Malware Analysis Report

2024-09-11 05:55

Sample ID 240531-w1yapahd93
Target .
SHA256 ec32183425f582f636d59a00571e501ad3161340409a73731dc32b956a890a94
Tags
discovery execution exploit persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ec32183425f582f636d59a00571e501ad3161340409a73731dc32b956a890a94

Threat Level: Likely malicious

The file . was found to be: Likely malicious.

Malicious Activity Summary

discovery execution exploit persistence spyware stealer

Creates new service(s)

Drops file in Drivers directory

Manipulates Digital Signatures

Possible privilege escalation attempt

Loads dropped DLL

Executes dropped EXE

Modifies file permissions

Registers COM server for autorun

Reads user/profile data of web browsers

Checks installed software on the system

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Launches sc.exe

Drops file in Windows directory

Enumerates physical storage devices

Kills process with taskkill

Modifies registry class

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: LoadsDriver

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Runs net.exe

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
System Services
T1569
Service Execution
T1569.002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Subvert Trust Controls
T1553
SIP and Trust Provider Hijacking
T1553.003
Install Root Certificate
T1553.004
File and Directory Permissions Modification
T1222
Modify Registry
T1112
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-31 18:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 18:23

Reported

2024-05-31 18:56

Platform

win11-20240508-en

Max time kernel

300s

Max time network

310s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html

Signatures

Creates new service(s)

persistence execution

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\rsCamFilter020502.sys C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Windows\system32\drivers\rsKernelEngine.sys C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File opened for modification C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.4\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2005\FuncName = "WVTAsn1SpcLinkEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\FuncName = "DecodeRecipientID" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2012\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2223\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ktuhcsjz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ktuhcsjz.exe N/A
N/A N/A C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\DownloadScan.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\rundll32.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\msac.ico C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\wabadgenotificationcounter.luc C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-debug-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\concrt140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\rsPerformance.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.ComponentModel.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Threading.Overlapped.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.TypeConverter.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\logic\type_tag_utils.luc C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-zh-TW.js C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ko-KR.js C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-locale-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nb-NO.js C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ta.pak C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XDocument.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\freesysdrivespace.luc C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\updatepending.luc C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.ThreadPool.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-en-US.js C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\sendimmediately.luc C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5PrintSupport.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-CA.js C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-nb-NO.js C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingbrowsernavigationcount.luc C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Debug.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XmlDocument.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\core\dkjson.luc C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ar.pak C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ldplayer9box\x86\msvcr120.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp2330254884\jslang\wa-res-install-zh-CN.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Console.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-profile-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-nl-NL.js C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\es-419.pak C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Collections.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ldplayer9box\x86\msvcp100.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Business.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Formatters.dll C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5WinExtras.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-handle-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-1.png C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-sstoast-bing.js C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ko-KR.js C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\lt.pak C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pt-BR.js C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\downloadscan.luc C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\browsernavigate.luc C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\domainmembership.luc C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\metriccounter.luc C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\Temp2330254884\jslang\eula-fr-FR.txt C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wb-rocket-icon.png C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\sendonping.luc C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\Temp2330254884\wa_install_check.png C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\Temp2330254884\jslang\wa-res-install-en-US.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\Temp2330254884\jslang\wa-res-shared-fi-FI.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ur.pak C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Program Files\ldplayer9box\x86\ossltest.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-es-MX.js C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sk-SK.js C:\Program Files\McAfee\Temp2330254884\installer.exe N/A
File created C:\Program Files\McAfee\Temp2330254884\jslang\eula-sr-Latn-CS.txt C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo.png C:\Program Files\McAfee\Temp2330254884\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\McAfee\WebAdvisor\updater.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\ = "IDnDBase" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3EE4-11E9-B872-CB9447AAD965}\ = "IVirtualSystemDescriptionForm" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\NumMethods\ = "14" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}\NumMethods\ = "19" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\CLSID\ = "{20191216-c9d2-4f11-a384-53f0cf917214}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\HELPDIR C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC7B-431B-98B2-951FDA8EAB89}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-057D-4391-B928-F14B06B710C5} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23}\NumMethods\ = "37" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3618-4EBC-B038-833BA829B4B2} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E72-4F34-B8F6-682785620C57}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5409-414B-BD16-77DF7BA3451E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2}\NumMethods\ = "14" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BF98-47FB-AB2F-B5177533F493}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-659c-488b-835c-4eca7ae71c6c} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C60-11EA-A0EA-07EB0D1C4EAD}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8F30-401B-A8CD-FE31DBE839C0}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\ = "IGuestSessionRegisteredEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-48DF-438D-85EB-98FFD70D18C9}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057D-4391-B928-F14B06B710C5}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox\CurVer\ = "VirtualBox.VirtualBox.1" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5409-414B-BD16-77DF7BA3451E} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8690-11E9-B83D-5719E53CF1DE}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3EE4-11E9-B872-CB9447AAD965}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486F-40DB-9150-DEEE3FD24189}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BA7-45A8-B26D-C91AE3754E37}\ = "IAudioAdapter" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9070-4F9C-B0D5-53054496DBE0}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-04D0-4DB6-8D66-DC2F033120E1}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C60-11EA-A0EA-07EB0D1C4EAD}\NumMethods\ = "49" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC7B-431B-98B2-951FDA8EAB89}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44A0-A470-BA20-27890B96DBA9} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\NumMethods\ = "24" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B855-40B8-AB0C-44D3515B4528}\NumMethods\ = "15" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-762E-4120-871C-A2014234A607}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\NumMethods\ = "18" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7006-40D4-B339-472EE3801844}\ = "IGuestKeyboardEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5FDC-4ABA-AFF5-6A39BBD7C38B}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80F6-4266-8E20-16371F68FA25} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ = "IMediumRegisteredEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld (1).exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\fltmc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4704 wrote to memory of 124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 4008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 4008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ff92c22ab58,0x7ff92c22ab68,0x7ff92c22ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4332 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4668 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4024 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4448 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2216 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2988 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3212 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5284 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5584 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5508 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5260 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5724 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6012 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6032 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6036 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6160 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6360 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6472 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6752 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6616 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7224 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7228 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7504 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6772 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7960 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8124 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7928 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8356 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8352 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8552 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8644 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8408 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8444 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6412 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6036 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9048 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8460 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7364 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=7864 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7840 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=4540 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8152 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4820 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9400 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9260 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9560 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10044 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9876 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=9924 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9940 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=9468 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=9824 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10192 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10016 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10184 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=10460 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10352 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=6592 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6940 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=7076 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=7240 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=7284 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=7260 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=4448 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=5500 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=8356 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=8612 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=9528 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=8508 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=8124 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=8856 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=10028 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=7492 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=8580 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=8648 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=10100 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=7216 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=8400 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=9228 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=7280 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=7600 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=10832 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=10184 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=5948 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=6132 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=7840 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=3160 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=6492 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=6192 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=6216 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=7044 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=6936 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=9988 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=4968 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=6180 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=3248 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8536 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9504 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9384 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5420 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6408 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6984 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10048 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=1472 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=7676 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7232 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5348 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayer.exe /T

