855ebb97bbbe93f2af8aef5700fe
SHA512 b4cc5cf6d566a1c28a979fb283e9ac0536437bb7e650b6119e0fc35b3ad36603808c1d9b88f795f1424831c2bdde6488eb0d8b21d8ccbffc7ac660aeed64f8c0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\22930

MD5 4739f846718877ace2a696c47977c849
SHA1 6c129bd0756a4fd68efaf70b3122e243f2262793
SHA256 7aad9f419d58657ce74c21e8693aea1b75535829e1970af82dbf9489275bb822
SHA512 7bf338dea506e6b267d9298381f1d6e55ca497478ad1aa60fe35fa06bc5a225d003038c82f0ec220ab732741958821e5e5a33dccc2bdc2d88ff61e3867e3abb0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\5529

MD5 f216df358e35b4f4592a2077d9ed9705
SHA1 be11f573be2397dcb4e40bd386cdd9c2e977baf8
SHA256 ecc44ad7e86db94a04833c3007eae9fd5bf634c437f2802969be48566204c8d7
SHA512 0ed693fdcd7442e9e7042a18870e908ccf5f3199754060d902190ffd89ea3f5c6741299204789f02a0b073db46cc460ee94a1bfa1d2c9baa493d4b8636a8f92a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 660e556f20fccf17b01b6b62260b53c4
SHA1 5c3c2aa61cfb22ed138de97859fb2a4b1862015e
SHA256 1fa2dc7202c5df6b7839a79d64730ae2f98b14047b208dab600cf4edbf32375e
SHA512 b6efa8f8c9a864fb067749adc8b5f23bec34841a9a36a4f3ff5f82504b209fdcdfd5701770941547162c2bc100070291293952e9f946d94c18c219817168f5c7

C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.CN1UrwX1.exe.part

MD5 3470dad8219537a4b4d9f1ff73436893
SHA1 fc5ba88ce9719ad6ba6febbaab971801cd625933
SHA256 1f5cc5c2211c48f57acf7d4113a487fbbd74a423303102821c913139d7ff782a
SHA512 2cf931cf203650781ca27051cf58b61a26700cb492086ce04a8680a49126b63276c77241d5d3f31a8a948edf56e0accec57c78e620200d310af48fa076d33c94

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 ca32bf0651e0d179232392d4777e1ade
SHA1 30017171b1b7e34c678b22c6b06f6d8ef4aecc8f
SHA256 808cf07c939ab0c1b5d224059a0d456a7f9a9de9036732d6e4dc7678abd07d8e
SHA512 9e1442a85cc5c4e124674e287fd233c37993a7ca3355d8b584c274f4ee051faaba2de56d4081b6c3802daff0d58c964a7002880dbd58a909fe09c3f8cb2399ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 30428c373ed63b660699e8b55658c1b9
SHA1 749f16fc24ba51544dfe3bdb1d9b8079473ac027
SHA256 e66077edf44e65bb396d4c522f0df966eebe87e095b011ca49c4a3a41cd70678
SHA512 eec503d717b7c2a171d5632aa37ffeb307db1344541f8fe415f27fb52c9bc7889f88de7e7f14bb302052d2972473d5becc45c552f8a8f084253e59ef93eff244

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\4915068E033569EC87AB8D2F9ED58328A21E922B

MD5 c8be37bcc6b4cfffacb9fb662eb63c14
SHA1 330238434b1bdfc1ca2942a361be076c548493f5
SHA256 12887a9460bdfd33e8d8f1698f2839da3715ba0442ba706ef2ffccb0ec524cff
SHA512 8429887f51e27fba2b1a7d09a4de82149c02f965cbe1f352088acef2357ebe53f3725ce90f5d5fae86c19259e543e8ce9f50e59772d5fb6976dc6793194f7cc2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 6b497ff63303c3e50c309522aca78073
SHA1 ac4efd451853ea4f6691035e89bc207ec48c8d5f
SHA256 4683d873897f0a944cd2aefee7d3145483a54ff113d65f664743918b350bcad3
SHA512 d17fa6fe1d6c20dbe20585dbe00ec53bd3f8244db618eedbe484ba03eb1bab826168f6de0d82dac0b5ed720207354f5ef78197685a4df3da3ca5bc19d3aeede9

C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

MD5 7d5d3e2fcfa5ff53f5ae075ed4327b18
SHA1 3905104d8f7ba88b3b34f4997f3948b3183953f6
SHA256 e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4
SHA512 e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589

memory/3968-972-0x0000000006280000-0x0000000006290000-memory.dmp

memory/3968-985-0x000000007339E000-0x000000007339F000-memory.dmp

memory/3968-1009-0x00000000086E0000-0x00000000086F4000-memory.dmp

memory/3968-1010-0x0000000073C40000-0x0000000073C54000-memory.dmp

memory/3968-1014-0x0000000008E00000-0x00000000093A4000-memory.dmp

memory/3968-1024-0x0000000008950000-0x00000000089E2000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a193913f79d98d1957a22eceec8c2b25
SHA1 d96362689b74eea793d7720f49bfb3037eaf3897
SHA256 92aa17a09f2db231f0282cca991a79bf459ee18641020f62954b152846318b13
SHA512 c6cf2f3aae5b5af78f35284b1f3d9279630b13c9a5c146fb505b6768729b6b2e71e90ddd42775fffb2fffc830fc4178e5b719bf0ff921044a9d94b014a070d05

memory/3968-1078-0x0000000009D70000-0x0000000009DB4000-memory.dmp

memory/3968-1082-0x0000000009E50000-0x0000000009EEC000-memory.dmp

memory/3968-1083-0x0000000009EF0000-0x0000000009F56000-memory.dmp

memory/3968-1084-0x000000000A490000-0x000000000A9BC000-memory.dmp

memory/3968-1104-0x000000000B2B0000-0x000000000B2BA000-memory.dmp

memory/3968-1105-0x0000000073390000-0x0000000073B40000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 13ff5a38bd8a7e9225269dcca05e3dde
SHA1 6ec8646e20a2056473ddf24e1a17a4ea67aad4c3
SHA256 c80c312065ca67158ebc6ac0668896c7585470a18afe59319e15d698381605a7
SHA512 2129369a131150e338ece8e08e7fd7ae2450876c714e638676a07309d52dde694257be705c7ada3a73f89e9400d24554d7d5d878269091f50497cb689237c316

memory/3968-1117-0x0000000006280000-0x0000000006290000-memory.dmp

memory/3968-1119-0x000000007339E000-0x000000007339F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 798cb9e70d972f4df6f0bc78c70d9557
SHA1 87a47a5290713c9fd9b9e8fc6c58a2a0d2fdbffd
SHA256 3b1b45c5b0d73c9489ac71d1b2b363d86d9e22744b91f2c8969050d11d306474
SHA512 5cf376bbd292feff80d6e7a6a17b007ce8565a32ba09663515f2bb2f99f7ea26b47f7d298f0304600d32a0dd65f411f7072548f92bc2c3c980d05a66a61bcd59

memory/3968-1148-0x0000000073390000-0x0000000073B40000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f6400b8eff0506bf54f85a418ab4704d
SHA1 16e65b1e4e23f554a8d0e2323a42aec17a218a0a
SHA256 50de9f9e1a3837f14b9452bdcb94e763c3f3570940f7fd3d3d4556356a49e11f
SHA512 9553155f66b670bc9fc0bf5a00b3b23cbd365cbb8f9c6f76b96d259e4210a2f6840e34b62be3a99195ae358da028453e013f2fce3e2ce77025b4eab68dee858d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 0e8cbb2ab11c1d2b2eb581de17a0a774
SHA1 d3dc1a0a2baf44acdd17e54b94b14d6f5cb63729
SHA256 2127cbe4035175e5fa8dc9e43634758c7e3a82518e6ed32330cc041fc1d4740d
SHA512 250db980a2cf6816c9300d097e8fd4afa7cc48c0d8de5c86101bf9cd8ba6fe92e8731999089f88f9fb614e1f11ad5c9a1767216d5c157bc61d921cf3f8449982

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 6f0abd430521e32ca715980386b0b45c
SHA1 08c0d0966baef3493ac84f5cf1018d816aac5c31
SHA256 bfd7e97841079f90f7b49cecfc5846bfeeb686b7912204aa8c0deaa98ea75353
SHA512 c187f06b1240b9e9ae5821788e90760ef4c5dc2bcebad953ce5ad10d4f047cd68e95ff0fa421f88e67ea28184bafc923bb0d76b8dd4a1befd0276a01c6555431

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 bad0611c456eaa10fbe6b6cee45a2a3f
SHA1 b4b683a84a80ab621051809054d6bc213a9ee2c7
SHA256 850624f9f432b8c2ee672d8e7c436993a9ce5e6aa597d3d5834252bf0aa15267
SHA512 5c06e207a0c980e4e7f2e5f99d27b72531f055488d814d3b0e55e0597328c97de919e9449872f130c9563b71860db998e9f7bdda8ee98d18d2ec20dc0de2e1b5

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe

MD5 5dcc4eba06f1de58a5e29d99c1590185
SHA1 8c08ae9d621a26ce38c88bf86e5b2d6eec53b948
SHA256 ccc04be55a15a3c34815438359cca1633b11d6a6ee57a0d312fe46fcfa26eeab
SHA512 457ba7ce346439583e5ca258d062c493c621aa63e4d23d70fe41541763558de113f893439dd2ad5a178184b053d4b6fe9959cb253c6e210af0cf09a0f02462d0

memory/6812-1261-0x000001C0219A0000-0x000001C0219A8000-memory.dmp

memory/6812-1262-0x000001C03C2D0000-0x000001C03C7F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\wpsua0kb.exe

MD5 06cf981eead2b52de3270b383a500325
SHA1 75f0e79a5fa2beede9a3bb94c204a2ce1d7cbf12
SHA256 11ce131e15da06d411fef9b6bc8583ddead77d38d5da13bfb6b90baa1539d8bb
SHA512 3563386ef77f3755d6af9cfb8854cf68172224ada3b9e757bb0c75e91f5fb5d4246b2e3032278f46d3e3708847cfbb914c0e918992777c9a1f42985ad9b78af5

