Analysis Overview
SHA256
ec32183425f582f636d59a00571e501ad3161340409a73731dc32b956a890a94
Threat Level: Likely malicious
The file . was found to be: Likely malicious.
Malicious Activity Summary
Manipulates Digital Signatures
Creates new service(s)
Possible privilege escalation attempt
Drops file in Drivers directory
Downloads MZ/PE file
Modifies file permissions
Registers COM server for autorun
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Adds Run key to start application
Enumerates connected drives
Checks for any installed AV software in registry
Writes to the Master Boot Record (MBR)
Drops file in System32 directory
Drops file in Windows directory
Launches sc.exe
Drops file in Program Files directory
Enumerates physical storage devices
Modifies registry class
Suspicious use of WriteProcessMemory
Kills process with taskkill
Modifies data under HKEY_USERS
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: LoadsDriver
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Runs net.exe
Checks processor information in registry
Modifies system certificate store
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-30 23:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 23:38
Reported
2024-05-30 23:47
Platform
win11-20240426-en
Max time kernel
540s
Max time network
540s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\rsCamFilter020502.sys | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsKernelEngine.sys | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2223\FuncName = "WVTAsn1CatMemberInfo2Decode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.2\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2221\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainFinalProv" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\DownloadScan.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\rundll32.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\ajD7E7.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\ajD7E7.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\ajD7E7.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\externalutilityfunction.luc | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-woman.png | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\dimensionhandler.luc | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XPath.dll | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxStub.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nl-NL.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\webboost_upsell.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\wssatpassisttoast.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\version | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File opened for modification | C:\Program Files\McAfee\Webadvisor\Analytics\event_handler.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Text.Encoding.Extensions.dll | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp64103533\resourcedll.cab | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp64103533\jslang\wa-res-shared-en-US.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-tr-TR.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pt-PT.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util_selector.luc | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-av-report.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-PT.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsseuladate.luc | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-hr-HR.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\events\sendonping.luc | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\da.pak | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\transport_eng_observability.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsHelper.exe | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-namedpipe-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-CN.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-tr-TR.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-hu-HU.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SUPInstall.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Security.AccessControl.dll | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\core\postinit.luc | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\json2.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libeay32.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.dll | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Detections.dll | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-PT.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsFrame.dll | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fr-FR.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-it-IT.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nl-NL.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\firefoxversion.luc | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sw.pak | C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp64103533\mfw.cab | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp64103533\jslang\eula-en-US.txt | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wb-rocket-icon.png | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fi-FI.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fi-FI.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-PT.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-logo.png | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.css | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-da-DK.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sk-SK.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-h.css | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sr-Latn-CS.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l2-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sk-SK.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-dwtoast.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-FR.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-dialog.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES12Translator.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-controller-mwb-checklist.js | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\telemetryversion.luc | C:\Program Files\McAfee\Temp64103533\installer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\D174FB31-6C5B-4C1A-AC2F-5D0F77AEFEFC\dismhost.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\ajD7E7.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\ajD7E7.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\ = "IStorageControllerChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4022-DC80-5535-6FB116815604}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient.1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-486E-472F-481B-969746AF2480}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\ = "INATRedirectEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6989-4002-80CF-3607F377D40C} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-659C-488B-835C-4ECA7AE71C6C}\ = "ISerialPortChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5FDC-4ABA-AFF5-6A39BBD7C38B}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CF37-453B-9289-3B0F521CAF27}\NumMethods\ = "13" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0547-448E-BC7C-94E9E173BF57}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7193-426C-A41F-522E8F537FA0}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C6FA-430E-6020-6A505D086387}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E5DB-4D2C-BAAA-C71053A6236D}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4974-A19C-4DC6-CC98C2269626}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-04D0-4DB6-8D66-DC2F033120E1}\NumMethods\ = "13" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057d-4391-b928-f14b06b710c5} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7}\ = "IBIOSSettings" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient.1\CLSID | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C60-11EA-A0EA-07EB0D1C4EAD}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\NumMethods\ = "15" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\ = "IMediumFormat" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\NumMethods\ = "18" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00C2-4484-0077-C057003D9C90}\NumMethods\ = "32" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\ = "ICloudProfile" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A2-41AF-A05F-D7C661ABAEBE}\NumMethods\ = "30" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-929C-40E8-BF16-FEA557CD8E7E} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\NumMethods\ = "13" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ = "IRecordingChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ = "IMediumRegisteredEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-808E-11E9-B773-133D9330F849}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-aa82-4720-bc84-bd097b2b13b8} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9849-4f47-813e-24a75dc85615} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0002-4B81-0077-1DCB004571BA} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C9D6-4742-957C-A6FD52E8C4AE} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0002-4B81-0077-1DCB004571BA}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3534-4239-B2DE-8E1535D94C0B}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1EC6-4883-801D-77F56CFD0103}\ = "INetworkAdapterChangedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AE84-4B8E-B0F3-5C20C35CAAC9}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC19-43FA-8EBF-BAECB6B9EC87}\NumMethods\ = "6" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\SpytrixSkinSwapper.rar:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\fltmc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ajD7E7.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb1c9cab58,0x7ffb1c9cab68,0x7ffb1c9cab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2080 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4556 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4356 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4304 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4056 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3080 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4668 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5068 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1564 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4880 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1772 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4456 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3168 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4912 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5384 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5348 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5344 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5340 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5700 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5688 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6304 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6452 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6464 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6800 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6928 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6760 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7260 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6340 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7484 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7792 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5172 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5184 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7752 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8140 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8328 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8452 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8596 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8732 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8736 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9064 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7844 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7472 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8900 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8544 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5024 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7824 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8752 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8828 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9212 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6328 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9256 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7904 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=9492 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9672 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9824 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=9324 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=8804 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8828 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9292 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8724 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=8148 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9380 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9356 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=10056 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=10072 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=10388 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=10516 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=10232 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=8456 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=7224 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=10516 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=8432 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=8576 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=7868 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=11156 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=9456 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=9228 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=8488 