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=61e5f7e5b9889a47c8bfdd9f3bb21e04e4d71212&dit=20240531185244133&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayerex.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM bugreport.exe /T

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="C:\LDPlayer\LDPlayer9\"

C:\Users\Admin\AppData\Local\Temp\ktuhcsjz.exe

"C:\Users\Admin\AppData\Local\Temp\ktuhcsjz.exe" /silent

C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe

"C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\ktuhcsjz.exe" /silent

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp2330254884\installer.exe

"C:\Program Files\McAfee\Temp2330254884\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=8340 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --mojo-platform-channel-handle=6296 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=6932 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=5972 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=6116 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=524500

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --mojo-platform-channel-handle=6080 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9552 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9836 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8960 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8940 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:8

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\FECBD794-6AB9-4202-9FCA-B64D91754201\dismhost.exe {1FD4F64C-91B2-4D93-8F5A-BD70CC15D70E}

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml

C:\Windows\SYSTEM32\fltmc.exe

"fltmc.exe" load rsKernelEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\LDPlayer\LDPlayer9\driverconfig.exe

"C:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --mojo-platform-channel-handle=9888 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --mojo-platform-channel-handle=6520 --field-trial-handle=1796,i,5522805930113424329,14562276527819084242,131072 /prefetch:1