C:\Users\Admin\AppData\Local\Temp\nsh679C.tmp\System.dll

MD5 192639861e3dc2dc5c08bb8f8c7260d5
SHA1 58d30e460609e22fa0098bc27d928b689ef9af78
SHA256 23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
SHA512 6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

memory/6480-1345-0x000001D303F80000-0x000001D304008000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\RAVEndPointProtection-installer.exe

MD5 31cb221abd09084bf10c8d6acf976a21
SHA1 1214ac59242841b65eaa5fd78c6bed0c2a909a9b
SHA256 1bbba4dba3eb631909ba4b222d903293f70f7d6e1f2c9f52ae0cfca4e168bd0b
SHA512 502b3acf5306a83cb6c6a917e194ffdce8d3c8985c4488569e59bce02f9562b71e454da53fd4605946d35c344aa4e67667c500ebcd6d1a166f16edbc482ba671

C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\rsStubLib.dll

MD5 98f73ae19c98b734bdbe9dba30e31351
SHA1 9c656eb736d9fd68d3af64f6074f8bf41c7a727e
SHA256 944259d12065d301955931c79a8ae434c3ebccdcbfad5e545bab71765edc9239
SHA512 8ad15ef9897e2ffe83b6d0caf2fac09b4eb36d21768d5350b7e003c63cd19f623024cd73ac651d555e1c48019b94fa7746a6c252cc6b78fdffdab6cb11574a70

memory/6480-1347-0x000001D305CD0000-0x000001D305D10000-memory.dmp

memory/6480-1350-0x000001D305D10000-0x000001D305D40000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\rsLogger.dll

MD5 4ece9fa3258b1227842c32f8b82299c0
SHA1 4fdd1a397497e1bff6306f68105c9cecb8041599
SHA256 61e85b501cf8c0f725c5b03c323320e6ee187e84f166d8f9deaf93b2ea6ca0ef
SHA512 a923bce293f8af2f2a34e789d6a2f1419dc4b3d760b46df49561948aa917bb244eda6da933290cd36b22121aad126a23d70de99bb663d4c4055280646ec6c9dd

memory/6480-1352-0x000001D31E4F0000-0x000001D31E52A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\rsJSON.dll

MD5 afd0aa2d81db53a742083b0295ae6c63
SHA1 840809a937851e5199f28a6e2d433bca08f18a4f
SHA256 1b55a9dd09b1cd51a6b1d971d1551233fa2d932bdea793d0743616a4f3edb257
SHA512 405e0cbcfff6203ea1224a81fb40bbefa65db59a08baa1b4f3f771240c33416c906a87566a996707ae32e75512abe470aec25820682f0bcf58ccc087a14699ec

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

MD5 58b8915d4281db10762af30eaf315c9e
SHA1 1e8b10818226fa29bfa5cdd8c2595ba080b72a71
SHA256 c19df49f177f0fecf2d406ef7801a8d0e5641cb8a38b7b859cbf118cb5d0684e
SHA512 49247941a77f26ab599f948c66df21b6439e86d08652caa9b52ffbcefd80a8c685d75c8088361c98dde44936e44746c961f1828a5b9909fecd6ce9e7e6d2f794

C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\rsAtom.dll

MD5 16d9a46099809ac76ef74a007cf5e720
SHA1 e4870bf8cef67a09103385b03072f41145baf458
SHA256 58fec0c60d25f836d17e346b07d14038617ae55a5a13adfca13e2937065958f6
SHA512 10247771c77057fa82c1c2dc4d6dfb0f2ab7680cd006dbfa0f9fb93986d2bb37a7f981676cea35aca5068c183c16334f482555f22c9d5a5223d032d5c84b04f2

memory/6480-1404-0x000001D31E530000-0x000001D31E55A000-memory.dmp

C:\Program Files\McAfee\Temp1499536332\installer.exe

MD5 b2b02a72e98408c9e0ebd5036bd7a092
SHA1 6d95b41ee0b8d6445e8d52048b4013afaf78109c
SHA256 b2c1ad8af3439bc7458130400bd213dd3db5aee8f49e295027c97b11dbe6bf58
SHA512 b74afa38d91f41b0ffd445999905d6a2f2a88bd796b0ced6c55db10de62c7ee468cc27e94f701bca59cfa6819b22869ce33193446cec0db69eccec1dfe85654f

C:\Users\Admin\AppData\Local\Temp\mwa9BDA.tmp

MD5 662de59677aecac08c7f75f978c399da
SHA1 1f85d6be1fa846e4bc90f7a29540466cf3422d24
SHA256 1f5a798dde9e1b02979767e35f120d0c669064b9460c267fb5f007c290e3dceb
SHA512 e1186c3b3862d897d9b368da1b2964dba24a3a8c41de8bb5f86c503a0717df75a1c89651c5157252c94e2ab47ce1841183f5dde4c3a1e5f96cb471bf20b3fdd0

C:\Program Files\McAfee\Temp1499536332\analyticsmanager.cab

MD5 dc4e5a62f9c5b04c8d3d20db961371f5
SHA1 12fb6ac6d3722a8bce60f77ca808e5959de95e02
SHA256 f43f800d8d85d7c5af3bbfa5b2ea13d183be8e8ad57f7a7fa4475bf603a693e9
SHA512 c684d5c877045855df3ceffa525dffbc53d55b3559d1dca19e10c586f2db7085cb395a6f933eccf8f2248e6338dcbad294b54014f1befb6b2534879413aa3531

C:\Program Files\McAfee\Temp1499536332\analyticstelemetry.cab

MD5 1d8f7c95a72a600b371e819b678be0f0
SHA1 7d544961dee72463f43afe8fdadd7a5bbb14a75f
SHA256 27f810a794170a97e430dc29a26169dec6bcea373ee000785ac089cac058770a
SHA512 95987dd1f3e2de393c9f5c201b89fe4a24d6581d7a036ad5124d5d9ccb9df76ada28dff504f87bb6abcb1b1d7a4832fb57e4204e6e5c9a882bfc823e7f3189a3

C:\Program Files\McAfee\Temp1499536332\browserhost.cab

MD5 ef297ee03d8ea0240a1821bcaccc1bb1
SHA1 01825ee74143242054e399d7dcd89c1e2edb692e
SHA256 b0004747c1da4ee30f93065bddda1e471338f07024d06e912cdf281333f7a0f3
SHA512 ac13a462e29b015990e2511eec9d8a3b6e224666b815a746294039296832a2699ea0f666b1a41efbe84fe145f213df297624ca69fec5f41533c247c289d3cb8d

memory/5292-1581-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

C:\Program Files\McAfee\Temp1499536332\browserplugin.cab

MD5 3afc7a2ed10d7804ee588a669a154ab2
SHA1 b5cc1d0eb51e389fd5c49a0ff354ca576e402f7d
SHA256 f7f7c0fabe6d53a3e09aeb38648302523cdae1efb427205661c5567257156313
SHA512 b3d4770cb4f9c7ca98f2d655dc7bfeac06e49cabf6934a043c92e9b8959994cae55006190e88f9684dd747e26a060de80c38b922a15a0f03d0325f2915f23c34

memory/5292-1584-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

C:\Program Files\McAfee\Temp1499536332\downloadscan.cab

MD5 830597a39c23a1d6234ef1eb5f9476e2
SHA1 ebb05cfb80da8a6d95b4123833f6b7f0c9230328
SHA256 dce5dc71a095b82388b5945ddbdfed67a25686df0e89a3ef64681eb6a85743da
SHA512 7aa363ffbb13cbf35db4da3ca5c56588cab5737b8eacea273ba0f94c7014c849f0f080b6fdfa7a72d4981af6f4fc3aec9c5b173e0a744c9b28cd597b8c7784ed

C:\Program Files\McAfee\Temp1499536332\eventmanager.cab

MD5 4d640a7698ce8a63be145717d1384bb7
SHA1 2aba5a5d24b66cb49da317311b8a531f993a170f
SHA256 de0b3de2af79a643e4b7712563a486786f470574792ab2e655aeeb20686ac116
SHA512 f268c6cf2c638ca16aafa26c2da8cf7822c0ff2415d56df31ea91a2d79380012ef388e7a67be508c4f5f5a2f6d54e3c4ca3ee26ee7c4aeb576c69fffc49be25b

memory/5292-1587-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1580-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

C:\Program Files\McAfee\Temp1499536332\l10n.cab

MD5 5ccc4c0645e5c35756c7a2e8bd6368f1
SHA1 8fb2662037c528993ea3ed80c6384f7b2cfafbff
SHA256 3e3df2de1e9122e6f0c556e1fd557829a6f05c1d95e56ebfe7f25865825157c7
SHA512 63da51cf8beb96f7fa3d27bd62e6655870c8e193809848450ccdd36dd28765e240279af744a54c586431e28cc02312c00ba439a205fe8725059927a3a316157e

memory/5292-1591-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1596-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

C:\Program Files\McAfee\Temp1499536332\logicmodule.cab

MD5 9501b1366feb857135e5d252618c1eee
SHA1 75c2463c0414bd7a446fae59818b5e09079f1bf0
SHA256 2d0ae00abb55e00f80a39a155272839d315f2c874ce597c3b2c49f89e8a34321
SHA512 05ddf40cc35a4d087033e9fa60c61e783e254d1d7f826078588a275502ea5f0ad68788213f73e8281262facaabbc80f613215d2a1f876e89948b8835cd0a19f9

C:\Program Files\McAfee\Temp1499536332\logicscripts.cab

MD5 3b9b80964bbfecac64f133b8969a7afc
SHA1 3bcd2415169b348bbc88b23285e71ac898c7c617
SHA256 1883bb949ed1f2f180a418b06745168a7123b378339f6bfccaae7a1acbdbfbf6
SHA512 8ca928177f69b5238639c5e11dbfdc02fd1d2bd46e3ff72c67f24965cb754c16ff72af730a2e31ccf95390fd41e03c354353bbde68711a7f76fc4b38681136fa