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=5688 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=8148 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=9692 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=9464 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=6348 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=10176 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=6748 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=7948 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=8004 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=7788 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=7760 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=9604 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=9308 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=5560 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=4148 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=4336 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=4772 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=7612 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=8048 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=8300 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=7088 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=7504 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=6400 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=6484 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=9240 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=7692 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=9444 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=7196 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=5984 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=10132 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=6904 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=6648 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --mojo-platform-channel-handle=6568 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=9684 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=6164 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=5004 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8276 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8312 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9972 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11016 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --mojo-platform-channel-handle=7324 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --mojo-platform-channel-handle=7564 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --mojo-platform-channel-handle=9840 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --mojo-platform-channel-handle=6500 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --mojo-platform-channel-handle=6492 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11180 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9024 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5240 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5156 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --mojo-platform-channel-handle=8116 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --mojo-platform-channel-handle=9648 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --mojo-platform-channel-handle=4120 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=91e515b9e3255f51801acae6eab2816b2de87b34&dit=20240530234363622&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
F:\LDPlayer\LDPlayer9\LDPlayer.exe
"F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="F:\LDPlayer\LDPlayer9\"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --mojo-platform-channel-handle=5208 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\pr1apmfv.exe
"C:\Users\Admin\AppData\Local\Temp\pr1apmfv.exe" /silent
C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe
"C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\pr1apmfv.exe" /silent
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Program Files\McAfee\Temp64103533\installer.exe
"C:\Program Files\McAfee\Temp64103533\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
F:\LDPlayer\LDPlayer9\dnrepairer.exe
"F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=327746
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Windows\SysWOW64\icacls.exe
"icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\D174FB31-6C5B-4C1A-AC2F-5D0F77AEFEFC\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\D174FB31-6C5B-4C1A-AC2F-5D0F77AEFEFC\dismhost.exe {5D1C9294-BD6A-4284-ADA2-3C74DA70AAA5}
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --mojo-platform-channel-handle=8520 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
F:\LDPlayer\LDPlayer9\driverconfig.exe
"F:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
F:\LDPlayer\LDPlayer9\dnplayer.exe
"F:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=Fortnite|package=Fortnite
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004F0
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Users\Admin\Downloads\avg_secure_browser_setup.exe
"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"
C:\Users\Admin\AppData\Local\Temp\ajD7E7.exe
"C:\Users\Admin\AppData\Local\Temp\ajD7E7.exe" /relaunch=8 /was_elevated=1 /tagdata
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --mojo-platform-channel-handle=7288 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --mojo-platform-channel-handle=6960 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --mojo-platform-channel-handle=6428 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --mojo-platform-channel-handle=10932 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11072 --field-trial-handle=1820,i,92995783326915527,14691329966630227245,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| AU | 142.250.67.3:443 | id.google.com | tcp |
| AU | 142.250.67.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 151.101.1.91:443 | fortnite.en.softonic.com | tcp |
| US | 151.101.1.91:443 | fortnite.en.softonic.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 151.101.1.91:443 | fortnite.en.softonic.com | tcp |
| US | 151.101.1.91:443 | fortnite.en.softonic.com | tcp |
| US | 151.101.1.91:443 | fortnite.en.softonic.com | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| NL | 18.239.50.119:443 | sdk.privacy-center.org | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 151.101.1.91:443 | fortnite.en.softonic.com | udp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | fortnite.en.softonic.com | udp |
| NL | 18.239.70.203:443 | c.amazon-adsystem.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | 203.70.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| NL | 18.239.50.119:443 | sdk.privacy-center.org | udp |
| NL | 18.239.48.211:443 | www.datadoghq-browser-agent.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| NL | 18.239.70.203:443 | c.amazon-adsystem.com | tcp |
| NL | 18.238.243.122:443 | config.aps.amazon-adsystem.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| GB | 172.217.169.59:443 | storage.googleapis.com | tcp |
| NL | 18.239.83.61:443 | api.privacy-center.org | tcp |
| NL | 18.239.83.61:443 | api.privacy-center.org | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.197.45.139.in-addr.arpa | udp |
| NL | 52.111.243.31:443 | tcp | |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| IE | 54.78.77.149:443 | ap.lijit.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| NL | 18.239.68.199:443 | aax.amazon-adsystem.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| IE | 52.210.157.137:443 | ad.360yield.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 104.26.2.63:443 | wct.softonic.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 172.217.169.65:443 | 23045bfa25a7d2efc35eaef6c4815f3a.safeframe.googlesyndication.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.206:443 | ampcid.google.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 63.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.157.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.68.239.18.in-addr.arpa | udp |
| US | 104.26.2.63:443 | wct.softonic.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | tcp |
| IE | 99.80.73.249:443 | rtb.gumgum.com | tcp |
| IE | 99.80.73.249:443 | rtb.gumgum.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 108.128.36.135:443 | ice.360yield.com | tcp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| IE | 52.17.69.168:443 | ce.lijit.com | tcp |
| NL | 35.214.185.183:443 | csync.loopme.me | tcp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| SE | 104.73.92.185:443 | acdn.adnxs.com | tcp |
| DE | 168.119.146.39:443 | sync.richaudience.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| BE | 23.55.96.24:443 | contextual.media.net | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| NL | 18.239.50.107:443 | api-2-0.spot.im | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| IE | 34.255.48.153:443 | match.prod.bidr.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 52.86.219.200:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 54.167.137.47:443 | sync.srv.stackadapt.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| SE | 184.31.15.24:443 | player.aniview.com | tcp |
| FR | 91.134.110.132:443 | ssbsync.smartadserver.com | tcp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| IE | 52.50.65.213:443 | jadserve.postrelease.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| IE | 34.255.48.153:443 | match.prod.bidr.io | tcp |
| NL | 35.214.185.183:443 | csync.loopme.me | tcp |
| US | 54.167.137.47:443 | sync.srv.stackadapt.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | tcp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.48.255.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.219.86.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.137.167.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.92.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.110.134.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.65.50.52.in-addr.arpa | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| DE | 18.197.197.216:443 | match.sharethrough.com | tcp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | tcp |
| NL | 89.207.16.140:443 | casale-match.dotomi.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| DK | 37.157.5.133:443 | c1.adform.net | tcp |
| IE | 67.220.228.201:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 18.203.142.104:443 | pm.w55c.net | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | udp |
| SE | 104.73.92.22:443 | cs.media.net | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | udp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| IE | 54.246.18.125:443 | pr-bh.ybp.yahoo.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| IE | 34.250.113.16:443 | sync.crwdcntrl.net | tcp |
| US | 104.22.51.98:443 | mwzeom.zeotap.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| SE | 104.73.92.22:443 | cs.media.net | tcp |
| SE | 104.73.92.22:443 | cs.media.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 64.158.223.140:443 | medianet-match.dotomi.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| BE | 23.55.96.24:443 | contextual.media.net | udp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| FR | 51.178.195.217:443 | rtb-csync.smartadserver.com | tcp |
| FR | 51.178.195.217:443 | rtb-csync.smartadserver.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| FR | 51.178.195.217:443 | rtb-csync.smartadserver.com | tcp |
| DE | 116.202.167.155:443 | inv-nets.admixer.net | tcp |
| FR | 51.178.195.217:443 | rtb-csync.smartadserver.com | tcp |
| BE | 23.55.98.169:443 | eus.rubiconproject.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| FR | 51.178.195.217:443 | rtb-csync.smartadserver.com | tcp |
| DE | 116.202.167.155:443 | inv-nets.admixer.net | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.92.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.51.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.158.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.18.246.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.113.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.167.202.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| US | 216.239.38.181:443 | analytics.google.com | udp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| SE | 184.31.15.41:443 | cdn-download.avgbrowser.com | tcp |
| SE | 184.31.15.41:443 | cdn-download.avgbrowser.com | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| NL | 35.214.174.141:443 | a.sportradarserving.com | tcp |
| NL | 35.214.174.141:443 | a.sportradarserving.com | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| FR | 141.94.170.64:443 | pixel.onaudience.com | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 63.215.202.172:443 | pubmatic-match.dotomi.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 35.214.185.183:443 | csync.loopme.me | tcp |
| SE | 213.155.156.185:443 | d5p.de17a.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| FR | 141.95.171.139:443 | green.erne.co | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| IE | 54.217.19.5:443 | cm.adgrx.com | tcp |
| US | 104.18.25.173:443 | a.tribalfusion.com | tcp |
| NL | 64.227.64.62:443 | match.adsby.bidtheatre.com | tcp |
| FR | 141.94.171.214:443 | pixel.onaudience.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 172.64.149.23:80 | crt.sectigo.com | tcp |
| US | 104.18.38.233:80 | crt.sectigo.com | tcp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 172.64.151.101:443 | dsum.casalemedia.com | udp |
| IE | 52.213.95.172:443 | ad.360yield.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| GB | 142.250.178.14:443 | google.com | udp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| IE | 99.80.73.249:443 | rtb.gumgum.com | tcp |
| FR | 91.134.110.132:443 | ssbsync.smartadserver.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| IE | 54.76.246.110:443 | ce.lijit.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 54.167.137.47:443 | sync.srv.stackadapt.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | udp |
| US | 54.147.46.253:443 | sync.ipredictive.com | tcp |
| US | 38.91.45.7:443 | match.deepintent.com | tcp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| JP | 211.120.53.206:443 | tg.socdm.com | tcp |
| JP | 211.120.53.206:443 | tg.socdm.com | tcp |
| IE | 67.220.228.201:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 67.220.228.201:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 34.255.48.153:443 | match.prod.bidr.io | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 69.173.146.5:443 | pixel-us-east.rubiconproject.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| BE | 35.210.53.219:443 | pool.admedo.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| BE | 35.210.53.219:443 | pool.admedo.com | udp |
| US | 35.215.90.198:443 | e2c52.gcp.gvt2.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | udp |
| US | 216.239.38.181:443 | analytics.google.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 199.232.209.91:443 | softonic.com | udp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 18.239.50.119:443 | sdk.privacy-center.org | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| US | 172.64.151.101:443 | dsum.casalemedia.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 151.101.1.91:443 | en.softonic.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| IE | 52.50.65.213:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 52.7.86.231:443 | sync.srv.stackadapt.com | tcp |
| US | 3.86.126.94:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| IE | 34.241.112.102:443 | match.prod.bidr.io | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| FR | 91.134.110.132:443 | ssbsync.smartadserver.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| IE | 34.241.112.102:443 | match.prod.bidr.io | tcp |
| FR | 51.178.195.217:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.89:443 | sync.smartadserver.com | tcp |
| NL | 18.239.94.105:443 | s.ad.smaato.net | tcp |
| FR | 51.178.195.217:443 | rtb-csync.smartadserver.com | tcp |
| FR | 51.178.195.217:443 | rtb-csync.smartadserver.com | tcp |
| US | 104.18.25.173:443 | a.tribalfusion.com | udp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 236.72.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.112.241.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.86.7.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.126.86.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | inmobi-match.dotomi.com | udp |
| NL | 64.158.223.140:443 | inmobi-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | warp.media.net | udp |
| SE | 104.73.92.22:443 | warp.media.net | udp |
| SE | 184.31.15.123:443 | mnadshield-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| IE | 99.81.151.194:443 | ads.yieldmo.com | tcp |
| US | 8.8.8.8:53 | match.justpremium.com | udp |
| DE | 3.126.129.69:443 | match.justpremium.com | tcp |
| US | 8.8.8.8:53 | cs.lkqd.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| BE | 23.55.96.24:443 | contextual.media.net | udp |
| US | 8.8.8.8:53 | 194.151.81.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.129.126.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 18.197.7.178:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | udp |
| DE | 18.197.7.178:443 | rtb.mfadsrvr.com | tcp |
| DE | 18.197.7.178:443 | rtb.mfadsrvr.com | tcp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| GB | 142.250.200.3:443 | beacons2.gvt2.com | tcp |
| GB | 142.250.200.3:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| US | 163.181.154.232:443 | leap.ldplayer.gg | tcp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | 232.154.181.163.in-addr.arpa | udp |
| US | 163.181.154.234:443 | www.ldplayer.net | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | ac87ea2495bce26ca0991d3ae8a79648.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | b-code.liadm.com | udp |
| NL | 18.238.243.72:443 | b-code.liadm.com | tcp |
| US | 8.8.8.8:53 | 8876029.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | 12325200.fls.doubleclick.net | udp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 216.58.204.70:443 | 12325200.fls.doubleclick.net | udp |
| GB | 216.58.204.70:443 | 12325200.fls.doubleclick.net | udp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| NL | 18.239.50.126:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | img.utdstc.com | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| DE | 18.153.248.29:443 | ih.adscale.de | tcp |
| US | 151.101.3.52:443 | img.utdstc.com | tcp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| NL | 18.239.69.106:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 234.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.248.153.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.69.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| NL | 18.239.69.106:443 | cdn.ldplayer.net | udp |
| US | 151.101.3.52:443 | img.utdstc.com | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| NL | 18.239.18.74:443 | apien.ldplayer.net | tcp |
| SG | 8.222.229.130:443 | api.ldshop.gg | tcp |
| SG | 8.219.96.60:443 | invite.ldplayer.net | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| SG | 8.222.229.130:443 | api.ldshop.gg | tcp |
| SG | 8.219.96.60:443 | invite.ldplayer.net | tcp |
| NL | 18.239.18.74:443 | apien.ldplayer.net | udp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| NL | 18.239.83.57:443 | tagan.adlightning.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| NL | 18.239.18.12:443 | tags.crwdcntrl.net | tcp |
| US | 172.64.146.152:443 | cd.connatix.com | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 8.8.8.8:53 | 22.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.229.222.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.96.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.4.236.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | 57.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.161.49.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.146.64.172.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| IE | 63.33.74.9:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 63.215.202.178:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | cds.connatix.com | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 104.18.41.104:443 | cds.connatix.com | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.74.33.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 8.8.8.8:53 | prs.sftcdn.net | udp |
| US | 8.8.8.8:53 | ins.connatix.com | udp |
| US | 8.8.8.8:53 | vid.connatix.com | udp |
| US | 8.8.8.8:53 | articles-img.sftcdn.net | udp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| NL | 23.62.61.147:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.147:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.147:443 | articles-img.sftcdn.net | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| FR | 91.134.110.132:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 8.8.8.8:53 | rtb.adxpremium.services | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| DK | 37.157.6.237:443 | adx.adform.net | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| US | 104.18.41.104:443 | vid.connatix.com | udp |
| US | 8.8.8.8:53 | 178.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.140.106.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.51.243.77.in-addr.arpa | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| NL | 89.149.192.245:443 | ssbsync-global.smartadserver.com | tcp |
| US | 52.7.86.231:443 | sync.srv.stackadapt.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| IE | 54.246.18.125:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| FR | 51.178.195.217:443 | rtb-csync.smartadserver.com | tcp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| DK | 37.157.5.133:443 | cm.adform.net | tcp |
| IE | 63.32.81.13:443 | dpm.demdex.net | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| GB | 172.217.169.59:443 | storage.googleapis.com | udp |
| US | 52.116.53.150:443 | 8proof.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 35.190.0.66:443 | ads.travelaudience.com | tcp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| US | 8.8.8.8:53 | 66.0.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.53.116.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| US | 34.193.171.116:443 | pxl.iqm.com | tcp |
| DE | 3.120.79.213:443 | match.sharethrough.com | tcp |
| FR | 51.178.195.217:443 | rtb-csync.smartadserver.com | tcp |
| FR | 51.178.195.217:443 | rtb-csync.smartadserver.com | tcp |
| FR | 51.178.195.217:443 | rtb-csync.smartadserver.com | tcp |
| IE | 34.241.112.102:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | sync.serverbid.com | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 18.239.83.30:443 | sync.serverbid.com | tcp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| IE | 34.251.19.157:443 | pm.w55c.net | tcp |
| US | 8.8.8.8:53 | adxbid.info | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 8.8.8.8:53 | setupad-d.openx.net | udp |
| US | 8.8.8.8:53 | csync.smartadserver.com | udp |
| US | 172.67.138.13:443 | adxbid.info | tcp |
| BE | 2.17.107.219:443 | csync.smartadserver.com | tcp |
| NL | 145.40.97.67:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | aorta.clickagy.com | udp |
| US | 8.8.8.8:53 | 213.79.120.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.25.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.171.193.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.19.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.138.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ced-ns.sascdn.com | udp |
| BE | 2.17.107.219:443 | csync.smartadserver.com | tcp |
| US | 34.198.38.143:443 | aorta.clickagy.com | tcp |
| BE | 2.17.107.168:443 | ced-ns.sascdn.com | tcp |
| NL | 64.158.223.137:443 | openx2-match.dotomi.com | tcp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| NL | 35.214.185.183:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | a.audrte.com | udp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| IE | 99.80.216.30:443 | a.audrte.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ads.betweendigital.com | udp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| NL | 188.42.189.231:443 | ads.betweendigital.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| GB | 195.181.164.18:443 | vid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | ad4m.at | udp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| US | 8.8.8.8:53 | rtb.adentifi.com | udp |
| NL | 64.227.64.62:443 | match.adsby.bidtheatre.com | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 8.8.8.8:53 | dsp-ap.eskimi.com | udp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| DE | 57.129.18.109:443 | wt.rqtrk.eu | tcp |
| IE | 54.217.19.5:443 | cm.adgrx.com | tcp |
| US | 52.200.149.91:443 | rtb.adentifi.com | tcp |
| US | 172.67.74.129:443 | ad4m.at | tcp |
| US | 52.86.37.184:443 | sync.ipredictive.com | tcp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| NL | 188.42.63.48:443 | dsp-ap.eskimi.com | tcp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| NL | 147.75.84.158:443 | pb-am.a-mo.net | tcp |
| US | 8.8.8.8:53 | 168.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.105.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.38.198.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.216.80.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.189.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.18.129.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.63.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.200.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.37.86.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| GB | 216.58.213.2:443 | adclick.g.doubleclick.net | tcp |
| GB | 216.58.213.2:443 | adclick.g.doubleclick.net | tcp |
| GB | 195.181.164.18:443 | vpaid.vidoomy.com | tcp |
| US | 104.21.6.205:443 | get.searchsavvyhub.com | tcp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 104.18.41.104:443 | cks.connatix.com | udp |
| US | 104.18.41.104:443 | cks.connatix.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| NL | 35.214.185.183:443 | csync.loopme.me | tcp |
| US | 69.166.1.34:443 | sync.go.sonobi.com | tcp |
| DE | 18.197.7.178:443 | rtb.mfadsrvr.com | tcp |
| NL | 18.239.36.38:443 | live.primis.tech | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.36.239.18.in-addr.arpa | udp |
| FR | 154.54.250.80:443 | ads.stickyadstv.com | tcp |
| US | 172.67.135.66:443 | get.searchsavvyhub.com | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| GB | 172.217.169.59:443 | storage.googleapis.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.66.217:443 | js.sentry-cdn.com | tcp |
| DE | 157.90.33.121:443 | push-sdk.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 80.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.135.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.33.90.157.in-addr.arpa | udp |
| DE | 157.90.33.121:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 157.90.33.122:443 | uidsync.net | tcp |
| DE | 157.90.33.122:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 122.33.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 64.233.181.120:443 | csi.gstatic.com | tcp |
| US | 64.233.181.120:443 | csi.gstatic.com | tcp |
| US | 64.233.181.120:443 | csi.gstatic.com | tcp |
| US | 64.233.181.120:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 120.181.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.connatix.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | chromewebstore.google.com | udp |
| GB | 216.58.201.110:443 | chromewebstore.google.com | tcp |
| GB | 216.58.201.110:443 | chromewebstore.google.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | chromewebstore.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | scone-pa.clients6.google.com | udp |
| GB | 142.250.178.10:443 | scone-pa.clients6.google.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | ads.us.e-planning.net | udp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | amazon-tam-match.dotomi.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| NL | 89.207.16.140:443 | amazon-tam-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | trace-eu.mediago.io | udp |
| IE | 34.241.112.102:443 | match.prod.bidr.io | tcp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| GB | 172.217.169.66:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 4.178.3.193.in-addr.arpa | udp |
| NL | 89.207.16.140:443 | amazon-tam-match.dotomi.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| IE | 34.241.112.102:443 | match.prod.bidr.io | tcp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| NL | 185.89.210.153:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.226.233:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| US | 8.8.8.8:53 | odr.mookie1.com | udp |
| IE | 67.220.226.233:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 34.160.236.64:443 | odr.mookie1.com | tcp |