C:\Program Files\McAfee\Temp1499536332\mfw-nps.cab

MD5 006acd223a6f124b6d18dc54e518027d
SHA1 cad740d4f3228ddb9518a0baad6c75dd5765d88b
SHA256 22ffacd39ac79e89a2b90c4e7a4a7c7cf6d9c2e08e8e3821217770a727278b45
SHA512 8a21c1cdb957c1524122e992af6f6919ee915a8602fb63195fe3cf77984cdccbcffa79dea64ff87a8306d88b2bf79c4d18541468f5bfbcadcefb082e6db946b1

C:\Program Files\McAfee\Temp1499536332\mfw.cab

MD5 6da354da78b5a7c52be22572eb5efc55
SHA1 791b010349c7397157a97106b7336f008bcd5eff
SHA256 638278c1247e614fcdcc34892738a8e43f39c0d8b44848b4debf9021e4888903
SHA512 53aac6eae168a28be0ce4181a21633db6b0a64e41673ffb8c0620d901cea59a4bc59476be85da37834ba2fc61019a0e7eb82bd0a4d98da9e3b42a0cfc3924c7f

C:\Program Files\McAfee\Temp1499536332\settingmanager.cab

MD5 c0c685dd96b3f9a94a10197e4dfcc851
SHA1 b8745c84e5a573b7a5349001213229d704579719
SHA256 6ed8c980565ef3f3a091e4a8cf314dddca86e38465b62450a9c6ab153811c8e2
SHA512 03e1d8835b2845d529ee54487b8fe2abe63c82f28697bdd1115e2f7c40b24c0df8cca93e6b8d58b08e52bb4082f0131940917204ee552c85565ac7b515fbc492

C:\Program Files\McAfee\Temp1499536332\servicehost.cab

MD5 d2ac362ff38fea03b7b06b8ec47cbed0
SHA1 1dfc1d653c753fa0cf03f7277176ff539475d87c
SHA256 88a6f34ca571ecbcefdb56ca59d1772cc4db96856a67a3f4b00c4f4841919508
SHA512 0dc34db6b73a58b10271f273e0cd4da2cb0cd76895debef5e7d7322af4624049fd49adf650e3346e18e32133f28393f8b5c2b67304d2bc7d88becf9bce47c90c

C:\Program Files\McAfee\Temp1499536332\telemetry.cab

MD5 93d7bcc823aff1fcb98f1a913dadea1f
SHA1 01256549663cec9d6eb7e51d1d976111090f829f
SHA256 bf80c0e6f1b2ed8e7f2d72d8f4fda1c6fdb35f60aa75914e8b4867175b981759
SHA512 cc428ad9705140631a527968c5bef77acc00ed927a13a5433360b6444f4d492514d89d9bb5b68244cfeac8c1757f3c8ed95b0421b404bc3653903d0f6ac7100d

C:\Program Files\McAfee\Temp1499536332\uihost.cab

MD5 90a174f59ac31acafd2d4df00a661ec4
SHA1 483c58d8a0a4164e21cd503a805c42d95e62bc85
SHA256 96143a282e06a937a511619cabba7cef75b236b1e0c3e110b41efba47e9f2f9d
SHA512 77d389628ee12c1c55f591dac3d0a1fc34ab684dbd3302df4796d35a1bbd466d6518dcd1fd48b1ef07f2930e7b81bb2b04ad70b7d6254fa3df2e0b981e2d0f05

C:\Program Files\McAfee\Temp1499536332\uimanager.cab

MD5 96e263c704eb690d769c95b1c34d03ea
SHA1 6902e7c2f81c238a1a19994a2f22231204bac752
SHA256 d1ccfa367f07a6e271ed67f1f3f8f3936edfb6274d66a80086e9cdbb47931e0c
SHA512 a2e83fbe91c04305bce0eed423c8e0831e4d98c07224aaf59d8feb961f54eced4e569b9bccc751af718e263945a2cde0f3b3294a1a4dd61e6a437a1a7304b80a

C:\Program Files\McAfee\Temp1499536332\taskmanager.cab

MD5 8cf6c31c071ee0b2d40bd3b573412bb2
SHA1 d35907dc3c0a3dab95e9283ed240f92d9447eaa8
SHA256 ddccc80534f3a777be411a85e123a1e9e5a027a667099de9eb8079012b15c11d
SHA512 5b986dfceead00dd4f6feaf1d0c38e20f15148f5e57b1c13647aa788695f4ec082a1838b99c6d104359011bc2546c5ed10e6d3aa9f5bc4ebad5c2776aa11da56

C:\Program Files\McAfee\Temp1499536332\uninstaller.cab

MD5 2319c2aa297f5fcdd8956458f94d1a1e
SHA1 e0c9a5398274bdbe17163200df8b9200543b4de5
SHA256 adc108549827342ae93ed7163a61cca1296824b3be54e266dc5c779f8a7a87c0
SHA512 6778e179ee471c613947b729f6dec579f6b50640b46336b97bab5ee468371b681885058af4cabf6842294e868a03d72fd6e10b76f181f2defb9e516cfd38716c

C:\Program Files\McAfee\Temp1499536332\updater.cab

MD5 7b483cbd80605019bc216f9babdee9cf
SHA1 ef89717ff63335bb0689b7aea4acbe512d291cb6
SHA256 4939f02ac5bef2bf850dfde34902dc84101125b0ac3cb0ed71b2dcb9459b833e
SHA512 924c0732fbfbe01df6055973e2005dc084314edc16867b32d9f7356ad24ad3756cc2bd8ffbbd5b50b5553edf285a92c51c33b0682557e66227e89b95d04d3edf

C:\Program Files\McAfee\Temp1499536332\webadvisor.cab

MD5 354ba45bc1f16f0f644723e2660e3ca0
SHA1 cdab1b7a3ce71eb13eec62b4cadc1ea5fee6da45
SHA256 b436cf419f88f409a7d27b43b5932c6e381c5b6a93a323b64051cd7c5ef59ce5
SHA512 e381fd66dbdc9b5d839b95556d0085d550c2a00ba1fb0430d41ca4bfd14c7dac21eaca57ea393ad7e953940300deb14679e9db7a0fd54f9fe0729a4be009e456

C:\Program Files\McAfee\Temp1499536332\wataskmanager.cab

MD5 a4dfa367963fd3e46210d3bd0b4102b1
SHA1 9dd28c37af5b86c1f20e52933cf9ea47dfe1fc60
SHA256 f4670f2db3e33f2130b636af2faa495a52532ec304a58014ae2128242aea5047
SHA512 339ca24709b5577fd3b20170c6b6e75d80f19408b67fb3188b5b9e1de7a67a5ff2f5eb8002519ba9ca8609aee0b30858fca02cc455c5f4db15f493a3f3ff8f6a

memory/5292-1640-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1647-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1660-0x00007FF78E0A0000-0x00007FF78E0B0000-memory.dmp

memory/5292-1652-0x00007FF799DC0000-0x00007FF799DD0000-memory.dmp

memory/5292-1646-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1748-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1798-0x00007FF7865B0000-0x00007FF7865C0000-memory.dmp

memory/5292-1816-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1809-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1794-0x00007FF7A0F00000-0x00007FF7A0F10000-memory.dmp

memory/5292-1793-0x00007FF7A0F00000-0x00007FF7A0F10000-memory.dmp

memory/5292-1779-0x00007FF7A0F00000-0x00007FF7A0F10000-memory.dmp

memory/5292-1774-0x00007FF768C10000-0x00007FF768C20000-memory.dmp

memory/5292-1772-0x00007FF768C10000-0x00007FF768C20000-memory.dmp

memory/5292-1719-0x00007FF768C10000-0x00007FF768C20000-memory.dmp

memory/5292-1713-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1690-0x00007FF7DA010000-0x00007FF7DA020000-memory.dmp

memory/5292-1681-0x00007FF7C56E0000-0x00007FF7C56F0000-memory.dmp

memory/5292-1645-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1644-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1643-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1642-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1639-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1638-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1637-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1636-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1635-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1634-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1633-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1632-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1631-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1630-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

C:\Program Files\McAfee\Temp1499536332\wssdep.cab

MD5 784f7df7907c8bbb77cfdec26176b715
SHA1 cf5792a14c9311e2b98a3122d59178ff536e4c2d
SHA256 4d49923aaaadf6a7dd4f9c093dbb6878a00363a3e0a18e5bcc54e61175aa8d80
SHA512 4e3edadf6939fc8a6fd1acef72460d782397ef7a6e7abce7ca1a17b6e3e7bdda54398091b6be7547333d50b79f2faa08dd02c17a53900a12d3c83e296b5cde2e

memory/5292-1624-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1619-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

C:\Program Files\McAfee\Temp1499536332\resourcedll.cab

MD5 08b4e5d3f3b19bf35be7e71f107c5e18
SHA1 64672efa144601751bdcd50f217b15c767a15dfb
SHA256 f39012b54ba8ab45afeb81257fee103d8e96f74eee8abfdad1156dce80f19254
SHA512 cb28690c7cf4ab22e849a8f3b3fc3e2dddb971f0e51f32516dc6461acdfe03e5b52a9694fb37210a41aa6d26fd61a31478f458fc0b3c23a43aae0c14ba157536

C:\Program Files\McAfee\Temp1499536332\mfw-webadvisor.cab

MD5 b180379055383f30732d39eb0269c79b
SHA1 050de5a6a4fd8297e31259f0e99343648d798a5d
SHA256 e53a3fe148a06433db5f6b1c880a47836d7a55cabcc96eeecc1ac82df95f8c90
SHA512 f8d60ab6c6f266d48cf828ccae7d0b54381e49e8ebe5cef6ef5a74a7158873627f378d7f6fdee6e55ccf516cde1876b442330723590454fd0982315c9755f351

memory/5292-1611-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1610-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1608-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