| US | 8.8.8.8:53 | s.e-planning.net | udp |
| US | 8.8.8.8:53 | cookies.nextmillmedia.com | udp |
| US | 172.64.151.101:443 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| NL | 193.3.178.2:443 | s.e-planning.net | tcp |
| US | 8.8.8.8:53 | u-ams03.e-planning.net | udp |
| US | 3.215.34.242:443 | cookies.nextmillmedia.com | tcp |
| NL | 193.3.178.3:443 | u-ams03.e-planning.net | tcp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| FR | 154.54.250.80:443 | ads.stickyadstv.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| NL | 193.3.178.3:443 | u-ams03.e-planning.net | tcp |
| US | 34.237.5.13:443 | i.liadm.com | tcp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.168.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.226.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.236.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dmp.adform.net | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | dmp.v.fwmrm.net | udp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| NL | 89.149.193.89:443 | sync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | aa.agkn.com | udp |
| US | 8.8.8.8:53 | beacon.krxd.net | udp |
| US | 8.8.8.8:53 | usermatch.krxd.net | udp |
| US | 8.8.8.8:53 | obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com | udp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| DE | 3.65.80.227:443 | aa.agkn.com | tcp |
| US | 3.144.50.141:443 | dmp.v.fwmrm.net | tcp |
| US | 54.205.48.203:443 | ssp.disqus.com | tcp |
| IE | 52.51.70.229:443 | obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com | tcp |
| GB | 142.250.200.34:443 | googleads4.g.doubleclick.net | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| GB | 18.134.84.26:443 | 1f2e7.v.fwmrm.net | tcp |
| US | 52.86.37.184:443 | sync.ipredictive.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 52.7.86.231:443 | sync.srv.stackadapt.com | tcp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 38.91.45.7:443 | match.deepintent.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| US | 52.7.86.231:443 | sync.srv.stackadapt.com | tcp |
| US | 64.74.236.159:443 | sync.outbrain.com | tcp |
| GB | 172.217.169.59:443 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | 141.50.144.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.84.134.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.70.51.52.in-addr.arpa | udp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| NL | 18.239.18.12:443 | tags.crwdcntrl.net | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | udp |
| IE | 63.33.5.228:443 | ice.360yield.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | e2c17.gcp.gvt2.com | udp |
| NL | 34.90.241.47:443 | e2c17.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.5.33.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.241.90.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.57.245.77.in-addr.arpa | udp |
| US | 216.239.38.181:443 | analytics.google.com | udp |
| NL | 18.239.69.106:443 | cdn.ldplayer.net | udp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| US | 163.181.154.233:443 | ldcdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | udp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.3:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| NL | 185.89.210.212:443 | ib.adnxs.com | tcp |
| IE | 52.209.247.91:443 | ice.360yield.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| GB | 142.250.200.34:443 | googleads4.g.doubleclick.net | udp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| NL | 18.239.82.190:443 | d3n1ms4uhtqgov.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| NL | 18.239.15.231:443 | d1arl2thrafelv.cloudfront.net | tcp |
| NL | 18.239.15.231:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 231.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e2c38.gcp.gvt2.com | udp |
| AU | 35.213.232.93:443 | e2c38.gcp.gvt2.com | tcp |
| AU | 35.213.232.93:443 | e2c38.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 93.232.213.35.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| NL | 18.239.69.5:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 97.136.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.46.239.18.in-addr.arpa | udp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.34:443 | googleads4.g.doubleclick.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.187.225:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.225:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.225:443 | cdn.ampproject.org | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 52.116.53.150:443 | 8proof.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 35.190.80.1:443 | udp | |
| GB | 142.250.200.3:443 | beacons2.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | appsilla.club | udp |
| US | 104.21.82.148:443 | appsilla.club | tcp |
| US | 8.8.8.8:53 | 148.82.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
| US | 104.21.82.148:443 | appsilla.club | udp |
| US | 8.8.8.8:53 | protagcdn.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.26.7.142:443 | protagcdn.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 142.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.cookiebot.com | udp |
| US | 104.26.7.142:443 | protagcdn.com | udp |
| US | 216.239.38.181:443 | analytics.google.com | udp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| BE | 88.221.83.185:443 | consent.cookiebot.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 185.83.221.88.in-addr.arpa | udp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | consentcdn.cookiebot.com | udp |
| BE | 104.68.64.217:443 | consentcdn.cookiebot.com | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 217.64.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | e91816841fb865ccea531658367694fa.safeframe.googlesyndication.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| IE | 34.255.230.248:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 248.230.255.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| NL | 18.239.15.49:443 | d1arl2thrafelv.cloudfront.net | tcp |
| NL | 18.239.36.94:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| NL | 18.239.36.94:443 | shield.reasonsecurity.com | tcp |
| US | 54.148.86.228:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 49.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| SE | 184.31.15.112:443 | sadownload.mcafee.com | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.reasonsecurity.com | udp |
| NL | 18.238.243.14:443 | update.reasonsecurity.com | tcp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | electron-shell.reasonsecurity.com | udp |
| NL | 18.239.94.80:443 | electron-shell.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 58.16.194.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.94.239.18.in-addr.arpa | udp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 216.58.213.6:443 | tcp | |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 146.48.219.8.in-addr.arpa | udp |
| SE | 184.31.15.112:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | home.mcafee.com | udp |
| BE | 104.68.84.174:443 | home.mcafee.com | tcp |
| US | 8.8.8.8:53 | 174.84.68.104.in-addr.arpa | udp |
| BE | 104.68.84.174:443 | home.mcafee.com | tcp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 54.148.86.228:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 54.148.86.228:443 | analytics.apis.mcafee.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| NL | 18.239.94.113:443 | cdn.reasonsecurity.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 113.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| SE | 184.31.15.48:443 | sadownload.mcafee.com | tcp |
| US | 54.148.86.228:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 48.15.31.184.in-addr.arpa | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 54.148.86.228:443 | analytics.apis.mcafee.com | tcp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| US | 34.194.16.58:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | sbsconnect.nyc.gov | udp |
| US | 23.97.10.232:443 | sbsconnect.nyc.gov | tcp |
| US | 23.97.10.232:443 | sbsconnect.nyc.gov | tcp |
| US | 8.8.8.8:53 | 232.10.97.23.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 23.97.10.232:443 | sbsconnect.nyc.gov | tcp |
| US | 23.97.10.232:443 | sbsconnect.nyc.gov | tcp |
| US | 23.97.10.232:443 | sbsconnect.nyc.gov | tcp |
| US | 23.97.10.232:443 | sbsconnect.nyc.gov | tcp |
| US | 23.97.10.232:443 | sbsconnect.nyc.gov | tcp |
| US | 8.8.8.8:53 | gov.content.powerapps.us | udp |
| US | 13.107.246.64:443 | gov.content.powerapps.us | tcp |
| US | 13.107.246.64:443 | gov.content.powerapps.us | tcp |
| US | 13.107.246.64:443 | gov.content.powerapps.us | tcp |
| US | 13.107.246.64:443 | gov.content.powerapps.us | tcp |
| US | 13.107.246.64:443 | gov.content.powerapps.us | tcp |
| US | 13.107.246.64:443 | gov.content.powerapps.us | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | www1.nyc.gov | udp |
| BE | 104.68.86.170:443 | www1.nyc.gov | tcp |
| BE | 104.68.86.170:443 | www1.nyc.gov | tcp |
| BE | 104.68.86.170:443 | www1.nyc.gov | tcp |
| US | 8.8.8.8:53 | www.nyc.gov | udp |
| BE | 104.68.86.170:443 | www.nyc.gov | tcp |
| BE | 104.68.86.170:443 | www.nyc.gov | tcp |
| US | 8.8.8.8:53 | nyc-business.nyc.gov | udp |
| BE | 104.68.86.170:443 | nyc-business.nyc.gov | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | 170.86.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 20.140.137.183:443 | tb.events.data.microsoft.com | tcp |
| US | 20.140.137.183:443 | tb.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 183.137.140.20.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| NL | 18.238.243.86:443 | ad.ldplayer.net | tcp |
| NL | 18.239.69.105:443 | cdn.ldplayer.net | tcp |
| NL | 18.239.69.105:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.231:443 | en.ldplayer.net | tcp |
| GB | 142.250.178.3:443 | id.google.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | 86.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.69.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| NL | 18.239.69.105:443 | cdn.ldplayer.net | tcp |
| NL | 18.239.69.105:443 | cdn.ldplayer.net | tcp |
| NL | 18.239.69.105:443 | cdn.ldplayer.net | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 163.181.154.248:443 | advertise.ldplayer.net | tcp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | 248.154.181.163.in-addr.arpa | udp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| NL | 18.239.69.105:443 | cdn.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 142.250.200.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.181.163.in-addr.arpa | udp |
| NL | 18.239.69.105:443 | cdn.ldplayer.net | tcp |
| NL | 18.239.69.105:443 | cdn.ldplayer.net | tcp |
| NL | 18.239.69.119:443 | encdn.ldmnq.com | tcp |
| US | 163.181.154.248:443 | advertise.ldplayer.net | tcp |
| NL | 18.238.243.86:443 | ad.ldplayer.net | tcp |
| NL | 18.239.69.105:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 119.69.239.18.in-addr.arpa | udp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| NL | 18.239.69.105:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| NL | 18.239.69.105:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| NL | 18.239.69.105:443 | cdn.ldplayer.net | tcp |
| NL | 18.239.83.70:443 | alliance.ldplayer.net | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| NL | 18.239.36.116:80 | apien.ldmnq.com | tcp |
| NL | 18.239.36.116:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 70.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.36.239.18.in-addr.arpa | udp |
| NL | 18.238.243.86:443 | ad.ldplayer.net | tcp |
| NL | 18.239.36.116:443 | apien.ldmnq.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.securebrowser.com | udp |
| US | 104.20.86.8:443 | stats.securebrowser.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | 8.86.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| GB | 142.250.187.206:443 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | www.toneden.io | udp |
| US | 192.178.49.163:443 | beacons.gvt2.com | udp |
| US | 13.56.96.205:443 | www.toneden.io | tcp |
| US | 13.56.96.205:443 | www.toneden.io | tcp |
| US | 13.56.96.205:443 | www.toneden.io | tcp |
| US | 8.8.8.8:53 | 205.96.56.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdn.evbstatic.com | udp |
| US | 8.8.8.8:53 | st.toneden.io | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| NL | 18.239.94.30:443 | cdn.evbstatic.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| NL | 108.156.60.90:443 | st.toneden.io | tcp |
| NL | 108.156.60.90:443 | st.toneden.io | tcp |
| US | 8.8.8.8:53 | js-cdn.music.apple.com | udp |
| US | 8.8.8.8:53 | sd.toneden.io | udp |
| BE | 104.68.88.90:443 | js-cdn.music.apple.com | tcp |
| NL | 18.239.94.4:443 | sd.toneden.io | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| BE | 2.17.107.129:443 | analytics.tiktok.com | tcp |
| SE | 23.201.43.51:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | 30.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.88.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.107.17.2.in-addr.arpa | udp |
| US | 34.128.128.0:443 | featuregates.org | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 8.8.8.8:53 | s3-us-west-1.amazonaws.com | udp |
| NL | 18.239.94.4:443 | sd.toneden.io | tcp |
| US | 52.219.113.8:443 | s3-us-west-1.amazonaws.com | tcp |
| US | 151.101.188.157:443 | static.ads-twitter.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 34.128.128.0:443 | featuregates.org | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 151.101.188.157:443 | static.ads-twitter.com | tcp |
| US | 52.219.113.8:443 | s3-us-west-1.amazonaws.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 51.43.201.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.128.128.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.113.219.52.in-addr.arpa | udp |
| NL | 18.239.83.59:443 | widget.intercom.io | tcp |
| NL | 18.239.94.97:443 | js.intercomcdn.com | tcp |
| NL | 18.239.94.97:443 | js.intercomcdn.com | tcp |
| NL | 13.227.219.33:443 | i.toneden.io | tcp |
| US | 8.8.8.8:53 | 59.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.94.239.18.in-addr.arpa | udp |
| US | 34.128.128.0:443 | events.statsigapi.net | tcp |
| US | 34.128.128.0:443 | events.statsigapi.net | udp |
| GB | 216.58.212.206:443 | consent.youtube.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | udp |
| US | 52.219.113.8:443 | s3-us-west-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | io.toneden.io | udp |
| NL | 18.238.243.33:443 | io.toneden.io | tcp |
| US | 8.8.8.8:53 | 33.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.212.241:443 | csp.withgoogle.com | tcp |
| GB | 216.58.212.241:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 241.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_3116_AVHCDOQJQMLMHTAT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a8f15c5369a81d0932eb602dd916fdb7 |
| SHA1 | 411be113728f59658e9de18bc52de4056851a04e |
| SHA256 | 411acbbe8bc8ffc4b1af0c1b6ffc794a31b64c0f6452849cc99c6d0bb58151c6 |
| SHA512 | 771ab4612256bc7e164a866f74b8c972616578ac6c45a009045364f82654680adfa34d74bdd648466c569f064d11be04b23fa28135be82635594bbc315771709 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a306fff6-ee80-48d1-9eeb-61dbed34c0ae.tmp
| MD5 | 0190de4aeefcc3c3c8d8b3e7f2876bf1 |
| SHA1 | ddd579d158a4da2a616c30bf685ff23b29d009f9 |
| SHA256 | f72c45f68dd0a162030546d636e1f10f30e6e8c41f9e131c29a668966f6f7361 |
| SHA512 | 3ba68443b38464399025d9bb0797dce08da6d1a9fff2cb93d2c2c5ad3f3b94add6a91781755b3f7f86501c7dc01689942ee0b001b87e02bdca0147ba60af95c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 92e69a46ee2c3b0734a1336848747974 |
| SHA1 | 2b4483e69d36ec958afbf889bf4800b917848829 |
| SHA256 | 0a9ddb0bd42fbeb62ba0c0972001840fbd1510a60fd3842f134da0a3bd38b306 |
| SHA512 | 46e83211e5e070220992f977786d8563332bbde4d9ac17a3e39ea49e3d67d1311ff985d9e12c2e290059acabb0d155097e47f914600847d25eee35a2335e05ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | f998b8f6765b4c57936ada0bb2eb4a5a |
| SHA1 | 13fb29dc0968838653b8414a125c124023c001df |
| SHA256 | 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef |
| SHA512 | d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dbd066a5cdaac058b80d5a396dcc5be8 |
| SHA1 | a843dc0c0a010239f47e0740b56246d2a10b91fe |
| SHA256 | a3a694b699feaa37aa4ebe89992428e0922fabe6589489bde8d1f3132c3761ec |
| SHA512 | c6da2fad51b9bb2ae04a0af05f9e2057ff45f734f8478774b8c7dc2177491f9916d0dfa490454aa49d095200a0feb5abd0185142a85fb2924360369a261d2026 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bcbb6d564ad2b47aa6e39c85d649fbd3 |
| SHA1 | 21336bf6773b170ce7822f802a18abe4aef62660 |
| SHA256 | 46947ac5187e56186caadf4cbd955bd2a093c12a7b502a61b905edd6e36b581d |
| SHA512 | 8b82f469e87d6c36b3340b62e68e1f7dff2a50f33b720f4f0ec6c8a0e742514d42118d22d918db7a963fcfd21f164c5e7cfea0d3e3f645a4c5f714e9838773ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b15b4cab-c8aa-428e-af00-0f9564fad84b.tmp
| MD5 | d53f02e35eb57355867dc5966e4bd74a |
| SHA1 | e22b62d582c3a5ab8bd73746d3564573da228eda |
| SHA256 | 796c4aceb1055bf73bd479a70bc80ad42846b3fdf3ff4b880428d95220e354ea |
| SHA512 | 42a6b0debf4e6963fe8b796a51bffa5aa6b533c422201dbe51edc2c785cf420ff0d6ca2f281cbad0103de24966b035bdcbeb78b71cb4d89c0d6ad9aba8b85300 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 50f3fe3eca811bf67c0595609551ea3f |
| SHA1 | 95e91c3b75a096fc7cd999036d5e9d3cfd8bb242 |
| SHA256 | 04fcb19d1436a373731f14db4fb174741a38c080eefe9e3ee2537456c0a05d3c |
| SHA512 | 30d1ae9c489b349871254b1218dbfae834bdef81783d5ba4e40d319a756eb271255fe16473d43c9ef6ed4abbe69ec4c8d6f3ebeabf50973ca8d17cc0db9ce6a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 814bfbc58d991616dc96d510f1910b7f |
| SHA1 | ff4e89410760fbdf459382aea772c9f1e4a4a833 |
| SHA256 | 22ba0d225ca7e61eef692e5665fbf618ead2775fb9bdaf2fe195811b30145436 |
| SHA512 | 1964e4157ec642956b76201fedd1c8b77fcbd2ba54b15e37dad621c2b4c8837a583f73f2757361224ef4538a78152ffcf983e728b49265a7f3701809e583cc20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ef23.TMP
| MD5 | b25aee5a1c05879f466a8893cfeb52c8 |
| SHA1 | b63d0ec4c55cbda6a6787c66f7109e1f89fc3f64 |
| SHA256 | 73ab121095d358adc90d161e8b6f539ce99220f884b60c2fafa28e847a518588 |
| SHA512 | 8cef576711a0d493569df6dfff29b4435981787044d5f9199fac1cb589c79bbef0770260902d2f5d19a6e009d5a653fd7e2514fc072c062db3e79e58b2c4ab9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f04df8ac9fd67d1d9b2ff64f57f53cfa |
| SHA1 | 53f20cde276c9081e55a6f661881f037d15f032f |
| SHA256 | 59b2ea625a376600ae977e54b0944bbaa35dbf74e1b05ed2c3b00e437833eda2 |
| SHA512 | 7e9ce673f5d165810e9e007862875d3cb3a5c09ec97815f2bb47543f6f0f8d154b61c693b2c208fb1edd21cecbd982530553f2deea3932d6e9417f7f2f6b5948 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 19ea6623169e9d2b0ba2c3623be337fa |
| SHA1 | 1407244052f7ef8748e075f7d147913d27eb69b0 |
| SHA256 | 9fbb26821a2826cc9e5dff6c19b74acd5cb66faf456f480303b44e4fdbb1190c |
| SHA512 | 7c35bd66f62109407319d62eaf622f2da02b72133c6b8a7ea67c583758923c761be883fd2b8bf52add15a4f9ec2194bd13fb580274e9fc22998c096220eecf6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f2093746bd79cb3039f00bdf25aea6b0 |
| SHA1 | 5c9ccea14497085cf6800eeeccb0634ca96759f7 |
| SHA256 | 11904c0e96f24460497b1d1c4ce70b4fac3ef37d7a71094f349ccc6092c06706 |
| SHA512 | d6f6ec35d087b11a6017eb5c873639498ecdca50e6c56e4b8c3b52429e6bceef3be24f23da7c82ddf94c9afb275ab88d39b49a6981b1f0641f7828daf6aa008e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 804f3ab77c54b0404030b84af00f915e |
| SHA1 | a247c73e5eef56934432c647f93526b46bc70290 |
| SHA256 | bc1363abcb3e333359f7befd3484b603ce7443ac9abfc19192645e1a483c3a2c |
| SHA512 | 36f60b0585f7cc58d61ddbce2801ea353c846547e6da331b139364ecaa912e4dd5e452ef778cabe046703630d1c89b74a80e4491176e1cce3f3ba76b0a9a2c19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d8b3503188862be477b91e17092b07ce |
| SHA1 | f5122498120b5241174e1eb434a949d0eb10bc6c |
| SHA256 | af639fc9e9998b00bd0466edf2e4e7709ebdd77c1472884f9ebf7924b898fbf6 |
| SHA512 | b7b6952921c4adbc4a7f339caa048d34cd45127c27ae018af55b11d0bfcd094058c38a110d2295e33f987d4845c23dc15412d48f67b0a5082726531499166436 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4dc7b3250a05f607f7a771cbfd17f6a6 |
| SHA1 | 95d3b4c8f6f32a528d0c7a8281912bc629128c8b |
| SHA256 | 750502e59ef3ffa6e514bc4b9b8874f9762acb5d87cfd894c621a085295b609d |
| SHA512 | b84ed576acede750e6c86ba0416f4940c0843a542a9f8a3d32d59f65fb7bc0ef6cd9c86a6814f8af729b4a1db79e983870aedc073f3bcdb8c15660055168a454 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d1b554e89c0b22c4600da15fb01969a5 |
| SHA1 | b0072d9ef454d7fba00ff196f280538c81fdae8e |
| SHA256 | 0c8e8f2e240d2e85316ec68c0341f14471c954e96989146c8a597bc9a33cd76d |
| SHA512 | faa171be39556811d5e7a15a7018b2e411605e5c38b77ff7ff4444ae2c2eadb8403a8d83d2026713e68fee1d63667dfc641758c1e80f74eb95f1470c3242e710 |
C:\Users\Admin\Downloads\Unconfirmed 93323.crdownload
| MD5 | e126e85516c400f91c7faec6de177490 |
| SHA1 | 364d5712f99012549c4c0425bebc0c6cd6bba218 |
| SHA256 | 9742eb6f940a9bdc5a2f4323a0407ed7fc0903620a2fa3a3999a803b208ffd07 |
| SHA512 | 028e8b84b732750739a9eae771ea8706006377bf184c333ebae26ad9244e00aac769c6cde077bfe63b5e53ea7ef7fce4390e930982dc50b9cd049c0989c11f5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a8896c87510db0a859499bad783e5b2a |
| SHA1 | b679281d862be6c6752aa4ecca87651c94fc59cf |
| SHA256 | b91b8f772c347104ad69beae7cbe7e12569eccbc2ec42318164d3ba4e89e3ae6 |
| SHA512 | e50d6e5d4e24b0f16684daeaa93d15e461e7e094b9461b31316a2f8080acae84a4ef428b557e772750742c6e74a5b2c97ae19ae0b4d5ab8f9f4542a68cc3d715 |
C:\Users\Admin\Downloads\avg_secure_browser_setup.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 08beb8722552e0cf02e7c1230383d36e |
| SHA1 | f69ed26ba8691ad805756f3c7dca8508fc9d541f |
| SHA256 | 9f4d59e7d5ab2becca160642b45f05b384e2e204e812b44e83f3fa08b318d509 |
| SHA512 | 55440081f0dfb6f540d67269234a5f80aa986467a0d4a0465b0de7fb17bb0478b4d42f15cadf189ed394b2b37ceb9ea053cdbc5259b89840d291158ae5be3eb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 68134aa031b494124a6ff221fd40f0b7 |
| SHA1 | 2e2acea7c4e37525727b58f36440f8f5fb159a2f |
| SHA256 | 69b9cc562dc0ee112510042ecfb1fa1c07d4ab89e41e9d857d8a8e6080581c0f |
| SHA512 | 50c5703f608aeafd2012a66d51da20e13e4bc4e3991cbffe34a490bcc1c0135d2040e479aeb1a575b95f347542a5def4e3658e6187383d85618b83058b970a97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e3cbb26d20dab7d554938fb313880258 |
| SHA1 | b2583a0b3c0a0a1c7b4d67baf26e8c71ce383014 |
| SHA256 | 8fb5a5c6de9fe049c0fe176913cc54465055be10840dc1ffb33ceaf074962ce6 |
| SHA512 | ab021d3623c4be02dfe683e28ef0cb68e8c272e4fc4eca207d5f290bc8f38cbb04820f9f750ee30ed55c685d41faa7ba18399d998b732b8cce0f5cd801f20eb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8b7565faf1166203bd3c4da533e8a0c6 |
| SHA1 | d6892f1dc9d552cf2de7fcbd2242260db0ee4468 |
| SHA256 | e795ccdfeda2c89c36405e47bfcc2a1fe870a5919397e3af6777b2268ea5a14e |
| SHA512 | 2b365fded72621e9703818d75bd2a3f11f95db5f3796f0076237dd9473c59783a33e7fb7b350fe724ef99db23af26e59d65d88fd7fd19d0078543308320acf42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5e81c309c93752ad13e8e50e37c74c0a |
| SHA1 | 037c1cd0cd33da7ef9477af9ad06c226b4a10f02 |
| SHA256 | 239e7e268c4e0ded13c29810bc3bd0e016e0f986085981bd08702cc084301e46 |
| SHA512 | 9c5424c8faa04bd82e0bcd7a1670425ee4effb3e749d47fb6a7a5f5ad6fb4e33c97f6e9600e2d369dacccf4b790b4d6a0f4e5d5eaf8740bf349894ab550fead5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f00706bb6965ccb5ca2133c7c7f8dbff |
| SHA1 | 358e7dbc46e5ff87e3b4985b9c2b3b63bc885736 |
| SHA256 | b54177cf1cbdc466bcc63c715a7da225fb6675e6812bc0c0486d417fdc77d763 |
| SHA512 | 5eac0921b2d1c5145cc1e8b74b046e6224b76932446fc0e19fdd5f226db8781f31a730a8d5ae0f9bea1609f6d68c50bceb6d887ad5a2709d39be638e7636161c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 99f9878685c34f5029d4c1c8f8a46ea5 |
| SHA1 | 3c74386931a1d52364723e8faa3ec0378d8856ff |
| SHA256 | 744cd43eee2bd05e97adab8d86105a63aaca32d323df49eb15fe3bc4222c6505 |
| SHA512 | 11cc92eff162c9e4ba13cc1ab5ee4938d5da9b157d85812708191e8f732b999fd42b70771992ac8c7a946972a754d55662ecda74ca5d2cd01b672a96f88cbf00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 82441ad56e898834ce4088971cd79c4d |
| SHA1 | fb745ca9635e1d07d2449f211d03b6f11e44d8ba |
| SHA256 | a8a0da4e170c9221e9a0ac99b9e0f7a6885f8c11d0c80e7c5b453df6a5533d45 |
| SHA512 | 8a4a7c16d27b923696239b36811e1f5393b18441bef6b21653f1a0a7362b39b87429b4ecec5803eee86083b36a098bcab50b02b26fccb8569d7980c84f3fd1d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 41f18b9ec4e3e3f7c0d6ec77e0cc8579 |
| SHA1 | 4716311a63e3403a8765439496a58d72c22401ef |
| SHA256 | 16f98b6bf0c786a17626ea15b0df894877cf183b18cf2c947edfc6a95497e760 |
| SHA512 | c9095955fababfc05cffe632b4f41283d9505ee48f312ecb3f8db547d8ce67498185d7fa3ec92263fa8882e84d3b257568686d8d96b63f60064d6ae017fb9735 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
| MD5 | 6593fb08e941adbe4a342ba22ef78356 |
| SHA1 | 27348fbbd385f328960da9b5863cf8c28ee66069 |
| SHA256 | afd127c2f758872d2afd7a41f3ea0489f3cc11cd73ff4b9f200a75d89ded039f |
| SHA512 | c066004a823bf0408037b7fa4e2efc5d230bcdfd189f7cdbb67f9fa437feac7b6d4eb731b61a882559afb867505ea620dfbc757774b661dbd5784044340e5c91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
| MD5 | 856a3daa268de8801e7cfd5b727b6de2 |
| SHA1 | 8e099b433518980e657c7541c49b498e6b83430d |
| SHA256 | b870ae3c5216311e1dd7b8662e01d1fa3326edc85a98a58247cd37b8cfca0be5 |
| SHA512 | 2f191ea906a3551576ab14e607fdde9930fcb15f15ffb40a8c5999ba07224bbb8ea69918db11d1cd719a3d57510edd466ad2b9199c6a45a48463b0020a2e6eba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 205b28553decd46c1fd28e133b146379 |
| SHA1 | 252741af1425fe4936b20fa4b0296618bf1014eb |
| SHA256 | b94086f3b7e21be1ce2014d6262f8e8b34162101d14ffd3ee340b0a99e60b8ae |
| SHA512 | 6dc6d283338ab3b224eadc5b6591ef9f39bddb1f078656b6b3fb2fe54b2219c5eebf830b0cc7a9c767f1fcd3bb4c662243afd9d9d90525e27adfd63f909dd7c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | 3fbbe501184170760eca27a4f1a21b5a |
| SHA1 | d475ba3ca88d01c44f3c5bbf659697cda5bbf307 |
| SHA256 | 080683aa91886ea7c5002f22372bcb28eea989b8e4a2b583b0a131bd58b21bb4 |
| SHA512 | 9b592f318766c07a76e2edacef6818e9e6958a18597ece331d66b24ce20860f9fb1003439747505c4ec3cbda2550882b79a18becb9b39f55c4fde58ce1d5cb2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | 35e169a3f7f85455c47015681cc3f5ea |
| SHA1 | 1843bc67fbdbbcac77048fd215f114f067a493b2 |
| SHA256 | 348a0f7b55361454e00172b5c0440fa2d466c338bc75cf810d34ef4183a3cd88 |
| SHA512 | c8d9660d61a4e7ff4c2a3284d1d64ad0e91bea363d2b4660588620b033fbfc9bd345426a35bfdbb5853878f7d98aeaa678069103211cffb5df9722f64fd3d87b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
| MD5 | 67e30bbc30fa4e58ef6c33781b4e835c |
| SHA1 | 18125beb2b3f1a747f39ed999ff0edd5a52980ee |
| SHA256 | 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba |
| SHA512 | 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | 2155f385101771026a23f3dc2808c97e |
| SHA1 | 550ba8b46e714011059de97b0f672f0349dcf8de |
| SHA256 | 4641db11da9224b6da70ab3719915060084de315ad9037ca51c566d7d161dcd1 |
| SHA512 | 653fa69902507e82f884910143a60305e2b3c6e4d7ef411273c4ca2a67cb144ef9a367963bdefb1f45e21af4193393bfcc16ea599289b6f45c923884b3fe39f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | 68e70c2d7e5cd9da7171b837e540b441 |
| SHA1 | 5603f87248ed6d07b2bc82d1e6aeefcfd5349ea5 |
| SHA256 | b90819e293c210926a0c61da6248162e324c437608c21db9d4dbc077a660de0b |
| SHA512 | 704718ad8caca73f23581fd449f41a858e275a535ca8c901a5cbd09c51feff29a6cb86418c8a3d2dacfeab5d8d9c89d60f2a3f2dec1b430afa1d037908433bfe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 7175dfbccf6fc7275e9ccdd8fd4190d3 |
| SHA1 | 46584ad492d25ddf5e3d6fec8d403ca8d31d0717 |
| SHA256 | 018db8e54114d4657ff61373546f5665b2254e043e8de28a5fb111a5cf2b4fd4 |
| SHA512 | 7b2603b818e0654c78f5952c200c0359963aa15f5be87f61862440c9245448ee738f8caed76ac72bdc3807611d68f8db97a1af2bb5825f764bff6210b1b7c531 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | 144854e84da83ffea974a51dc947756b |
| SHA1 | 50ad7fa26be4433392808f4e3f0f79ffc273cd78 |
| SHA256 | 8c008eb45d08a7cdb74767dc72e2e47dd33264487749dfcac472f8d9e1311c12 |
| SHA512 | 515d5343fd3da1fe397d6722bd6b1ef8fb5a971ba8f7ba351e5c022883f3f4a9b145c70e0e7c54e5b424047adaee997095667df62464781a9f684e74d752db11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | f4f9e3cf3f485977af7b3899d71abbfd |
| SHA1 | d588dc6d5da4fa71326beef09f1599a63db86a58 |
| SHA256 | 8599047d4191259e29d9aaa2db84a2c092c9542c68cff8c4bc42e1cd4730f538 |
| SHA512 | 6dbcdacbe0d991fa75131f870c8baa9a19f96a04a2a7894e5aab3f192a3e5d48c51c46252d099efb065026be28d47c85ba6db25d63e441865bef2c42e01e231c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | 05c60cd394ab412ef2eca669a8d1127d |
| SHA1 | bb4b50bb8a05cce3175ced22edcda96d89b80a4a |
| SHA256 | fe41e6548be83507127f5d5e271146ed2bb09cf41a14827f8f717cc34aeeffe7 |