C:\Program Files\McAfee\Temp1499536332\mfw-mwb.cab

MD5 1753f1f1a623519d38631a1ff7237fb2
SHA1 b3f2e94372d3bdbde8c99593f68d93fd224999ff
SHA256 83f3e39419cc39af3b448b12ce9223b9f1ab344d5fce9c0bddb8553ef8058cd4
SHA512 34a62b1c61ec80c07ef9df669d7de77bd671b801289f8bb2739f57f989281e96513489a90e9a5872ef949ffb559b2036e9ef4afb4d6066921075b0d71ec66bc4

memory/5292-1606-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

C:\Program Files\McAfee\Temp1499536332\lookupmanager.cab

MD5 ccd008b192ef72a73b1cde8e8da62d9c
SHA1 e907b1f670e0336fdc5085e30447b3accd932a3d
SHA256 7b6edb3ff653a4e35d46b7df1d38758bdf818de7c11b58960933aa60d0b9906c
SHA512 089c1ff9947ae2add2700580ca9481bf4dee7b258431bf8d25efb4fe8682ddca4f85956c3037919888c959a9a823889959dfce1f9a1b84938da5359dbbf39aba

memory/5292-1603-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1600-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1579-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1578-0x00007FF79D0A0000-0x00007FF79D0B0000-memory.dmp

memory/5292-1845-0x00007FF768C10000-0x00007FF768C20000-memory.dmp

memory/5292-1844-0x00007FF768C10000-0x00007FF768C20000-memory.dmp

memory/5292-1851-0x00007FF768C10000-0x00007FF768C20000-memory.dmp

memory/5292-1856-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1864-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1862-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1863-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1860-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1850-0x00007FF768C10000-0x00007FF768C20000-memory.dmp

memory/5292-1866-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1874-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1881-0x00007FF768C10000-0x00007FF768C20000-memory.dmp

memory/5292-1886-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1939-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1937-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/5292-1884-0x00007FF794720000-0x00007FF794730000-memory.dmp

memory/6480-2495-0x000001D31E600000-0x000001D31E658000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\Microsoft.Win32.TaskScheduler.dll

MD5 192d235d98d88bab41eed2a90a2e1942
SHA1 2c92c1c607ba0ca5ad4b2636ea0deb276dcc2266
SHA256 c9e3f36781204ed13c0adad839146878b190feb07df41f57693b99ca0a3924e3
SHA512 d469b0862af8c92f16e8e96c6454398800f22aac37951252f942f044e2efbfd799a375f13278167b48f6f792d6a3034afeace4a94e0b522f45ea5d6ff286a270

C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\uninstall.ico

MD5 af1c23b1e641e56b3de26f5f643eb7d9
SHA1 6c23deb9b7b0c930533fdbeea0863173d99cf323
SHA256 0d3a05e1b06403f2130a6e827b1982d2af0495cdd42deb180ca0ce4f20db5058
SHA512 0c503ec7e83a5bfd59ec8ccc80f6c54412263afd24835b8b4272a79c440a0c106875b5c3b9a521a937f0615eb4f112d1d6826948ad5fb6fd173c5c51cb7168f4

C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll

MD5 29d2c8df586879a81d8b4e21c1916a4d
SHA1 221ee1eb754113636bdacd00a18f9e59661f4ebc
SHA256 ce6d31f4ca28d5ede624fd724e8a99cfb47776391a4339090b1abbbf7a0be4d8
SHA512 7cdbc57d37db1468960f871f55e639feee954661e0d159a38eccef6c2270606e32ad49779fe409ede69cae960fcfbc52e309115d7796a27ffae914a256377130

C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll

MD5 b2985f3137a70b3f64fee061ccc5f2fc
SHA1 6af2342ddc4acbf308d519c5857efe3f3733f55e
SHA256 2d7698e65aa98eb6bc73bd387b4fe3730f22096907e9d4eda206bf217ba0a7ac
SHA512 246f33db73132333ef140ccacb3479f38c72698d1bde960b698abc8509600a031fed67554db7b08328fba6da3372e0fcc252b11cfa712448b2b69e0d08f3f660

C:\LDPlayer\LDPlayer9\dnrepairer.exe

MD5 a04a36948ab451c5344aed3ed9a3f9aa
SHA1 c429b59db40462069c75706059d37348d4d8d6c5
SHA256 4879f7caca2ff3cda2bc551fc895ea24b06b6b61767659e8f55fb6317a28fb5e
SHA512 c549b03cd85de0b7be3e2783a6ee9fc09622a60750f43903a4a98f05f0d975384ddbf68ffcda5575c68cde2a9e8aa84bdc05e15174931ba5dd45dc5053f33056

C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll

MD5 daeb30acfabe42c4815d04673d167b63
SHA1 23ba3e0cf2bca87ab6a984a9d2f846bf5832e1b2
SHA256 f6bca637d5cf3d5eba4c9b48b6825ebd8a0f324a59b70d756e153b6585666ca7
SHA512 5678ce77b1b73eb0fbeb96ca305b411b4ad7b2c4a5ff78370c9f216dbed36386ffe6411328ddbd6476965c7acd89b4bc7c15de9354ee98c5b4f88d9968630440

C:\Program Files\McAfee\WebAdvisor\SettingManager.dll

MD5 1dda4e57701e0cccb6110c39c9358a82
SHA1 6b94553fb9d5dca7416fe732f5966bd9393dc65c
SHA256 b9233e27bc39d38dd73cfaef09d08eae86969d44c23ba839614d616b19adaa76
SHA512 95fbc786cfa33361ae518c170027a8141a8448de751ed8e7b998cfb058025ce4438c9cba2f24f268e6364f63920216cdad24c2cd1759485d1647eeebc9fce496

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

MD5 af384aa87e3d70f7a687c5c60da2fb7f
SHA1 32e4154ea9316bf82590e7480ae51283cb6b6e4c
SHA256 2976c862c9813b309f696f3cc96d516c96aa9b42545888615591d268f23f5762
SHA512 1cbb5dc5516d1143d022a1548893a2199491baa4b1327b5aa0398bbe42fd4e7f5e1a484d6a1f15124dff6d5d8bebc728b58442de388f34d1ead78e7ab9f8a852

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e06e7d5792706d630a11034d7ae001cd
SHA1 2bf3b1964c7d459c5b3ad2649678ef47dfbe9baa
SHA256 066daa5c5775aef9846669348e735ac9a2aef74035578fb4856d7a17553e7095
SHA512 0fdf0fa60e9483e2916923d29ad1a2f5573f8078047712ebc414e35880b6136802c69dabdf9188ad18d0853c8cf9afb1be81133cd87979f54b0617af638b5a7c

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

MD5 3068531529196a5f3c9cb369b8a6a37f
SHA1 2c2b725964ca47f4d627cf323613538ca1da94d2
SHA256 688533610facdd062f37ff95b0fd7d75235c76901c543c4f708cfaa1850d6fac
SHA512 7f2d29a46832a9a9634a7f58e2263c9ec74c42cba60ee12b5bb3654ea9cc5ec8ca28b930ba68f238891cb02cf44f3d7ad600bca04b5f6389387233601f7276ef

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 a7b0dabf4a52b6827c35de1e05111ba6
SHA1 21065f550492165d5290446e433e0f9cdefaeecd
SHA256 b92f20569bcb06eb12a87d278592af03f564281ad9803eb8ee748eed0c4afbf2
SHA512 5c4996df6335d5cf045f09d04ccf2382306ab4ab962dc2ab1889248df00f1470a336724bf137986df7be60e6b5b2417d75e4270b18f3f87fb533a8c1c530ed3d

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 88503d06c32ef6fb3ed6d31e99788b58
SHA1 9321a6f74498dc787c00872ed9ee7b583d9beeda
SHA256 b2e0f8cdc900ee8544a2f827b881a100c5884ba51f7687bb73122f2aacf30021
SHA512 0f1591c80f8969b6105d036eb78328f66ce0e775f4e833eeafc2bf83badc6dbd146370217be47b96fe8a6582857985413f217cadd7baca6b08a7368cb441aeb3

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 499f254edc3f3dd8b96c2a0dbe2d0fa3
SHA1 18a57e91c67254482de7ec20af2a18999a7c1ed0
SHA256 d10f9aa391bfe522e49c80ff135f015f0bf104d8ed90ecd8d98a8da4d9fdc1b1
SHA512 fcc0a7f47cae18db270482470e1c4e1d5733d44ef698397c03a1bb8160d7ff9829742533a8dbfb4fea2b39bb76d025bedaefcc9c24ade2ce27e50b238ebdd5ba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\19254

MD5 ba059caafd5f72b74b0687578acb41ee
SHA1 5c0b33bd1d27668d526882f3a3b9e386c450203f
SHA256 2e855c38257015067789d7064dcbc1dc37bc6027b205ad970c41d419643273bb
SHA512 af98124a42eb814d00ebd531350f2e1668f38268bbb82e6bf134d0ee539c371ffff8864159b6a191bdd0321f7a1658a430cccfa60fc4609831c65541a9b05665

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 9a38d14d2bd84916cfaacc8b800e2b19
SHA1 179100b144c505f9879e27855b0cffa88009ecdd
SHA256 9fa716191cd8bcb00390148863c6f5dfcc2364494cd27da99d47e6be062cb1e6
SHA512 1dfede4b8455f428d10fd5ac461a965f9c118e57e5c8fd66539b0e1c169b634261564167cb648fbf07dfc6a497e8bc2998061fabc04170923cb9f8f9b8fd807d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\32622

MD5 f07439f4887aa1046adb842558100889
SHA1 5a5b728aa903d54b5f05d2731bc1bc21cdd38117
SHA256 f866d900b72458cc4d54fb2909901003c422249da5cde8e0fa0d09715eba4b1c
SHA512 2c8bf1e847dba4f84a7b483b3bf1ea99279eb8422f7d7671fefcb85639e54764579a40181053adb545a4ef63eb5bf9ca68759844be3fcf3b08347587617e2721