| SHA512 | 1e87b7378259c159d411b28f38485368f720b75280fe3663c38afa41f32f33403ff5b387763eb7e58a7bee9657df04c8c98d49cd36f0343d607de76989b2f94f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 45cdd901466cce4a54720e8edae4d951 |
| SHA1 | 90086efccd7457868bbc61b13742c86f2b8bca06 |
| SHA256 | feb3f83d1dca1e6ed67932824372c6b7387d678b77ddc9582668fb17ff50af74 |
| SHA512 | 94152949b151f03ec32ac6250832362cde459f4cd719c1256a49127376b25a028e17f61417ea4afb3c6ee724535d1819689845ee207ca61eff396ad77f07191c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | fe4789b7983b5d5e61a7338b8e91b74b |
| SHA1 | 72c8ffa2341202345cd309496f2ec59c33a167fb |
| SHA256 | 5530cd6edef842c432db61c7b40f60b845cb8b194021b52c4efc79e96ad2036f |
| SHA512 | aa532a5ca68ae275d935d664dd2538c5b1616b884947f0628757b6d0e819a452bc7b732d42651f3c6b6b5a8e65fffb0aa9cb3b5dd6d08160dda6c8e3a46b7f2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | e70e65ec4f5beddfdeb18c27947ef6c0 |
| SHA1 | a3cba8ef92c7a06d204417276372389eb97c77b9 |
| SHA256 | d5f2dfac315c92bbd505bd53028fd406e82308fb114ebb75d47cee9a00654b0b |
| SHA512 | db6ea2a26ecbe55e8eaf9ad11bab315970a53d1402b7639cdab70ed51ec7a7d63c421ed558ffd59729f95248fb30b364ec1a7e71686a482f58523e255fe32112 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043
| MD5 | 71474203d68661b534dc8bd155c5fde6 |
| SHA1 | 1e01530281efdb2900f5305c136475adae00845d |
| SHA256 | c2815e2e82ff72159021df734f65472a18741148bb4eb75e9a0220bdcf209b0c |
| SHA512 | 81aae5ef23a29ba45ef395bc97dab017e0c4c94f8f55e9db58da77aee718b40fb38874fa465138bdb3f300847255188754ba8a92508fe8dc3c712e52fc725422 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c
| MD5 | 59807fcae8c482f7e5714682a54a24b5 |
| SHA1 | 729effdf31c481ef333d2d17cf29d34e5c29edb5 |
| SHA256 | 8e36fb5480fbb1d8b44752e1b823c3087bab800c7ab327736f641de7d208eed5 |
| SHA512 | f178ce1458b098952e71efb5fb796b288905fd7ddfadfec4753eb3fc42a61905781174d79ec7cfe5c36156352347ca714c3520200373b94dacc96d7f032c3f62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d
| MD5 | 159be154b0c6a30c75f4f32d27f2e0e9 |
| SHA1 | 656d75888330c85405f7d107175858fa7bb08230 |
| SHA256 | f24d5ad304b1430ccafd63cefd033e8e8c17f4864eb8b7984041c3cf4da961e7 |
| SHA512 | 6319f3fa6ff4bfe58ad34acde79207c72210f5594fd1f3895451811c8fc3d163569bf8df21b0fcdc123b8676e766af4955d7f0c67a0601fb00f4841510a1898a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030
| MD5 | 6aa8c015a9561f43e7a23f268a46b400 |
| SHA1 | ef9a5f1657512b8b7cbc4832a183993ab8296936 |
| SHA256 | cb7cbf2c6b20480580474daf2f2d6470b20d662dc09c3be3495afbaeb6faa0ea |
| SHA512 | 69db048a6762b99df3b0b0529eb48281128360b6e9b4c3f408cf8399a41858e827c10c4505530188c90088b66c2c35735f754a562e99ae76cac29115a2aa1222 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000069
| MD5 | 5bb6fbaf0c60d8484054db863ddace24 |
| SHA1 | 9f2a1ea4f12ad8597a87ffbcac09ca169af93189 |
| SHA256 | f52acb3f9a347bfe5cdc32bb2512e2fa49e6609c99b4646e002d487012203a55 |
| SHA512 | ab2c63d85ed6dbebdb494762eb40e8f8bcd782e7b7061e2be4c84ce6ff14a4bfdac938148e0c4ed92f2e79e667128c1b1d5325becb562baca9776da02f037a90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a998fa8fe632dd7e_0
| MD5 | d346df01b9ebedbac2b8cd90c4a9e10e |
| SHA1 | d7177c43b3c1980bae0a5c8e5e871aa38499e244 |
| SHA256 | c1f5cbeb7646128ba645947744054e3d5bae42cabe94eba82e544d96451a9a95 |
| SHA512 | 5258f5c62208308591c7e2dce1f27a6c79f8c1b2b3cca0d43d7050cd3b3a8b189291f10162804ead5e609fc66952fcb28c7cf556513d74f19bcf41a0a6a60ed7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\10325cf46d3b368c_0
| MD5 | a83effe7a59f965d36b2ede41561cf66 |
| SHA1 | 198aa5da6137f3a9460a7aa4ee3bcdcb7bfc76f7 |
| SHA256 | f108f197d9d5ee19a1181f1ed943e4559b62740bfeffd6c2562ff87f622353be |
| SHA512 | b849fe7ad26f116105e36b75430f8f97a14f7e9f44e8562aa8f9e70c4e63f6a79ac31cab1ed0544fc06e29a6d321736ec30f9d2e8909469b62c77c68fc14b6ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c57150302ef32613_0
| MD5 | deb31f0393399362559bea6a102d9958 |
| SHA1 | 5a3da5e4ab8151a2967a31e19e925b9cc59622d6 |
| SHA256 | 36a9bcb317d7bd14e1a758cb7675b133a7cb3e1d6892d5f418edce8e35553919 |
| SHA512 | dc2111554d6eb86a554e1495de083f3a1c4f4670cdbd7958c26502fe479499c3a39328951b171b9c74d4047afa3fdf2c6a53ec38f5e7397d2418df4e99ae3618 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7329fef665291f55a06e99adb8e51887 |
| SHA1 | 66ef0a4d16880766c2c0eecd4b2216d92a6cd9eb |
| SHA256 | 19a0134c810048f5f80e797b02d81770dc2d34a97c9a038afdbdee42ebad6239 |
| SHA512 | 165724c545fa88fbfa417aebcdbd15d8fe484d18f27c12fdd4a686bb2627406ab1529b9770fdc76df929a56574a86c4c7fc86b51bf09f3014a336f0713f193cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 413f08984de3d7f48bae896022e2bfc9 |
| SHA1 | 07d62f016bd3542b86ba3c7a0963c8d274d52bf6 |
| SHA256 | 398dc37385edbed7e0f101df8c6765a81ec1ea72ce661690e97ef7bbc8dc071d |
| SHA512 | 458539452081d857ef837428eb5b2a85572741b15efe7eb11b5bdc2671b6525393b5df4892df32f99e09d992dbe72bcbd3251cbf94ca6aa67a819a0b9bbcb209 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a4b5022c1a1013f804bdf46ca460a769 |
| SHA1 | e24a5cfa221a20e666d265c8c4fd3774b9ee5470 |
| SHA256 | 91cb8f3993bb80cca312e0cc19dd95e509a3ac9613fc61b6ee47864b403252d9 |
| SHA512 | 9961806e9d0d6d68ec02961e13acfd048b40010105cb6515bd65092fe1f430eaf33a6ee39f14c032ab4eb5d48881bdf34cdb55efced9b3e81b8d326875d1305f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 206a89d7e3607407668d894b72d690eb |
| SHA1 | 1845e44d4a2cabf7f02a902ac1271a4be77e898a |
| SHA256 | 846842fa462814c82d78ccc404e3394bbb1322b7981439afbaeb19439a6e8070 |
| SHA512 | ce249eac926ab3e39f2ecfb93f6ac1af521c8d8f36329586aefed7e375f8b352d0d5f61a45fcd41c4abb3ff61b3c52e3582f33533259a5d4ee13c61a2e347073 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a8
| MD5 | a6fc0e89b7ad808e9fe0d1c01d89a887 |
| SHA1 | ddc5de84f804d34f3fbf2d72e89be24a62700e2e |
| SHA256 | c28c4065de6b63b84d30472b9db90ef7772f2880dfe505be05ec75eab295b261 |
| SHA512 | a76a3745b2e5d0e8befb127fee74716c064fccd32deaec9d2799f89e6ffb57af575197e9c615946ea2ae5473c5e9acf759d20a9f079be8dcfc1ffce3106f2ac3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4db1cb05d2e95a068dc1e5d88f9eb14d |
| SHA1 | 202f50ad28c2686841cc12cc748e7b3f0af81cdf |
| SHA256 | 1895e874e2101b0067bead997be2dc2308ef57c8bea45d9b97fc70da9169dd70 |
| SHA512 | 481656ac83f92fe2a131473c53ded801b3f0e674adc30b689a101d3d730d50b9b58ccd3c40bd1b957bdc456cfc43f7d9687e662bded55077c6017b0af433c577 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c7f5c3e757541f77c9ddc0496972e025 |
| SHA1 | 5e8e7f784f67297ba933fec53ed9078759b8d6f1 |
| SHA256 | 1a99213817b5be1f4774f1962cf5ca6a1917746e6b0f17f68e02d774a9efba53 |
| SHA512 | 2064aacfdd21990e37b112cd98131835c3dacf3a5d65751ef39d03dcb7583656bc16e269dc53727e3543849a6f1d6f1edf901b3089e0adea148f8f7018bfc7b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3ad77818f79a5bda4b7f6d0d70e29b8e |
| SHA1 | cddfb6a5130b31eb70c6a41c1f390c5171bf7a7a |
| SHA256 | afe906286dfc3c577cca53c1090be4e0ef700790e040e957861511df66d61509 |
| SHA512 | b0793ce67a51f88bfa102460d1baa7ea4492ad0fdbf039bafc5b8a9b14e50dfb6db9952dfd327112ad01990931b12435bc9acf325ccd22c82542edfcdf59e18a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 704e01017493149685be5f75c3b22078 |
| SHA1 | d654c1833be2a1eced3b6c87770da111ba634b69 |
| SHA256 | 20883acf0839c328de47035db35ef87067e55380027e9504dbbe5111d6deb24d |
| SHA512 | 2b7d6fdfade86de363fc304bb768e4b3933569fcc08b4141c187bce5ec7a17d402e0a8e1c0e1983d666c3596a89673f57dea2ed2e9ff5ebcf95511cd126b4044 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b2a85c5dae684d0e8cd8b26bb3e798b3 |
| SHA1 | 5afa3ecb930b7342507de9c6d488636c95e4036d |
| SHA256 | 0eb163deac18d046767041d91381d6af905254350d9778668b5a92a85fd663ce |
| SHA512 | baca36d2110da2196687a3d380fef87335a8c53eafefbf58e7729e0bda9e54ce9a5ccb29338801e5c00d598bf73585600d67db7d342165f636b0f43d5f91e5a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | a38b2a845a8f9f401af9b64fe3a6e14a |
| SHA1 | bc25d8c364676ed6d81c1c1fcbb51e4f9a3e0e1f |
| SHA256 | ec4d3181ecf500896d0aa07bf95fc66cce532a7ffbfaa88408403ffbe55e1840 |
| SHA512 | 14884b80bceea87d662ca46e8f8192370ada66c4ddb19c406d44733bf3c0e88ed7bf01109297083643c700090969cfb1b58220bc4804c0287906e81ab969b9f1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 874b48e265840f92471288feb4e88ed2 |
| SHA1 | bcfc8575e39f53382a38026bc16a1626e9b816d4 |
| SHA256 | f798f5cc52ae9ebbd21567c07210225346bd4bfb0c7a72311c4efcdd815c505c |
| SHA512 | 261110f884d9ae92c76a7e5921918236a2552e1377176398f2929e1372fb24c2666259a03ade3fba9a6f4914eb654a7b4cec65cfea8a14bf9b0c05fbb07fb16a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 7c94a5b3ac2a11e2f33f424d2e46128b |
| SHA1 | a53a904da7566cdd13d29dd0d5163d24514dae2c |
| SHA256 | 2515f3f193e94086073e4a94be79317b4ba93eb77e696e8ddeae1d334c9a77b2 |
| SHA512 | 60460a298d887e104acf345b283e62c8a292419e847170c0d1abef087614f16572a640fe023c7fb053252c35204706967378108db6cc59335bd8eaea0eea8bae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 64e4ff3015cad32f97ef788616d0bd73 |
| SHA1 | 3a8c4f8a2c755fdd5294d94d37580275b46fa2e4 |
| SHA256 | 96ea5a105ff11b39a94b47a3cfef94a0fecf0598b0352c5383f871a8530fa869 |
| SHA512 | 5d7ec47ae9d85896efaa0c8d8aa444dde5132f4887c041ecd443a7025e47e9d77d25e5812cac2996d223535e9ead6d479e1cbed5f40f129c4e7a83e5094d0582 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 410fd6cb7d5df1e184669f85ad70ae10 |
| SHA1 | bfcaa4ccfe38270dd535e16cf100ab3fc4e33d62 |
| SHA256 | 34ebc54ecf0fdb65a3155403db9c65d85e67881f3d3fe863d3fdd162112d5d4b |
| SHA512 | 401027aa597af10399e62b33d6b204331d1afeca9aa9e4b7eaba3b07292b5d31b692b0426ec0add373014b906b2ddd68282fc7a5f6b50e685372a3863c4283ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 62ba7c7635047e5b73b48730ab2055b8 |
| SHA1 | ce7e37956d2f9e7d7f87501110c1ed39b5713b61 |
| SHA256 | 538a7897395905c7e579fe922b8e274d35a07d6e5e5389508a6d1a7be2472f5b |
| SHA512 | f6ba273604d9082dd4d3a6bfa7d67707ea1c625069ddc94565876a2bca6f91ec03ec35aa3ba82ec5efdc8045c523bcf440fc71da6c33a2c5c38350a4507f8c5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 81091b4b799c3c528edab76c1723cb05 |
| SHA1 | e5e6316716d283cac8eb28a01ca11a40ce56304d |
| SHA256 | 0978daa427a7aa27d46c992451ea04d4a8d883a33395059c6dfd4400b606ec28 |
| SHA512 | be96d359703fe6043cfbe5278cb7944cfb7f6c30fc62d1937bed2e5525df8a5ea2df994fcad74c35af136e63381e53000dfddb6f9196a2860c8ce171bd5ce2cc |
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | 7d5d3e2fcfa5ff53f5ae075ed4327b18 |
| SHA1 | 3905104d8f7ba88b3b34f4997f3948b3183953f6 |
| SHA256 | e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4 |
| SHA512 | e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589 |
memory/3760-1846-0x00000000053A0000-0x00000000053B0000-memory.dmp
memory/3760-1849-0x00000000053D0000-0x00000000053E4000-memory.dmp
memory/3760-1850-0x0000000073470000-0x0000000073484000-memory.dmp
memory/3760-1847-0x0000000072BBE000-0x0000000072BBF000-memory.dmp
memory/3760-1851-0x00000000081E0000-0x0000000008786000-memory.dmp
memory/3760-1852-0x0000000007CD0000-0x0000000007D62000-memory.dmp
memory/3760-1853-0x0000000009160000-0x00000000091A4000-memory.dmp
memory/3760-1855-0x00000000092F0000-0x0000000009356000-memory.dmp
memory/3760-1854-0x0000000009250000-0x00000000092EC000-memory.dmp
memory/3760-1856-0x0000000009C90000-0x000000000A1BC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 376aa6e800a338871b79bfa39b657979 |
| SHA1 | 47a6354b44edea4e92ea7459d3dc9f349b62cdd6 |
| SHA256 | dc4d1ba866a1171c78b38cb0c6da8f5df1fc0f1507ec195cf2cb847fb939c562 |
| SHA512 | 0969e0a0130202819ded2b708f8ca3ee6728c396298d5e96aa41f02c5f6e99f7ac11eed7619e23da2ff21841d5763b95558da20c3cd6fe326c65b898f7539f45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 90e64a32efae0d2f8ec75c802c7a06b7 |
| SHA1 | e8b01f0e4c104d0906fd1850cdc218766828bfba |
| SHA256 | 885511cc8a8604e88853122efecc533e3dbf3826cf0038e579f5b10594aec04c |
| SHA512 | 0bb1d264df6a6ad8b253702617d80ed4dbe81a4730509ea9f9d5f8e447e418bc8c06318e6ab0b70d9900cda9d444cd8def1bcfb69ebdc46f007f1789325d8a8d |
memory/3760-1886-0x0000000007CA0000-0x0000000007CAA000-memory.dmp
memory/3760-1888-0x00000000053A0000-0x00000000053B0000-memory.dmp
memory/3760-1887-0x0000000072BB0000-0x0000000073361000-memory.dmp
memory/3760-1889-0x0000000072BB0000-0x0000000073361000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 887d7a0aba9c9cc054f253207a47ceb7 |
| SHA1 | db3fbf93c9d7c39780d9629314b4668ca20c2812 |
| SHA256 | 551f368c270c7035ef4e547ce8a437e92e5afb9c4ede1627adb82a89484c6ef1 |
| SHA512 | 7781cb41becbf9a06bd160c9d6d1da909fc5b31c61f5c049f4c20f96f02c6bcdca08a84f95509c9e5dc040a3da806e3bb189750016501aa92c92f413a592de28 |
memory/3760-1899-0x0000000072BBE000-0x0000000072BBF000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007f
| MD5 | 05e9679509b61424a07cc4d4efb7247f |
| SHA1 | db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81 |
| SHA256 | 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b |
| SHA512 | 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208 |
memory/3760-1917-0x0000000072BB0000-0x0000000073361000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 983f0b3517d6a38ba7c6744534af7f8d |
| SHA1 | 34790b6f4052aefd4ae80c74fbce0606157f3448 |
| SHA256 | 4a76336c7be10614d3207a4d933a282ffd2c11c84f653a7a7c4b5745cf2dd803 |
| SHA512 | 3689f4a95de12f48d400b65c06f36f13eca1b5dc91743bc528c7bfc1c02ca540e81a64b4dfb5033f835237d3bf72e941ade6f9d346c4d6a1604e1be97972ac84 |
memory/3760-1938-0x0000000072BB0000-0x0000000073361000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dea0b02915660079f3bcefd66a289d12 |
| SHA1 | 401a9b69181022b21b7ac482840d45106443bd62 |
| SHA256 | 9f7cb29279952de404f2175b3074a858d7cea7faac8b1517f6bb0de1b0d9dfdb |
| SHA512 | a0990950a5aefd653f5d46d7a3b65be2bca4ae3d251150dc67bfbddc5f078d99f5b9ffa499c526434e748ed88e35c93d3abf0a5e01cf09daf0f5c38a88ddb8c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 71d8e2764e21b50efd4daac8ee1693fe |
| SHA1 | 3f863163d6581cd71e3fd63079691311f1e9462d |
| SHA256 | 3503937718bbcd1d762f23c3d8b64391e76e7737a45744d746eece16b5a71988 |
| SHA512 | 21e8fbe554128eb350d17abeb3db9316918e331db31c7c6683df0b7e7883c6321adbc4fdd8db9c102c1a266aa430c6b37a23be902105ec86d6d98eb45f23f952 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3667641c6ecad92dafaf8438f5457f65 |
| SHA1 | 6e78166dbdd61e3c07c1f9b66ff82a0af2a87004 |
| SHA256 | 6672b5a9b9ba5e6022500fbe047a04d98bb9bfc87ae4c2495b59b61f7a8425aa |
| SHA512 | 55a4eab6a857360caae74d5c9cee0bfed8bb825a08b3be2126937b09e117b776a938c8e6c689cd11e5bbf421091f51480e4923f4ce7bf5042c3bc5dc607d6f0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f0