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\12467

MD5 2fd044fdbcc54e06a856fae67a5cd80c
SHA1 7c97ae7c716fe139430cbe566083aa65435a7c99
SHA256 a4db460c95bc34641827c8607411f4d7cd3944f71349c20e63b700f850fec824
SHA512 a8ef9b5d8c88e32dadf05e8dbbe20d0223ffd1ef2aebe5bb30ef032a6048ba5a9fde029e4cd11c4f272ee25a48a4317a203d96e799c3386e96cf96e2e38d32ef

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\32173

MD5 b5519632ad5664d88cb17003185abe90
SHA1 a980576ff75a02e518c055097bc7655f8d2c9fb3
SHA256 169a667e686adff04ada2d7f75d3097d270aa24e77c7ac038f0aae404f7b2b22
SHA512 23e6d8359809c960f412196dc968bc9fc31ed9596b816b1ec9821f8b24077b8a65b1dfbf7f0f5489215ff319f923b3f6af7a7e7486d0011585a7acfa8bbfd11e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\23161

MD5 3fa5402582a8ea2a82ffe4761ed7c1b4
SHA1 60ef3a5d7d48bf504c5bc7610af46a2eb7d17c4b
SHA256 d64a67e5affc48e4c9954a5c8c23270358b45c4192786f46a067564ec260d47a
SHA512 418ea50faae3de5e1fb2be16adeaa97ca47ba2cdc64f653355a283e325dcff0f0d2886a509d32ce58e2c318b0d979ff25207d58b23d40e44f3ccb237ffb91aa3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\27495

MD5 c4389b59842eda94b748dcf6f0df6d09
SHA1 e3827c5c120d292d4248fba90c025361a9465b30
SHA256 f1d49f2207606cea0baf3e1f72a9d6cfb31b4b6dbd780114ef746d2e4f2827b5
SHA512 88df4918915419c570539e7a26119d8a96703d092c1b0aa3a930a07e92de8fe969b9ef5ef2dc2bb7e67230010bd9fdd7b357ad5b45665f3131c787d3656f7a4c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\24577

MD5 72d4eecf059e4f593ddde55f813219b8
SHA1 00b47ccfc46ded9fc92526c189d6ec1b822b4023
SHA256 65f13d84570288af656ec21492830d96754fe6f9c9ab7edd64280191125deda0
SHA512 4c4faaeebdd3d9505141432f68113b560324c538e6f9d2a6be63799f241eacf13e46fe5148c0e10ea29e946e1f86bc0a1ae4daa2423084d728a8cff0859a6743

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a8493c7b1053e05afd2ba41825c207cf
SHA1 4353e20b8e9a8faca7b499fa85e41b26ac17f94f
SHA256 8ce9bf4619ef6cb222eb9289e518c437139652bc0ebbebeb3662407e4ac23f40
SHA512 32375bf6dcb3c6e311b97dc910002d03e36e0c6b965be724bf3e2ff77a65ba12aab81eb1140c30b0c2c010d5691abaa3bce3bc41433d53ee85247a84f31fdc88

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\28752

MD5 4ebd319620962ba7d061f60f84b20ad1
SHA1 ec0260967045b4ab1a4ccdb552504cf3a9f427d9
SHA256 d20ee28231ce1cc77210a942f6a459f009785e55962ebd0271e272f0da98573a
SHA512 3d1f705182be84ba88280a531de6b681a58081a83380abfb2c9fd0cc32292a1193d77a1e9facdfafea84988b78ea2f32dab51f923dbbe524e56721fda4491024

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\15690

MD5 f50570f2f02e048a419301955dd791b9
SHA1 e394a8c835761266eb9b32fbbc4960a69a9379ed
SHA256 8366a3cff663d5a22be3afd85647729257d26e7d901d089695cf8de86b7350ea
SHA512 86d1fbc590a8e77bb7851b670446d9eb2fd319467bb57b77afc6cad0bb4418949b1bb28a8f166c0bb384b98b8b9ed198712a83780971f1508558c1b543eae458

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 2abcdbebfc8a7246b117403c4bedf62a
SHA1 c4009e6ac6f937f9bbb455f6294c2254842a16c9
SHA256 805f25185ef22809ee2676efa7ad28b15e4519c0ed9520ec49fd0d93d49f73f9
SHA512 0bef8ad2cd0f1cb4522d9034712e409bb79fb03e219ba6e540a1d5542dc53b58a346bb21e202d34c6f10926285774fbb20705b4a7c3f5ef1c9802ac0b7baa1da

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 1f6d8369f7de81e708b8ffc76dc1c8dd
SHA1 c011c0677a7d2be0bce59970c454ec3ea407b385
SHA256 3ba84cefdd34c671a0f36578dffa95095f70fc0de0971a6aa86d2434ab7fd7b0
SHA512 bd1c770a673d4b2110cd5b6da38b861f9fed6fccb034739657457516919b16fd9e4d487fe532f2806b0a73ea029529c3d3caaaa28fe1234dc608c0c6d65c61e0

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 b63f2dc371c3e8b69264a9907e2a2154
SHA1 f285767b527d56048b4f1f371caed82ccdb232b3
SHA256 88a4311d3ee75902c4d36e082e77240c91ea2392224260b1027bf700fa2d86bf
SHA512 bd62cbf7ab82a35aecf0d977096f6d95cad55ac4a4065e844a7e8dd43503db80da37fdf859836a2ddf2d5694ecd10365f82cda8c1bf562f320ffb96065ca93fb

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 5970ed6087ab8e514ab55e378b3a1fb5
SHA1 f1fdebb03db12373563ed6d6a9f5fc3ea9f46ad4
SHA256 2e67089b53e97601897d530fbe83d6dfa891b9a77a03ae37cc3d59eb1ec0ab27
SHA512 720ffc6cf3a37d104fe490ef198a771b292dbb3463390aadf30589761c4d520c5633b944464702ffb8196a678dfb6206d8277838e1eebef37bfe4c647a2631cc

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 f1c24aa5d68acc88afd4ebeb7d29423c
SHA1 3069823ae4fe6151150770ca24b6de9d6b1f1544
SHA256 7a2896f82b2f669658806ecf55d87aa581e0afb84ca4e02290d0bc88804de771
SHA512 e715f0baa3dd08c7e8155e7d892f7c7e6ab1ae59dbd987a8b77d9597241f4d007c1f042331c8f2e97f29af9245908ac883a035fd85c8fc0ad292fecdecac1fe3

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 1f72212a2a845f830caf291249f453f2
SHA1 30358991eecb976b4267f42f4ae577edc9b1d304
SHA256 713f6bece65c7875969bf4115e9c359468708d6797b30b22814eed608d88595b
SHA512 78828d898f52ad0d4e8d83612101ff5241ba2d9d44e458f2755dca8574ac417a4eef0525ad3332609885b852e123e537bc2eb2cec13c2f61cbd2749167951b02

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 6fc0fcb316458c1eea8c86dc59a5c7f1
SHA1 7ec79076132377e09d7d74ccbcefe3668d776cf3
SHA256 7e293880e7ed0bed72dc9965a92c07b74de907ae11ea9d8ea82fd70fe00fc0e0
SHA512 3563791d924331d18d37199c00c37ed91b9dbc9262caaccab4a3b6902d8547963f4ea78d2a5b9ce080e96b45eed66c0b3b041d7a30f7c2472322a5e485355e3c

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 f146d5a89e549453812474879eeefcee
SHA1 509182944296638d50c9219bf4bbd34315c49b78
SHA256 be96d9000e897a738e18cc9520b06754c3082c5a04bb4b079abecc1a17ee4b24
SHA512 cde2d3949fcc8f0242c3f8ce74fa56f8df29348dfbecd033defe1cb374bfa112a4f281ea21e232e2fab399af804527fcb2dd3da2ab62ae1eb7cb0d278acab002

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 89d622bdbcf51e8ccaaf2b8015e8ac8f
SHA1 1ba2315838070aaa86911f56a06188b7841edc24
SHA256 66b8cefc2f6782474b905086723f8ea7817b53e38c1a5c92ba24079e49b68e62
SHA512 5a7250a8f93f520f584b432d27ed71da8962c84b06af11f0dfe6e623bcbc37a49b08be1471e8fbdb2152935affac8463a7f0445f7c94cfc3207d0320569bca71

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\3BC9DBAB885142FE32E78A427E903206DF7BFAE9

MD5 7864231f46cb63f0408f6d2927f21c0d
SHA1 5a56668abb21b0755d2ac5b030feb8fa54268e1d
SHA256 ac1b332c259f6a564137d63020af54127ae6fd7bfd43596c5d39fd074e8a0e09
SHA512 aee3a3f8ae477fbc125e83214cc97efd60320f0afae3e3e46b30e7cc60885d7425a38841737a1abf866db744325f4c7b4fd6ce41924f31cf84c1ae5b8bf9d2db

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 fab7804650e0af692479b54c5f4f0a0c
SHA1 03b9f6c067589fbc6f329e6d221150ba46c4d421
SHA256 63b25175b6c2d0df59416b8af2933aadd06771cdb62be1b975736d07f04bc12f
SHA512 791dc2905f9eb15bb931ec11756df1e6a0e34155a594c23b48f9d6f610838de4845e5d843a73c75a10ad796831c46dbb54cb402219d7d367b067ff98f5ef2c00

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\304

MD5 7dcd6f3dd37ea3f95545e3a61ee4a286
SHA1 2462c4edd74d1dd5662f9c75cdb243639a6446e7
SHA256 92b6ce62ebbdbc0a58d54e06919c18bf26a78f9e27952ccea2e391a82bd74580
SHA512 81d27be6876f37fbd9d98f3ffccc7e60f41834835fda47e37712ba35d916a76ea350030c00ffc9333c8a0a12e2113b32d906c1d0e0cad6df01a3461cc93ecf51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8a6530483a006e75cdcb65b74f91d260
SHA1 8430acf1f003984261f9484fc710791170590b68
SHA256 872abea49370f9e668aadc15aecc0bb1eb907a67c169ca3ae567f1718a352462
SHA512 3339c93c28897cb33642a3954c6f140baee7b09d2282032d41e1dcf092eee9f6dc1ce418d001ba0d7d1c2a725e8ed50cf0416ff91387028be7793b73c7a93149

C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt

MD5 ed2a5cb5193eee97d3719792c58650a9
SHA1 911b56bda7e7f4ed029ad7b65455b401efc044c3
SHA256 c8635da6b3e2bf9510c8abb232f63d49bfe565a60798dc699e300e6360083319
SHA512 683053099b64a4ad4fa03b8cc27bcff7436f0cd973085dd477210afbaeb6d9c71516f2e006e88f7927a7a38b1281cfac79746aba0370277c7395b6d3da71913f

C:\Windows\Logs\DISM\dism.log

MD5 0fca0bfe854d3c24fef600e7c9fe67e1
SHA1 e3ef33924c1eba91f823b787585dbddf1ebbf6d6
SHA256 3d03eb089bc2d5280a7105c5fc4066ae33ff0f051102053f271b0ec0055598ae
SHA512 275124f4afe1da0a5bbea7fc5c33197351221d1e6e91ff7838f241fb86985210cdfa7a8c8ee6f09a653ad57e57391f74da76527e88fda9583d483cd4a3921588

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 ab8e7882c7ae98e3555f714a1e6eec20
SHA1 b83182654a37180c61450104d48ef494bb01dac8
SHA256 7bf49fcda619ef2e030f2e95b6468355376f44243333bfb26cac61d8dac1c51d
SHA512 37ffe338229ba1a3ba99d0628ea91ff31fb7c71dc53f8fccba90988edadc74b2fd973b0f320862a4fff67f164ebaa939d5cbf0db4eef0bbd37652f43760247dc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 566773c8bc77e2c072974a271251397a
SHA1 044573b93dc964e336c1112fececb76021feeffc
SHA256 83b730d26506c8d5194c4ea806b61feb6fba2d7026f71fdf4721e980d67a3fa6
SHA512 acd4445c198c200a224ab33710f5316a00e8388c8c1b7937152cea8d1e4f216fdf22c7c0b241f65f2542e73f10ddd5cdf764bf540af94b5cc499726e9124bc70

memory/6952-4481-0x00000000026F0000-0x0000000002726000-memory.dmp

memory/6952-4484-0x0000000005200000-0x0000000005828000-memory.dmp

memory/6952-4485-0x0000000005170000-0x0000000005192000-memory.dmp

memory/6952-4486-0x0000000005960000-0x00000000059C6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yctlx2za.yvs.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/6952-4498-0x0000000005A40000-0x0000000005D94000-memory.dmp

memory/6952-4502-0x0000000006040000-0x000000000605E000-memory.dmp

memory/6952-4503-0x0000000006070000-0x00000000060BC000-memory.dmp

memory/6952-4594-0x0000000007200000-0x0000000007232000-memory.dmp

memory/6952-4605-0x0000000006600000-0x000000000661E000-memory.dmp

memory/6952-4595-0x000000006E5A0000-0x000000006E5EC000-memory.dmp

memory/6952-4621-0x0000000007240000-0x00000000072E3000-memory.dmp

memory/6952-4625-0x0000000007370000-0x000000000738A000-memory.dmp

memory/6952-4624-0x00000000079F0000-0x000000000806A000-memory.dmp

memory/6952-4626-0x00000000073E0000-0x00000000073EA000-memory.dmp

memory/6952-4630-0x00000000075F0000-0x0000000007686000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

MD5 9070f481d96ec9f35ec3d14e1b33fcb2
SHA1 d420d2f284c6ca5ea61c17477b4c4ef9829937de
SHA256 52c4cffcd576c9d4bc28ae06679a70181d695954b62f0ed65bb350d3dfa3cc4c
SHA512 ad08dc1232a40046200e8a6e709de0ea3c3ceab3824ff218b73139604ccd44b99ee1e514a7563d1bec97d242d6a399e05aa6b299a0c691ec2cf953d9b5cc3831

memory/6952-4643-0x0000000007570000-0x0000000007581000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 52df990520713099655d6a86cf572295
SHA1 8b02c94d2a5fd077fad2a9eeda5df15548482916
SHA256 d07acf41e028aff34966f82fcd9b4e58e60f4abaaa1e27f6efaffff8b709f052
SHA512 a05cdcbb04e403aec14aacf767501f450905c5e0cee6c9c776d5fa4f30d5969c8bc6b705f0fb286cd346f15aed1a00492b2f44a0472df8df4f501a7c645a1de8

memory/6952-4679-0x0000000007690000-0x00000000076AA000-memory.dmp

memory/6952-4678-0x00000000075C0000-0x00000000075CE000-memory.dmp

memory/7488-4692-0x000000006E5A0000-0x000000006E5EC000-memory.dmp

C:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 a723044f1c511790dd0ee3a3fa68c4cf
SHA1 670e6f907c2557c9685ad26c26d6d8fee5139942
SHA256 861be3e240b075752d52c7b50c41bf22eab9314db4f11a20362c648198a0f2e4
SHA512 0fa7da71864d1abdff83d3aa01597f5902c01899513b0333bcc5d756a15be02b8c5293b55c1d88e556010f53412a7dbd27b57b63b1074565f1f6de8e2952377c

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 f96c25bb4feee47fe4111660fa0706b3
SHA1 284126ce4f80b6bfd6037f6137dee90c941e4eec
SHA256 9b5d44c60b18b36bcc1cc0e28585ae168d92239beda197d739c3e64edb229867
SHA512 b4297728f031863ccfb50de52d18f443d6ae893322e2f6b315497e187329275fbf41828867e614b35e9ff60ac6e3e1ae77d876fa8e131336c2d6a1fb6ff7db36

C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc

MD5 70058f2d60daef1ccc7bbcba210f0ace
SHA1 ef214ade419a724272ac82e9de5233d7c0afa64b
SHA256 43b26f40e04ae6854569a01803541245abffcd130f1345191afd8bf6b0ca7873
SHA512 a0b3ca59ffad882fbff69012023eaa8aadb77d3ff1252562e5480e7dc3c9336afb3c5f58fb435246ec48c758d3c9d17ae9ea8a28f9d4766fad1a4c672cbf9b9a

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf

MD5 93b877811441a5ae311762a7cb6fb1e1
SHA1 339e033fd4fbb131c2d9b964354c68cd2cf18bd1
SHA256 b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b
SHA512 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

MD5 135353974cbebf94b8bc48d682f8f5d8
SHA1 0d8911efa7759516fc80961ec42ed6e15764ceb8
SHA256 3da6db19e909805066bb41b1674b76b9b1946e99aefdee3ef96a0ee73b9914c1
SHA512 1896e77b05162f9624ecc2139866186260b1adfb6a1918f04f9696dde2e7b5b4c2fb64533c20abc44ea0bc42afed692381cff956a458b1fb420e5b490f26f998

C:\Program Files\ReasonLabs\EPP\mc.dll

MD5 c85b6e5cbc8cd0cd668a95378cf2339f
SHA1 a53d71a00a4d1ee74de71543846ddbeb568b29a1
SHA256 ef6f5493f21fa5fdac8b6b669ac6dbc0923e5c7c794f075413f27ca6ebeeb4b1
SHA512 7067887375c5aa40b1732d648185a0d231b8d87a43b63fb3670dc5099a56c7c7356cce43dc48cad6e96c1585fdb2955afa8a50d3a1c7df1994e80705f76aaec2

C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

MD5 fa16d0dc50b77c9f8703b5b36d774107
SHA1 ec426639f3bf3a563491ac53b70bb5eb92e5c314
SHA256 94ad9f2b387a5e6cbd0f7b2259e37533ca80aaa69ba044db6a022661eaeb606d
SHA512 b2e50634a6a7a116c71bb56dc045f29f79abd5d831ed1ac4a4fb7ab6a452321a814b9877b1c98cc0e185c6b6cab5bfe3e9435a43f9f4d1ff4d515109779372cd

C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

MD5 4be222b0796df9d496e9ff02c389c304
SHA1 a50131cc3683aed3c32847cdd0b8b976951296ba
SHA256 ae6d512a1d4f0f4b91a699c80eb6b97acd3bc59b22375a3039d74b58b31e9c2d
SHA512 26cccea83b3f1dfe84c63cacd4698d9eea373219cdf810f5dbc1ace313b1478d753eb5547ca186076e878883b462364dd80136805d7aadabd5917cf485a55eaa

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

memory/6480-5253-0x000001D31EC50000-0x000001D31ECA6000-memory.dmp

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\2978ce56\398d2086_f8b1da01\rsJSON.DLL

MD5 fa63504382f4f3f92fa86841d9e97f29
SHA1 0bde02c98741bb24eaf501bd8e2d9738742cd042
SHA256 5f0764e1998464f63c6583f870dd3784921b752b91d8e450fe2c90153cb5e58d
SHA512 c8483d9060a6800c8dedb4d5fea7cda346f742ca1a149c3eb608823209aff1f00bfcc5b0caf9c482c7b01d75f6e198edfae3b0100cb0dca6e5b5f18336abdee5

memory/6480-6874-0x000001D31ECB0000-0x000001D31ECEA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\4067259b\a6e62086_f8b1da01\rsLogger.DLL

MD5 e3fa0916f33bee8a14f28421d2dcdc9f
SHA1 fd3dca4db55e81ebffc7609c5d63a4ffbd6629b2
SHA256 29aaff11e775c800575b1a5d4160daec749dde528e68bc3b6e9b340279ed991d
SHA512 fe96efd3cf162bbb766634c3d90f707d868378dd04e47aa9d55c03e03130f54827f781639383b053c9335d022ccd6b244b67e586197c2b40d193dd58a4ee8cb6

memory/6480-6890-0x000001D31ED30000-0x000001D31ED60000-memory.dmp

memory/6480-6908-0x000001D31ED30000-0x000001D31ED5A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\f11b8b52\3a800486_f8b1da01\rsAtom.DLL