| MD5 | bf4dfd7188f21de3f39f4756dc1e471b |
| SHA1 | 31f81c064d53858e2ed48e18ae6da690824cf7d0 |
| SHA256 | 4719170f5ea4c8ad27d161b39ff351c2a5ab28c22a27859dc8184717a044b22d |
| SHA512 | 9ffdbebe0cc8fa1b4dd1c61953f259df8dd134d3c58b5f3c2d794f874a63604031aea05581c7c0d715baf5225de0c3f00b56287218458b0acec423bce2be4dfd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eeb845c117e74fafdf3d0dafdee44ecf |
| SHA1 | 934984e18b68c4d429786fd2920362b203b5deef |
| SHA256 | 516efdc7b8d34d78f677dede816621c6eacf8de5e209e9ab9c696ef072d428c2 |
| SHA512 | 6578ab3b49162e8bedd4799f4228df3d8f7c03168925aa77d23114639cb59fff92abd1dd8b5c1b24087aad110bacd769a987f8204731eb2e7a42a6bf768e5c0b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | f2225f32051d5b3d0235d76b6d3c0af7 |
| SHA1 | b4b901c45c45e3e5cbf8ccf92832c9ce2e5e4190 |
| SHA256 | c86d6300431039125de5797b6b869898a7486edeb2eba6e4b18b9a7ac929f8e8 |
| SHA512 | d10143722bb19694b801ba1c157372fc7c8baec1d88ddfb4ca5ee4bce6dcb048705a312104039854af12ce4cc760a3e5754a4e3934c182e0e1a05c15999f2a35 |
memory/6880-2061-0x000001956D0F0000-0x000001956D0F8000-memory.dmp
memory/6880-2066-0x000001956FB80000-0x00000195700A8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 46911e9f40317ce0aeb47314ab1237d0 |
| SHA1 | f54736fa7b1b1742941e1dfac4021212959dcc0d |
| SHA256 | 4ce6bc6a07609e6ee656b98f855e67d053cdba2f0f07c42c4a590859e81bda4f |
| SHA512 | 9183a07a6631a91089c04fa39ffb31752e854aaa22dab55128cffdaa3ad3cc262729c4d355f649537f456e4c8339e722a799341ffb3cb739fe55d5473f3662ca |
C:\Users\Admin\AppData\Local\Temp\pr1apmfv.exe
| MD5 | 4ae841981639da7d279c2579b95aa8a7 |
| SHA1 | 3610c01dce56ec94c308d7e3e3a476c098fcf51f |
| SHA256 | 6d716a4bef35fca71f13ad8e60ac7c861f2d8991df2e4710559ea096c2d42ec5 |
| SHA512 | d74d8076a4ab12cb8ca7aaca14723e1ca733e2de549f973e28628a8c76bc6093bdf49883772ff5e089e2b8802b539ff35c69152a0073f95eb208f7fd1d8b7078 |
memory/4448-2152-0x000001CDD4790000-0x000001CDD4818000-memory.dmp
memory/4448-2153-0x000001CDD6560000-0x000001CDD65A0000-memory.dmp
memory/4448-2156-0x000001CDD65A0000-0x000001CDD65D0000-memory.dmp
memory/4448-2161-0x000001CDEEE90000-0x000001CDEEECA000-memory.dmp
memory/4448-2164-0x000001CDEEED0000-0x000001CDEEEFA000-memory.dmp
memory/4448-2167-0x000001CDEEFE0000-0x000001CDEF038000-memory.dmp
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
| MD5 | 3068531529196a5f3c9cb369b8a6a37f |
| SHA1 | 2c2b725964ca47f4d627cf323613538ca1da94d2 |
| SHA256 | 688533610facdd062f37ff95b0fd7d75235c76901c543c4f708cfaa1850d6fac |
| SHA512 | 7f2d29a46832a9a9634a7f58e2263c9ec74c42cba60ee12b5bb3654ea9cc5ec8ca28b930ba68f238891cb02cf44f3d7ad600bca04b5f6389387233601f7276ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ed5c8b8b12ef5c6e376060a6ff64b30e |
| SHA1 | 30e448b5c3f2bd46bd1d1835b4d493f7801d811e |
| SHA256 | 0452fbc511943f32f70b1f2a7335186134af70cc181f0d63e00aa9897f0b7068 |
| SHA512 | 26e966f5f9077fd1e988b9f300cff1454b93c74e166049d1f6d8eeecc74fa61a4b67f1d74e1986d9fa2e90d5f8d9a50e632bbc7e655d0796a321fec8d8f9f452 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5ce046.TMP
| MD5 | 6b917c270abd68769626025178091ea0 |
| SHA1 | c665e625981c5d84cf32dd18838bde5f1a0798c0 |
| SHA256 | e8b58144a57352d65a3fd5952d8f26862deb4f01d81b6a3c570b9c6d1511dcfc |
| SHA512 | e358bf9ece0773f9dfb513bd6b5d76308e3bbc1125f9c0bd5a56b25fe19c87b2a94063f72df4ab22049aeecdb867f7ca78a6d08900f53dde32cc364f84e203b3 |
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
| MD5 | 58b8915d4281db10762af30eaf315c9e |
| SHA1 | 1e8b10818226fa29bfa5cdd8c2595ba080b72a71 |
| SHA256 | c19df49f177f0fecf2d406ef7801a8d0e5641cb8a38b7b859cbf118cb5d0684e |
| SHA512 | 49247941a77f26ab599f948c66df21b6439e86d08652caa9b52ffbcefd80a8c685d75c8088361c98dde44936e44746c961f1828a5b9909fecd6ce9e7e6d2f794 |
memory/2936-2466-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2464-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2463-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2480-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2462-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2461-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2487-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2494-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2505-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2503-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2509-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2515-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2514-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2513-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2567-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2576-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2594-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2598-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2605-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2668-0x00007FF78C050000-0x00007FF78C060000-memory.dmp
memory/2936-2848-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2846-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2844-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2837-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2824-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2807-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2793-0x00007FF7909B0000-0x00007FF7909C0000-memory.dmp
memory/2936-2790-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2781-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2779-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2777-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2775-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2774-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2751-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2746-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2737-0x00007FF79A690000-0x00007FF79A6A0000-memory.dmp
memory/2936-2735-0x00007FF77DEA0000-0x00007FF77DEB0000-memory.dmp
memory/2936-2711-0x00007FF79EEB0000-0x00007FF79EEC0000-memory.dmp
memory/2936-2696-0x00007FF7BBEE0000-0x00007FF7BBEF0000-memory.dmp
memory/2936-2695-0x00007FF7BBEE0000-0x00007FF7BBEF0000-memory.dmp
memory/2936-2687-0x00007FF7BBEE0000-0x00007FF7BBEF0000-memory.dmp
memory/2936-2682-0x00007FF78C050000-0x00007FF78C060000-memory.dmp
memory/2936-2671-0x00007FF78C050000-0x00007FF78C060000-memory.dmp
memory/2936-2666-0x00007FF78C050000-0x00007FF78C060000-memory.dmp
memory/2936-2664-0x00007FF78C050000-0x00007FF78C060000-memory.dmp
memory/2936-2648-0x00007FF78C050000-0x00007FF78C060000-memory.dmp
memory/2936-2612-0x00007FF78C050000-0x00007FF78C060000-memory.dmp
memory/2936-2609-0x00007FF79BA40000-0x00007FF79BA50000-memory.dmp
memory/2936-2606-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2599-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2604-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2603-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2602-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2601-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2600-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2597-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2596-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2595-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2593-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2592-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2591-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2590-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2589-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
memory/2936-2588-0x00007FF7A88A0000-0x00007FF7A88B0000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 20cb9e4358a822a22b623eb83d656872 |
| SHA1 | 94c0a96129fa84c2cdbcf55348da263de1c2be72 |
| SHA256 | bfcb1f4c52a066743f564baf8b88265d46139efcdb1a22751437fa341bae446a |
| SHA512 | c55fd7a332de7274125630db734121be3988ea7e2ae4359846639eee3ed147b8e8a04fcbd1dfc01daff22908d836cc280e76c8bdbc3d97cf2ca1f2473035b21d |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | a7b0dabf4a52b6827c35de1e05111ba6 |
| SHA1 | 21065f550492165d5290446e433e0f9cdefaeecd |
| SHA256 | b92f20569bcb06eb12a87d278592af03f564281ad9803eb8ee748eed0c4afbf2 |
| SHA512 | 5c4996df6335d5cf045f09d04ccf2382306ab4ab962dc2ab1889248df00f1470a336724bf137986df7be60e6b5b2417d75e4270b18f3f87fb533a8c1c530ed3d |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | b673bbb919207f861790f3ad7310a205 |
| SHA1 | c2de2b55cd4d3961f41fcb32b0f5635c85c1920d |
| SHA256 | a3329345af594bd40f549c0c32df68358f26b3fd41936b1987a43340abfd979c |
| SHA512 | 54de3dac337548f8250627370b5817edaa970f491832be0f926a14500cb299fe8de61adf778e1f226c6f49657b41ddc761a50fb6f1cfed4121d2c684c9e3dde2 |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 739a68ae4a5529f6bbbd33bb8f6baa21 |
| SHA1 | cc8c293a1f4f4cc2ff03857532368727886a3e01 |
| SHA256 | 449122d34ffb08ed4821dae4253e61bf48241eebac79f3162d83eb316ef4a0e8 |
| SHA512 | 2747be7f4a8e6bc05f2fb015fe0ab13b8c6cad2688533eabb34c67f854599dfe748d2056919c67bcffc1811747f146a9ae2f9e3fdbe327d4e1d4e0aebfb7f443 |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 4f97254a3c7184508ccf97502f228dbf |
| SHA1 | e8e53b5290f57557a9edf7546b71801f8c09dc3d |
| SHA256 | 8018e2906b587287605dc50a3f44848fb48a4c14badff1884d5e4afd731eb9dc |
| SHA512 | 4d8a5bb3a3c9cf70c3b12090c2fb0f477d6a0ee56afba3cffb9f124c114e7d30674a2ed403d9c7a4bada406877fffe0eb710a44168208a0fb1b0f02fd6cd6c9a |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 6960418ff2a57ded9427dc8eecb9c022 |
| SHA1 | b1c606b8929cec3ae845cbf9339cb7efce525ad8 |
| SHA256 | 92f3bc336e180908b6482418f81622917187cfeda548ae36b688dfd27701a9a9 |
| SHA512 | 8bbec64f0605475e5fa2aad4c520be785a3845a4f14e2574c0d98c7d9c707fb4bdbff9c885ccb2a4d11d2e18cb6e99c2a7eb51949c40e21168028f9428d7abc9 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | efdc29f9b5cd88f57d3a405f3f2399c2 |
| SHA1 | fb242e04d15070be4f8aef4ccec3240de797f543 |
| SHA256 | d2bf591d37789e9a20475dfbbf3789518d765b812be158d23978d42cde76655f |
| SHA512 | 8b5e1f83a6d152c3c98f3c7fbf734772ae0a49632e56d7add676352989f125c2aca854d6b1ba228f1b1fee373a23ad221b4971c460faf1b8de806c1362fa22e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4db2eaab0ab046a56009761f7ae835dd |
| SHA1 | a06c48c2aeca8d77afd37ba8edbdc24b754d0297 |
| SHA256 | e1c41d4410a74d405a1073d81f4d3292b52662eb7d274cb7bd968f0608226ee4 |
| SHA512 | 96767eae4e5b7cc33800e103356b50055b5f3a210f5398c51363cc82304d252fcc6cffff5f811625c8179f6430f6c92a339de7d0b9cf2b72dc18efb9cae698ec |
C:\Windows\Logs\DISM\dism.log
| MD5 | a0cfe630f580d282fcf99e923d371b8b |
| SHA1 | 7d5984034ea865882aa954da543696bbb41336d3 |
| SHA256 | d4f252f4343065b56256b2cf0950c91670c28d36bb9802be86818018fb778e81 |
| SHA512 | 4364bf225060379b6aaaacaa8cb576ec437fe49daa90bce2947609f4bb9ad75aff54d421b6e599f473ccb65341e87919663646c9cf92c0fe89ed9266e0e36d1a |
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
| MD5 | fa16d0dc50b77c9f8703b5b36d774107 |
| SHA1 | ec426639f3bf3a563491ac53b70bb5eb92e5c314 |
| SHA256 | 94ad9f2b387a5e6cbd0f7b2259e37533ca80aaa69ba044db6a022661eaeb606d |
| SHA512 | b2e50634a6a7a116c71bb56dc045f29f79abd5d831ed1ac4a4fb7ab6a452321a814b9877b1c98cc0e185c6b6cab5bfe3e9435a43f9f4d1ff4d515109779372cd |
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
| MD5 | 135353974cbebf94b8bc48d682f8f5d8 |
| SHA1 | 0d8911efa7759516fc80961ec42ed6e15764ceb8 |
| SHA256 | 3da6db19e909805066bb41b1674b76b9b1946e99aefdee3ef96a0ee73b9914c1 |
| SHA512 | 1896e77b05162f9624ecc2139866186260b1adfb6a1918f04f9696dde2e7b5b4c2fb64533c20abc44ea0bc42afed692381cff956a458b1fb420e5b490f26f998 |
C:\Program Files\ReasonLabs\EPP\mc.dll
| MD5 | c85b6e5cbc8cd0cd668a95378cf2339f |
| SHA1 | a53d71a00a4d1ee74de71543846ddbeb568b29a1 |
| SHA256 | ef6f5493f21fa5fdac8b6b669ac6dbc0923e5c7c794f075413f27ca6ebeeb4b1 |
| SHA512 | 7067887375c5aa40b1732d648185a0d231b8d87a43b63fb3670dc5099a56c7c7356cce43dc48cad6e96c1585fdb2955afa8a50d3a1c7df1994e80705f76aaec2 |
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
| MD5 | 4be222b0796df9d496e9ff02c389c304 |
| SHA1 | a50131cc3683aed3c32847cdd0b8b976951296ba |
| SHA256 | ae6d512a1d4f0f4b91a699c80eb6b97acd3bc59b22375a3039d74b58b31e9c2d |
| SHA512 | 26cccea83b3f1dfe84c63cacd4698d9eea373219cdf810f5dbc1ace313b1478d753eb5547ca186076e878883b462364dd80136805d7aadabd5917cf485a55eaa |
memory/4448-5030-0x000001CDEF4D0000-0x000001CDEF526000-memory.dmp
memory/4448-6733-0x000001CDEF570000-0x000001CDEF5AA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\a3a349ee\e0669266_ebb2da01\rsJSON.DLL
| MD5 | fa63504382f4f3f92fa86841d9e97f29 |
| SHA1 | 0bde02c98741bb24eaf501bd8e2d9738742cd042 |
| SHA256 | 5f0764e1998464f63c6583f870dd3784921b752b91d8e450fe2c90153cb5e58d |
| SHA512 | c8483d9060a6800c8dedb4d5fea7cda346f742ca1a149c3eb608823209aff1f00bfcc5b0caf9c482c7b01d75f6e198edfae3b0100cb0dca6e5b5f18336abdee5 |
memory/4448-6742-0x000001CDEF560000-0x000001CDEF590000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\4dffe3f2\f08e9266_ebb2da01\rsLogger.DLL
| MD5 | e3fa0916f33bee8a14f28421d2dcdc9f |
| SHA1 | fd3dca4db55e81ebffc7609c5d63a4ffbd6629b2 |
| SHA256 | 29aaff11e775c800575b1a5d4160daec749dde528e68bc3b6e9b340279ed991d |
| SHA512 | fe96efd3cf162bbb766634c3d90f707d868378dd04e47aa9d55c03e03130f54827f781639383b053c9335d022ccd6b244b67e586197c2b40d193dd58a4ee8cb6 |
memory/4448-6754-0x000001CDEF560000-0x000001CDEF58A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\2eeccfd2\912d7f66_ebb2da01\rsAtom.DLL
| MD5 | 044d60780b0c40d3f9b0b5a3fc040948 |
| SHA1 | 2e16c926f11ed5faae22d9af5d935748c57ec1f8 |
| SHA256 | 7493f645bb04092aee30a47a681494251c79a38a941c9a3d2dee4293a265f428 |
| SHA512 | 7653a0a46e3eb9331e92a09937754302f939100adbfb283242c25bf0f73f8508d6f7e9d5aa08dbbefdd14bf682ad7d0d77f4999b3274d329d281e22934c445ea |
C:\Users\Admin\AppData\Local\Temp\nsuD2EA.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\9b610033\28b69266_ebb2da01\rsServiceController.DLL
| MD5 | 8dcd92de516608670f57193d74824a3b |
| SHA1 | c67c347dfa47c2db1628fab8bf9906c353f33dd9 |
| SHA256 | 96db49db4dd12b9f86144fedf83ac7dc12d855c5d7e3c863fd5b1696966ac345 |
| SHA512 | e5fde81ae57e68df69fc7695b9e16d8c7d188a30a4d68ffb682a3dcfedf2c028874145815aad2f957a02b0ead6ad8f1442635dfa580339816110e7b1cdbc0c0e |
memory/4448-6767-0x000001CDEF6F0000-0x000001CDEF71E000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngine.config
| MD5 | 0195b6f2d3e0f5a4947f353e48e15d8c |
| SHA1 | f29fb502b68a486ffee0c55ed343c15e5110e6f9 |
| SHA256 | 52b9ff10c412162ce0ac5ece6cd56b1164c209af1ad8b3b8e334149ed6e4ea56 |