MD5 044d60780b0c40d3f9b0b5a3fc040948
SHA1 2e16c926f11ed5faae22d9af5d935748c57ec1f8
SHA256 7493f645bb04092aee30a47a681494251c79a38a941c9a3d2dee4293a265f428
SHA512 7653a0a46e3eb9331e92a09937754302f939100adbfb283242c25bf0f73f8508d6f7e9d5aa08dbbefdd14bf682ad7d0d77f4999b3274d329d281e22934c445ea

C:\Program Files\ReasonLabs\EPP\rsEngine.config

MD5 0195b6f2d3e0f5a4947f353e48e15d8c
SHA1 f29fb502b68a486ffee0c55ed343c15e5110e6f9
SHA256 52b9ff10c412162ce0ac5ece6cd56b1164c209af1ad8b3b8e334149ed6e4ea56
SHA512 65ba63d1645a1c507c2a8c4728df0f1f660f3574333925386f1b5b07f11e4e894d8404767a478a384d6a5910915ff040698c6c761047a4ce53a9fabd2d788bef

memory/6480-6929-0x000001D31EE70000-0x000001D31EE9E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsr67DB.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\ff458776\832a2286_f8b1da01\rsServiceController.DLL

MD5 8dcd92de516608670f57193d74824a3b
SHA1 c67c347dfa47c2db1628fab8bf9906c353f33dd9
SHA256 96db49db4dd12b9f86144fedf83ac7dc12d855c5d7e3c863fd5b1696966ac345
SHA512 e5fde81ae57e68df69fc7695b9e16d8c7d188a30a4d68ffb682a3dcfedf2c028874145815aad2f957a02b0ead6ad8f1442635dfa580339816110e7b1cdbc0c0e

C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys

MD5 8129c96d6ebdaebbe771ee034555bf8f
SHA1 9b41fb541a273086d3eef0ba4149f88022efbaff
SHA256 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51
SHA512 ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

memory/9672-7001-0x0000025A97970000-0x0000025A9799E000-memory.dmp

memory/9672-7006-0x0000025A97970000-0x0000025A9799E000-memory.dmp

memory/9672-7019-0x0000025A97D80000-0x0000025A97D92000-memory.dmp

memory/9672-7020-0x0000025A996E0000-0x0000025A9971C000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 43fbbd79c6a85b1dfb782c199ff1f0e7
SHA1 cad46a3de56cd064e32b79c07ced5abec6bc1543
SHA256 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0
SHA512 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

memory/10052-7053-0x0000026CDD5B0000-0x0000026CDD916000-memory.dmp

memory/10052-7056-0x0000026CDD420000-0x0000026CDD59C000-memory.dmp

memory/10052-7058-0x0000026CC49A0000-0x0000026CC49C2000-memory.dmp

memory/10052-7057-0x0000026CC4950000-0x0000026CC496A000-memory.dmp

memory/3296-7062-0x00000229A6E30000-0x00000229A6E8C000-memory.dmp

memory/3296-7063-0x00000229A72E0000-0x00000229A7338000-memory.dmp

memory/3296-7067-0x00000229A72B0000-0x00000229A72D8000-memory.dmp

memory/3296-7071-0x00000229A6E30000-0x00000229A6E8C000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 2afb72ff4eb694325bc55e2b0b2d5592
SHA1 ba1d4f70eaa44ce0e1856b9b43487279286f76c9
SHA256 41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e
SHA512 5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e

memory/3296-7081-0x00000229A7390000-0x00000229A73C2000-memory.dmp

memory/3296-7084-0x00000229C1C60000-0x00000229C2278000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 705ace5df076489bde34bd8f44c09901
SHA1 b867f35786f09405c324b6bf692e479ffecdfa9c
SHA256 f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950
SHA512 1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7

memory/3296-7114-0x00000229C2280000-0x00000229C24DC000-memory.dmp

memory/8684-7141-0x0000018FF4CA0000-0x0000018FF4CD0000-memory.dmp

memory/8684-7263-0x0000018FF4D30000-0x0000018FF4D8C000-memory.dmp

memory/8260-7264-0x0000014D2C680000-0x0000014D2C6A8000-memory.dmp

memory/8684-7267-0x0000018FF4D90000-0x0000018FF4DC8000-memory.dmp

memory/8260-7268-0x0000014D46D50000-0x0000014D46EE4000-memory.dmp

memory/8684-7269-0x0000018FF4DD0000-0x0000018FF4E02000-memory.dmp

memory/8684-7270-0x0000018FF54A0000-0x0000018FF5524000-memory.dmp

memory/8684-7273-0x0000018FF4CD0000-0x0000018FF4CF6000-memory.dmp

memory/8260-7274-0x0000014D2C680000-0x0000014D2C6A8000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 1068bade1997666697dc1bd5b3481755
SHA1 4e530b9b09d01240d6800714640f45f8ec87a343
SHA256 3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51
SHA512 35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329

memory/8684-7287-0x0000018FF4D00000-0x0000018FF4D26000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState

MD5 362ce475f5d1e84641bad999c16727a0
SHA1 6b613c73acb58d259c6379bd820cca6f785cc812
SHA256 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899
SHA512 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

memory/8684-7303-0x0000018FF4E50000-0x0000018FF4E84000-memory.dmp

memory/856-7306-0x000001E8EB170000-0x000001E8EB460000-memory.dmp

memory/856-7307-0x000001E8D21D0000-0x000001E8D21FE000-memory.dmp

memory/8684-7308-0x0000018FF4EE0000-0x0000018FF4F0E000-memory.dmp

memory/8684-7337-0x0000018FF5530000-0x0000018FF558E000-memory.dmp

memory/856-7338-0x000001E8EA8D0000-0x000001E8EA908000-memory.dmp

memory/8684-7339-0x0000018FF59F0000-0x0000018FF5D59000-memory.dmp

memory/8684-7342-0x0000018FF4F10000-0x0000018FF4F5F000-memory.dmp

memory/8684-7345-0x0000018FF5FF0000-0x0000018FF6276000-memory.dmp

memory/8684-7440-0x0000018FF5600000-0x0000018FF5666000-memory.dmp

memory/8684-7443-0x0000018FF5670000-0x0000018FF56AA000-memory.dmp

memory/8684-7444-0x0000018FF43A0000-0x0000018FF43C6000-memory.dmp

memory/8684-7446-0x0000018FF55C0000-0x0000018FF55E8000-memory.dmp

memory/856-7445-0x000001E8EACF0000-0x000001E8EAD4E000-memory.dmp

memory/856-7449-0x000001E8EB140000-0x000001E8EB156000-memory.dmp

memory/8684-7450-0x0000018FF5730000-0x0000018FF575C000-memory.dmp

memory/856-7451-0x000001E8EB0E0000-0x000001E8EB0EA000-memory.dmp

memory/8684-7454-0x0000018FF5DD0000-0x0000018FF5E36000-memory.dmp

memory/856-7456-0x000001E8EC2F0000-0x000001E8EC2FA000-memory.dmp

memory/856-7455-0x000001E8EC2E0000-0x000001E8EC2E8000-memory.dmp

memory/8684-7461-0x0000018FF78B0000-0x0000018FF7E54000-memory.dmp

memory/856-7462-0x000001E8EC420000-0x000001E8EC470000-memory.dmp

memory/856-7463-0x000001E8EC680000-0x000001E8EC6A2000-memory.dmp

memory/856-7480-0x000001E8EDA40000-0x000001E8EDA48000-memory.dmp

C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp

MD5 d13bddae18c3ee69e044ccf845e92116
SHA1 31129f1e8074a4259f38641d4f74f02ca980ec60
SHA256 1fac07374505f68520aa60852e3a3a656449fceacb7476df7414c73f394ad9e0
SHA512 70b2b752c2a61dcf52f0aadcd0ab0fdf4d06dc140aee6520a8c9d428379deb9fdcc101140c37029d2bac65a6cfcf5ed4216db45e4a162acbc7c8c8b666cd15dd

C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp

MD5 10a8f2f82452e5aaf2484d7230ec5758
SHA1 1bf814ddace7c3915547c2085f14e361bbd91959
SHA256 97bffb5fc024494f5b4ad1e50fdb8fad37559c05e5d177107895de0a1741b50b
SHA512 6df8953699e8f5ccff900074fd302d5eb7cad9a55d257ac1ef2cb3b60ba1c54afe74aee62dc4b06b3f6edf14617c2d236749357c5e80c5a13d4f9afcb4efa097

C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp

MD5 afb68bc4ae0b7040878a0b0c2a5177de
SHA1 ed4cac2f19b504a8fe27ad05805dd03aa552654e
SHA256 76e6f11076cc48eb453abbdbd616c1c46f280d2b4c521c906adf12bb3129067b
SHA512 ebc4c1f2da977d359791859495f9e37b05491e47d39e88a001cb6f2b7b1836b1470b6904c026142c2b1b4fe835560017641d6810a7e8a5c89766e55dd26e8c43

C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp

MD5 f371cf8dbadd17e03393aa21f3963401
SHA1 8b7a906b5d6ab57a3bf7b32401a286e812327813
SHA256 287e1aed9f449999e9852477960f8b67b2b77869463e1baabe63bec75142130a
SHA512 d910f4d48f4f34c0d9a68a89fc846e9c776081975c8d0bb14478c7978d8be43e4e2666f957deca1ea411032d08b9b2bed19849fe284e4a2ef91806c730cc570a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 ff6923046e94a2a5a069b5df1cee5df6
SHA1 92e0ee2a3c89286729d863588604892831420799
SHA256 a23b2ea6a0a963bb4361cdf0c2ecae8f8b816fe5f8fe37e0ba60a66b84db7e24
SHA512 28e547b0670cd8aca5fc44ed148cb3b95e9d6a056bb51ec7017a518ce10971025902560fe23015aba21c253cb3b477ae4f7a5f2c53b93874901665f65c5c56b7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