| SHA512 | 65ba63d1645a1c507c2a8c4728df0f1f660f3574333925386f1b5b07f11e4e894d8404767a478a384d6a5910915ff040698c6c761047a4ce53a9fabd2d788bef |
memory/7752-6775-0x0000000002D50000-0x0000000002D86000-memory.dmp
memory/7752-6776-0x0000000005970000-0x0000000005F9A000-memory.dmp
memory/7752-6778-0x0000000005730000-0x0000000005796000-memory.dmp
memory/7752-6777-0x0000000005690000-0x00000000056B2000-memory.dmp
memory/7752-6780-0x0000000006080000-0x00000000063D7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0u2sowij.hem.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/7752-6797-0x0000000006430000-0x000000000644E000-memory.dmp
memory/7752-6798-0x0000000006560000-0x00000000065AC000-memory.dmp
memory/7752-6920-0x0000000006AF0000-0x0000000006B24000-memory.dmp
memory/7752-6930-0x0000000006B60000-0x0000000006B7E000-memory.dmp
memory/7752-6921-0x000000006DC70000-0x000000006DCBC000-memory.dmp
memory/7752-6934-0x0000000007720000-0x00000000077C4000-memory.dmp
C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys
| MD5 | 8129c96d6ebdaebbe771ee034555bf8f |
| SHA1 | 9b41fb541a273086d3eef0ba4149f88022efbaff |
| SHA256 | 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51 |
| SHA512 | ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18 |
memory/7752-6944-0x0000000007EC0000-0x000000000853A000-memory.dmp
memory/7752-6945-0x0000000007880000-0x000000000789A000-memory.dmp
memory/7752-6950-0x0000000007900000-0x000000000790A000-memory.dmp
memory/7232-6949-0x000001D8DD5A0000-0x000001D8DD5CE000-memory.dmp
memory/7752-6951-0x0000000007B10000-0x0000000007BA6000-memory.dmp
memory/7752-6953-0x0000000007A90000-0x0000000007AA1000-memory.dmp
memory/7232-6952-0x000001D8DD5A0000-0x000001D8DD5CE000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | b2ec2559e28da042f6baa8d4c4822ad5 |
| SHA1 | 3bda8d045c2f8a6daeb7b59bf52295d5107bf819 |
| SHA256 | 115a74ccd1f7c937afe3de7fa926fe71868f435f8ab1e213e1306e8d8239eca3 |
| SHA512 | 11f613205928b546cf06b5aa0702244dace554b6aca42c2a81dd026df38b360895f2895370a7f37d38f219fc0e79acf880762a3cfcb0321d1daa189dfecfbf01 |
memory/7752-6978-0x0000000007AD0000-0x0000000007ADE000-memory.dmp
memory/7752-6979-0x0000000007BB0000-0x0000000007BCA000-memory.dmp
memory/7800-7016-0x000000006DC70000-0x000000006DCBC000-memory.dmp
memory/10124-7057-0x000000006DC70000-0x000000006DCBC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0121d6f24b3f1dbb7c1cda405137340a |
| SHA1 | 72403107ef644bdc82d507f40108486ec61b4b3b |
| SHA256 | cf2a231639aa81161f05ba1b5bc054a3328448c8d75761d653f5f5960e445d2f |
| SHA512 | 248168bcf18d48d17abc96c552df9199e2e535b9f3d1a9fc5ecbd12fd54cd9fc82ea99ffa5c845afee95dd421764f1b151b4c809931fddc1a050356bbe5f21a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0747d05da831b6fae85ae0e2caf7dfab |
| SHA1 | 5da76da2c9d9e26281842d12f559f356df59f7b1 |
| SHA256 | 95a43fbaf745a3506ed23b9152766dfe6f62885762da2311808abadff1e19103 |
| SHA512 | 936ed45b26f3db10c4d2f6ad2fb4f394379a8d1923334eacde1d455bcae67c73af150ea27f23c5c06cb961a83130305b5e71ac92789ed6f2b6f9f1dff47b6f48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 92e0887237efeeca18c0296c21c460c1 |
| SHA1 | a6017f2c0b81e49ec43b6861104a7f06dadec3b4 |
| SHA256 | 3801a7c1204c163c0b9815029fe2369a966ef4b6dff30493de3ce5ceedd09646 |
| SHA512 | d02857130e6a3f9f96b88561367606d992f6d70a4ae076124e290e6898c06ebb2d6b53142d65d4fa7f9fb2150d9664c950ab87d25b21f9d9bebce401b8cd6a82 |
memory/7232-7103-0x000001D8DDA40000-0x000001D8DDA52000-memory.dmp
memory/7232-7109-0x000001D8DDAB0000-0x000001D8DDAEC000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 43fbbd79c6a85b1dfb782c199ff1f0e7 |
| SHA1 | cad46a3de56cd064e32b79c07ced5abec6bc1543 |
| SHA256 | 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0 |
| SHA512 | 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea |
memory/6824-7138-0x000001617F1A0000-0x000001617F506000-memory.dmp
memory/6824-7141-0x000001617EFF0000-0x000001617F16C000-memory.dmp
memory/6824-7143-0x00000161666F0000-0x000001616670A000-memory.dmp
memory/6824-7144-0x000001617EE30000-0x000001617EE52000-memory.dmp
F:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | f96c25bb4feee47fe4111660fa0706b3 |
| SHA1 | 284126ce4f80b6bfd6037f6137dee90c941e4eec |
| SHA256 | 9b5d44c60b18b36bcc1cc0e28585ae168d92239beda197d739c3e64edb229867 |
| SHA512 | b4297728f031863ccfb50de52d18f443d6ae893322e2f6b315497e187329275fbf41828867e614b35e9ff60ac6e3e1ae77d876fa8e131336c2d6a1fb6ff7db36 |
F:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | a723044f1c511790dd0ee3a3fa68c4cf |
| SHA1 | 670e6f907c2557c9685ad26c26d6d8fee5139942 |
| SHA256 | 861be3e240b075752d52c7b50c41bf22eab9314db4f11a20362c648198a0f2e4 |
| SHA512 | 0fa7da71864d1abdff83d3aa01597f5902c01899513b0333bcc5d756a15be02b8c5293b55c1d88e556010f53412a7dbd27b57b63b1074565f1f6de8e2952377c |
F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
F:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
F:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf
| MD5 | 93b877811441a5ae311762a7cb6fb1e1 |
| SHA1 | 339e033fd4fbb131c2d9b964354c68cd2cf18bd1 |
| SHA256 | b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b |
| SHA512 | 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc
| MD5 | 70058f2d60daef1ccc7bbcba210f0ace |
| SHA1 | ef214ade419a724272ac82e9de5233d7c0afa64b |
| SHA256 | 43b26f40e04ae6854569a01803541245abffcd130f1345191afd8bf6b0ca7873 |
| SHA512 | a0b3ca59ffad882fbff69012023eaa8aadb77d3ff1252562e5480e7dc3c9336afb3c5f58fb435246ec48c758d3c9d17ae9ea8a28f9d4766fad1a4c672cbf9b9a |
F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | 6de0ef4a83aadebe5d7e07a64fc9d220 |
| SHA1 | f2162f30992ced0b882bfced0477ebf62b7ce186 |
| SHA256 | b7c4de833b0e2689724414802fbdda35d7cc1c4529eb95282fd0ffd175119008 |
| SHA512 | eebe007e0ece66c08138720bb46864470826a6b49a8edb1fd1593c4efade4bbf32c764d205383ef4745a738a1242f92e4c396abeb56e6ff9e785977ce8f646da |
F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
memory/3760-7299-0x0000000072BB0000-0x0000000073361000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0d32928b02e5e38f3c0174928414025a |
| SHA1 | 01b2820fe2391f18a5650946d252f993b19d8c60 |
| SHA256 | f4db95e46f347ee146031762f05068caa413f6e5a11d020f8a252dcc129ee7b5 |
| SHA512 | 5c834060361e033010c94be31292d4534b4c16001fda5858e29b7d5d2609d37ec321f26d0003fb726baf971af0ccf9d8566e772a23037eede5fc6efa734b39f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 97668ede4ca4d4e025d9550d6dafc102 |
| SHA1 | c8ffb7c57a9d4419af0313c56042b11346ed9014 |
| SHA256 | 66a1d4f4d5cb4620af58c80315ddda1cbe35e09822ca2b7c62155be94c02c927 |
| SHA512 | f4fdba5dd31a4717a8f4af85429d8abd02c8a24e8d7d83d65a4c3d89640ce1250df2632af23a3fb0c81dc001ac71c11eb1d630e7fcf8104e5737412abb559d3a |
C:\Users\Admin\AppData\Local\Temp\nszD007.tmp\JsisPlugins.dll
| MD5 | bd94620c8a3496f0922d7a443c750047 |
| SHA1 | 23c4cb2b4d5f5256e76e54969e7e352263abf057 |
| SHA256 | c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644 |
| SHA512 | 954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68 |
C:\Users\Admin\AppData\Local\Temp\nszD007.tmp\StdUtils.dll
| MD5 | 7602b88d488e54b717a7086605cd6d8d |
| SHA1 | c01200d911e744bdffa7f31b3c23068971494485 |
| SHA256 | 2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11 |
| SHA512 | a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a |
C:\Users\Admin\AppData\Local\Temp\nshD8B1.tmp\jsis.dll
| MD5 | 4b27df9758c01833e92c51c24ce9e1d5 |
| SHA1 | c3e227564de6808e542d2a91bbc70653cf88d040 |
| SHA256 | d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb |
| SHA512 | 666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4 |
C:\Users\Admin\AppData\Local\Temp\nshD8B1.tmp\nsJSON.dll
| MD5 | ddb56a646aea54615b29ce7df8cd31b8 |
| SHA1 | 0ea1a1528faafd930ddceb226d9deaf4fa53c8b2 |
| SHA256 | 07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069 |
| SHA512 | 5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8 |
C:\Users\Admin\AppData\Local\Temp\nshD8B1.tmp\thirdparty.dll
| MD5 | 070335e8e52a288bdb45db1c840d446b |
| SHA1 | 9db1be3d0ab572c5e969fea8d38a217b4d23cab2 |
| SHA256 | c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc |
| SHA512 | 6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c |
C:\Users\Admin\AppData\Local\Temp\nshD8B1.tmp\Midex.dll
| MD5 | 581c4a0b8de60868b89074fe94eb27b9 |
| SHA1 | 70b8bdfddb08164f9d52033305d535b7db2599f6 |
| SHA256 | b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd |
| SHA512 | 94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d |
C:\Users\Admin\AppData\Local\Temp\nshD8B1.tmp\CR.History.tmp
| MD5 | 3d93dadd704a6e11685a54b83d67b1b0 |
| SHA1 | 9a260836958e4e4ed5cf6628dabdbad903201c8c |
| SHA256 | e157249ccfc7ae902ce3271dca6967ec830a7c6c85252b080372d04c0d887348 |
| SHA512 | 4c23bc2306048d45fc932abd420e000f1f02c8005aab36e7472ec3973c6932bdf5139eb64fdb8a0e9a5b6601d4da004810ea2336f83c0c3afb301fb5a5d9c571 |
C:\Users\Admin\AppData\Local\Temp\nshD8B1.tmp\FF.places.tmp
| MD5 | 22452879d53fb92fec4279195ccec2d0 |
| SHA1 | ff1fdfd0a4c7da3a8504b656a2617c634dc85b51 |
| SHA256 | 02331fa4817b8c3c37ccfa15d97ebd598de37ba6a168a003a227e1f6c81ead29 |
| SHA512 | c311ba47cb9df79e7dea6f580c81f62347528e5443c12f6ea6018a90621251c15535c65858a21faa86184f8d96c10efdf14706cb3fe4142ec779b3be103f6bf7 |
C:\Users\Admin\AppData\Local\Temp\nshD8B1.tmp\CR.History.tmp
| MD5 | 4e2922249bf476fb3067795f2fa5e794 |
| SHA1 | d2db6b2759d9e650ae031eb62247d457ccaa57d2 |
| SHA256 | c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1 |
| SHA512 | 8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d42b5e02fc4597369aad3a2f0546a3ad |
| SHA1 | 9d2803715c2d8eff4f1299f9fbd1beadb490f648 |
| SHA256 | e52f596664a625243d373aa1ba3e6630ee1dcc6de39ba9bee6fbc31778c377e4 |
| SHA512 | 5b706b2197c851e115c920dcc1970f5af0368a70a1b9c6b49cbca5ae8c3115d670a792bd50f365226cea635afae3c06d4c82d3c82db811428f3b32252549dc45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000114
| MD5 | 78c2b586d013f22c00a7fba84f1b17dd |
| SHA1 | 297e8185e03b95dc9ac1d3bd61d7fa6870af5e22 |
| SHA256 | 296967c3f68bf40c880602e4f9332488b55e6b901d7f9abb0190d391e2c1895e |
| SHA512 | 6904ac1bc42db7d8e0b7470369dbd2de6936f90af3e00c247d773ef2b8c20cd4ba54ca6fd3983f37052f8d74faed449d14d790ba500ad0ac72a3d72dca82a077 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 11b587f49b048f06cfd8ac7b5dde450b |
| SHA1 | 184c033b1672543c396b1dc75c4654db29628e47 |
| SHA256 | 58e9ca9d5a263306887bc0ff37d27aee48d51067bb9103874de55f68b0dc85ba |
| SHA512 | 69bd59da31c8d47f6aa9ae9dbf82e5992f984c757b70adfd9009a6e4a2ef0b941c08c8e654ed2bbe4c9305f86d999383fc9119b704a0d8b4563e7818a9e56503 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 53eeff584eb7161c168688385bd9b8e4 |
| SHA1 | 926eec50393f0caa7ca4f910e4a876ed10895f45 |
| SHA256 | 6420ec536da3ba23096a434aef8d450e1b5c8761241ba89adabec173c0eb217e |
| SHA512 | 764c0d4976ed68071b7b26885811a45229ccbfbff305a148ee07ee548455132ceef3d0cf49f900d9af20093ec8c5819d77441b7be862d47f16a362bdbdd77b7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e7e0fc4638084bda85f9db50683a02cf |
| SHA1 | 050ce8e4a47948093818aa96e1cf5aa712edd4ae |
| SHA256 | 44a209d6ebfe4880f6b4ef9c568979f13a67cd609fd1e6abc93d90e5c8307111 |
| SHA512 | c2fb1009f3fe3d5d20eaaed062ec325957c16b18f6dd823af9581fa4363f287b9ced17bf3dc5e56da665d533f8d0f24241d5bb55e570ad44ed97f1381c6bd425 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 5c6c1823af8eeb00aa63516d1f7fe309 |
| SHA1 | f196a8948e3dcaded37b4a7c883f2440bdc5d019 |
| SHA256 | 4d93e1bd41ff50f885986219842445af6b531b451cf40dda58bf01923663a606 |
| SHA512 | bca643721543126868c2c5202710d93a075f4657faf5ce3711660a7c983fafc7507f17e57618351d71c04930080759c20dbbd7a4ac70f71b2f23d6d5d0c24f2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7b6d4b440485f7943d12643ee9ed2ffc |
| SHA1 | 9ecf9eafd1daf09265b400c64da0272f56de6ac1 |
| SHA256 | 112f8946a6a6c2541960fa17b947830bc61cef30978864a449665046aaedb43c |
| SHA512 | 07446e9f77fb0811ce682b1a45ec25a962ddd500559e908acc48c788cc624e2c02d7c7391ed483b1a15cc0dbfb9496dbbb20fa8eacd25a13f6fd7c5450dd9389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bee0a24d680d552ea7852d3ff9d035c5 |
| SHA1 | 2935d46815e9877ef97ce7f7466c9b4ac1a4fd78 |
| SHA256 | e78c7983749ea4e40489c6b86fdc8d3e2009f8d2375ebe04a67b95766030c43b |
| SHA512 | eb9099b952db6c91d179475bba8d12f54b969b3c57565cabe22975c7784706fcded76235704d47190c4f4bb0744ecb7af8afc969a4490a233856f354bbb55693 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | de595c8d75433c6e997d9c96aadc6f1d |
| SHA1 | 38f61244946e2dcdca51e7c114b313ad5a6f6b9b |
| SHA256 | 38f3c509d9f7126234f1a2129ea5b2fcfb5ca7044f38ebd65d85b40bb966c931 |
| SHA512 | f09d324249bcc05cf4a1b157f64c01aa9e623f47ea73f66fca07de8f3050e02c38b18f2983327de1020e6dde781aa82b08620dcf9b1d08104f23f4698abadda5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000127
| MD5 | 08cdb984ad88c56174e061288a53083f |
| SHA1 | 335e5d789fc886d5fb76145d447b4b87b7fe84c2 |
| SHA256 | fa91db76be6ce716ddd2b36c73eb1f830e3c37f0e922f9ce47b8e20134325566 |
| SHA512 | c9046272f90545e537b67d92ead1d6fb7e24d2cfd435a46dfc38f5201a463c5d59ce844902656cd6e8ff44541a98ebf49eb13abfd1eafa76d88a6f68f6690e10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b7edc54f5df0093630afcfda2f4d5740 |
| SHA1 | f0ebf05c0d379bc254f68f2fef2524db929df739 |
| SHA256 | 9b79a302ab33e6ae9ef6ea72ecc930fcacaa1d08a0fcfbb6f2501062b7c0a8b5 |
| SHA512 | e8e6d7a78614d5aaa1f915f6a4cc18e16f76f8bd248fd7a190b2f7c9ec5cea32371cc9219be62cfa92395a5a6a3de48dc40be244e17a27e519718945773ee72f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e1f87be27b099559d91e2a2c3f46e4a8 |
| SHA1 | bc5a5ee41c15707e542f877263829a8e565c367d |
| SHA256 | a0f91a6afefcc61bcb959160eef5a19391e841d1f8c75b8f9600eb1683ce2b2c |
| SHA512 | 32c6c40a6a032a38104388d7c4213e9af33401b8af937612d57ba43578e8d3233189c7c8207851a0ab117a5043975adee78e57724cc5c6943ccd8d985474835b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b9ec76c1f6ab31379fe1fdeb5dc0914f |
| SHA1 | e033c8465188683cdf927fad10fd05ae187b9656 |
| SHA256 | e3e9057f15bf8129a7e0e45b58b247d74398bb0d4e757bb306d222932c97b875 |
| SHA512 | e7da39ab7ece805df24ee5062e47eecf88415a2f0fc9b9fed23f28935bdc6d0e599b734d8bf9d3e8cac02aeae340fa521b5434a657ae2f3d91bc95d6753cc181 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c5883318ac35f2928162faea38a4dcf3 |
| SHA1 | 961f5cfe07f6c5c4372728d1549cd25bd54a0e66 |
| SHA256 | 52ba723fc38e48a8f533e77267715ca99c0a5afdf7439ece2a57b1b3c25110b5 |
| SHA512 | 5554c31586c2706fd3c8eadd04939f0b5de240c7b1b0bcd109c82764a931bd1a462dc3dc0d1810f5b5f4c91eb3cfed456b3a058e5816306edb245ab29639a458 |