MD5 324e7726c79cec31fa7a36018ab9c373
SHA1 27ebdcbe6275ea4362f69fcb2069ed57c8c4127f
SHA256 fd038e8224724847f48bd3bf557eae1d0a210b381a423b3ea9ccecc6fe0eee70
SHA512 5e642456910d2bcc29ab16523d6a68603ef438f3ccbf6479d28bb32bffc295b06dd2dd5ba6f5871db2a25486ad2db5ea501b552db5270272f8d381dc5001f1f7

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Cache\Cache_Data\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\Cache\Cache_Data\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 6de0ef4a83aadebe5d7e07a64fc9d220
SHA1 f2162f30992ced0b882bfced0477ebf62b7ce186
SHA256 b7c4de833b0e2689724414802fbdda35d7cc1c4529eb95282fd0ffd175119008
SHA512 eebe007e0ece66c08138720bb46864470826a6b49a8edb1fd1593c4efade4bbf32c764d205383ef4745a738a1242f92e4c396abeb56e6ff9e785977ce8f646da

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State

MD5 12ad4d32fb84e78156024138fa34276e
SHA1 bae5f5284d323eeccf362b60775d8e6d57365aa5
SHA256 a61e4752420668430940f9e66da1410ebd49e62c1ee25fcd3a1c7a5c4cba92ec
SHA512 47829ca57f1e4ab3c818a800dfc3106e5589d64db7ddcfdd27e5880f0efb6391fab61e62265ed6645cb69abb94ae471bb79bc50fc11e28138ce5845cc3e29fe4

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\Network\Network Persistent State

MD5 4215ab3cc51403d35878d5d3d0200155
SHA1 d1b1d101d700924710b868d38d4595d101894c6e
SHA256 3e4f3fab78e1806b25ea069cea5fa80696cc337ec64d007e3f698c51f99c3c3a
SHA512 754922b1e2dd288f66ef51c4fe97085bc84fbdee708ced1a5af886f93b7ec791e4aac7bb288f696452216c87c2e25c579d77b4878a8e1da615d4366dc1cfbbba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json

MD5 44739069216fda4257fbbb3298b133a4
SHA1 ad5154586f6fc64b83d128b304949c9325324cf8
SHA256 f3db9129edd97d556ceab1f680c8c1c3af90c09cad9fa7eaa8cfc13a79c5ef82
SHA512 9031a78c493be76b17fe1ce208b502bbfb3d5771a53e7db02f0cc83051a40afc8f4d5b4f23cd7a71b316b83f5c69b3ffe25d89d846d6ee046b26a6cbaeb96be5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\xulstore.json

MD5 1995825c748914809df775643764920f
SHA1 55c55d77bb712d2d831996344f0a1b3e0b7ff98a
SHA256 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776
SHA512 c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 fb4131d45cbb73284084818c018893e9
SHA1 f1a5d173c8f3f64821bb724beb343c79c19f6eec
SHA256 71149e06b72c54276af2fada24224199e532fc71bc7bafa6c574886819aba8d3
SHA512 bf48976190e2076e53b3590d050b6fa22a2ac62a027c27189acc4239ce691f4734886a1ab494179dd5ac94fb9f1727cebaaf11b68037c68aeee8e957d965f9d9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\9F8F8DB2246C00D85B831E2775CA309ED7937C50

MD5 438043f1df3377f756234d939f0913d2
SHA1 0ceecdab16793ee7b9c9fa03bda39f121fa493df
SHA256 c26a59148ae38d53fddd3b509e415902402bedad3c3c18cd42237a6f652a9e6b
SHA512 17812048948cb86d7737410d94836efb81a1dcb919c6d2a5ca3169b119aac1d249db63c1cf43f9a95bb1cbba324395f7ac267d08954e888cfb77378cfe0f6ec5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\EF6560B4857D423B7C15114860B084E67FBE7AA7

MD5 d3d066ba995fc83ec1a9ee475bfa2300
SHA1 7ff63f8485bd3af3da8d186d6bf45dc7a3a16142
SHA256 bdb76957ce46b7058746f246fa0c67aea9c023cda452328d742a2dac248d302d
SHA512 856d94438e96891516467f6edf64a9fd41d4ce598c22e26fefe03ee581406938a35793a3283bc97d1de60eb4513fd238409f534c87bd6c2fa5c8c8cda0cd1c0e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\D0468C893B0603CFC144312DB46482D97CCE0515

MD5 5de59e87d123b865e618f90d699771b4
SHA1 e9185836435b2c2795e246bc6bc24938bcbc6838
SHA256 621a04e0a66ad4516ed37a0a0dc5634dcc76d54de2341487ede22504ba6a74eb
SHA512 c2bd2e2a10e6bed91ea6d2ae824ae97c483c1b538876e9bdffcbfacab1871990d896e70bf8dd4948b29b9d10a45157677e5e5f51c61546c079e6e3e2db86923b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\D01F94DC4857855E8681C7079CF3C122BAAD37E2

MD5 24302ecdc969f310c4cce2b0ec9d4123
SHA1 f91e39ccd2198c292b7156137fda7fca44262e7d
SHA256 32d935396cf0fa8de765981b3adca8e8a1b2d761770557029f1f9a143eecde24
SHA512 080e9eeee96a2ff1a5a61536e5daecf412f8a6c2bdf945879631edbbd352cb6863beb069f3dd458f10961275c2fd8b4c4d0a4a55bf1e04f4a6338113b0c0da7d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\590B8055D6A02BD712A4E598C34082CD68D63EE7

MD5 7ec84e840ffad11e0b33668acd82fa96
SHA1 fe5ba3ba5c809c79d8d4d29c2284f930b9816b3c
SHA256 e387f5c740279c5dc8d55f82a50aadd0e5a7978805a01014b6f89291ae4918c5
SHA512 417feb7d9ac285435cd2153d3fb3a1641b6dd2db3a3db464b952ae23b784fb1166c9e13cb5752b51ec73608a37596319f9946f0886caa11ec042695ffbe8af31

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\4CAAB614F4BF110AA90E4272D141CE581D3955FD

MD5 92c8086ae2735fe511ecfa8496de001e
SHA1 e8a42c73f4fabd43ac76dec9e14a59846c9364d4
SHA256 a3f4c6fecc338fa274a583bc0f9111910531a97816d95a1dce96979c5bb254af
SHA512 82c5360d8cb16899b39f906325b66b810d1d115c3d860aeafdd99bff45a968518b78535de7ac4765af8679209b2f92952115ca3da119c6a7f283e68270a5499f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\512C6437AD4CD5E6AD6E060EF5A5113B5A6BD744

MD5 320017259b877f2f0d52d274f2e6480e
SHA1 b45e33128f2196679a6f0a844c5688fb3146bdec
SHA256 0b628462aae93b3911de020df833c004466ebbf182250fd0c45f9271083726bc
SHA512 9a88f6f6d65f2129269de211e73d48018d169b0e5d3f28a01ce4d9207eb0738b582a174aac60bde0f65e1e69fb0f37f8c57a07993c7f32fb723f4b1615acbad2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\542D5692126C5CC59A3E63D9C2545D13C3D3EF8F

MD5 269dea20d4b5396175c61d509192f345
SHA1 8d94dd8212091f59af79e728e2ee49629b6ab74c
SHA256 4369b8656b6091e0866acdadf13ede79432bf9d2da8050f81d51d5798ffc178e
SHA512 0f418ea22472fb5b309a876de90b684339318bfc95f542a50b8acd9f9be85ace71b2b4916324b685646d532418149275d6c7b8777b5f4be6c0bb0b952f88999d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\761C5C376437E1174E43BE9FBD1CBC3695162BDA

MD5 37698e6a1dd653ddc68724bad1ef7feb
SHA1 191b53cc784fcbc2c4ea77c5d247cea6d60d1178
SHA256 170d5590d1e13b7b22f77bc92a4ad2ffbc00a01932fa2327c121be791413b1ab
SHA512 d08661f6a721b9e1467d9352107bff84153ea02e68c58693941c740ea77b873666ee482b449336a50ebe2fd80b34def93c9c5002b8b88776d8b5baff2df84006

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\014D0EB0FD3DE5AB06019A49C7BB881050878058

MD5 b564de0cf89e60658dac4e04affe5358
SHA1 c146f84b7cb08aa96850f9691d1da96ab0e70344
SHA256 3d56ff90e644b041fead46a7ec5f0598c72cfd7c3108de0913a83adfdc23b244
SHA512 70597d0f67f825ab0b1cc58f808da191cac8936768043621283a311e0e488b79bcabc209857e6de7e04bd94ed215f4020b97321144b3a61ed085c86c9bbeceba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\BAF298E0BDCA5F2C51AF3C035FD10D6E3A4C05B2

MD5 e7fdd5968e86679b948b56e62583ea15
SHA1 e894a15280d29a058963dae5842ff06085c86b22
SHA256 35eb072a0840f109961287585928b6591c6a975e5db29aa85050c248c8a7745d
SHA512 ba277a5f41d31f57e77180317374721f2677b2a1d7141bef6e5e1d51e6808cdaf3d2c4d6fdb62e8f11277b9cf3a8ceca10d3753382e29e40182c7f08c8db8b73

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\C9F98CA3034856DB6EC4C1AF8B004AEB89991D63

MD5 8ce1dd56252ef3688b10e78e4599eeaf
SHA1 aac173ab8a3c8df152abcb422b6fb2cbdad39013
SHA256 bc7352e790d7a7480fdf6217750c23ea0505ece26feaf5a105abab88dc4f42f4
SHA512 6f7664f152786607fe998b12bedb5954cf0ef29ce6513d584977bce18a594ad150bfc2c1bda0e568f03d3fda0a289600f0eaa923dbc2f41997681da1d5dd3efd