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=Fortnite|package=Fortnite

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004C0

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

Network

Country Destination Domain Proto
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.195:443 id.google.com tcp
GB 142.250.187.195:443 id.google.com tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 softonic.com udp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
NL 18.239.50.77:443 sdk.privacy-center.org tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 204.79.197.237:443 bat.bing.com tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net udp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
NL 18.239.70.203:443 c.amazon-adsystem.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 151.101.1.91:443 sc.sftcdn.net udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 204.79.197.237:443 bat.bing.com tcp
NL 18.239.50.77:443 sdk.privacy-center.org udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
NL 18.239.48.211:443 www.datadoghq-browser-agent.com tcp
US 172.67.41.60:443 btloader.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 172.67.41.60:443 btloader.com tcp
NL 18.239.70.203:443 c.amazon-adsystem.com tcp
NL 18.238.243.114:443 config.aps.amazon-adsystem.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
GB 142.250.200.27:443 storage.googleapis.com tcp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
NL 139.45.197.253:443 notix.io tcp
US 130.211.23.194:443 api.btloader.com udp
BR 142.251.132.35:443 csi.gstatic.com tcp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 18.239.14.239:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 34.120.63.153:443 prebid.media.net tcp
IE 34.254.218.2:443 ap.lijit.com tcp
IE 52.208.202.34:443 ad.360yield.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 104.26.3.63:443 wct.softonic.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 172.217.169.65:443 48a6f49e1cf59f27f0f42fd81286446c.safeframe.googlesyndication.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 216.58.212.206:443 ampcid.google.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 142.250.187.206:443 analytics.google.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 104.26.3.63:443 wct.softonic.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
IE 54.217.112.90:443 rtb.gumgum.com tcp
NL 178.250.1.9:443 dis.eu.criteo.com tcp
NL 178.250.1.9:443 dis.eu.criteo.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
NL 18.239.83.51:443 api.privacy-center.org tcp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
NL 18.239.83.51:443 api.privacy-center.org udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 155.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 90.112.217.54.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
IE 52.94.223.37:443 aax-eu.amazon-adsystem.com tcp
IE 63.32.136.184:443 ce.lijit.com tcp
NL 89.207.16.204:443 inmobi-match.dotomi.com tcp
NL 35.214.191.66:443 csync.loopme.me tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
BR 142.251.132.35:443 csi.gstatic.com udp
DE 51.38.120.206:443 onetag-sys.com tcp
US 34.98.64.218:443 us-u.openx.net tcp
FR 5.135.209.101:443 ssbsync.smartadserver.com tcp
US 34.98.64.218:443 us-u.openx.net udp
US 76.223.111.18:443 eb2.3lift.com tcp
IE 52.94.223.37:443 aax-eu.amazon-adsystem.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
IE 52.94.223.37:443 aax-eu.amazon-adsystem.com tcp
GB 172.217.169.34:443 cm.g.doubleclick.net tcp
GB 172.217.169.34:443 cm.g.doubleclick.net tcp
GB 172.217.169.34:443 cm.g.doubleclick.net tcp
IE 52.94.223.37:443 aax-eu.amazon-adsystem.com tcp
DK 37.157.5.133:443 c1.adform.net tcp
US 23.20.26.217:443 aorta.clickagy.com tcp
US 54.167.184.132:443 sync.srv.stackadapt.com tcp
IE 63.34.207.242:443 pr-bh.ybp.yahoo.com tcp
US 54.147.46.253:443 sync.ipredictive.com tcp
DK 37.157.5.133:443 c1.adform.net tcp
US 8.18.47.7:443 match.deepintent.com tcp
US 64.74.236.31:443 b1sync.zemanta.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
GB 172.217.169.34:443 cm.g.doubleclick.net udp
US 151.101.1.108:443 acdn.adnxs.com tcp
DE 157.90.211.246:443 sync.richaudience.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
US 8.8.8.8:53 242.207.34.63.in-addr.arpa udp
US 8.8.8.8:53 132.184.167.54.in-addr.arpa udp
US 8.8.8.8:53 217.26.20.23.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 253.46.147.54.in-addr.arpa udp
US 8.8.8.8:53 7.47.18.8.in-addr.arpa udp
BE 2.21.16.25:443 contextual.media.net tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
GB 2.21.188.239:443 ads.pubmatic.com tcp
GB 2.21.188.239:443 ads.pubmatic.com tcp
DE 157.90.211.246:443 sync.richaudience.com tcp
GB 2.21.188.239:443 ads.pubmatic.com tcp
GB 2.21.188.239:443 ads.pubmatic.com tcp
JP 211.120.53.203:443 tg.socdm.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
JP 211.120.53.203:443 tg.socdm.com tcp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
BE 2.21.18.175:443 eus.rubiconproject.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.250.160.0:443 pm.w55c.net tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
IE 34.254.84.230:443 match.prod.bidr.io tcp
NL 193.0.160.130:443 p.rfihub.com tcp
IE 34.254.84.230:443 match.prod.bidr.io tcp
GB 2.21.188.27:443 hbx.media.net tcp
DE 51.38.120.206:443 onetag-sys.com udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
BE 2.21.18.175:443 eus.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 64.158.223.140:443 medianet-match.dotomi.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 18.239.50.8:443 api-2-0.spot.im tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
IE 52.50.65.213:443 jadserve.postrelease.com tcp
US 52.202.159.116:443 cs-server-s2s.yellowblue.io tcp
US 35.244.174.68:443 id.rlcdn.com tcp
GB 104.91.71.139:443 player.aniview.com tcp
BE 2.21.16.25:443 contextual.media.net udp
US 67.202.105.21:443 ssc-cms.33across.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 8.8.8.8:53 171.78.68.104.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 166.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 175.18.21.2.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 8.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 213.65.50.52.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 116.159.202.52.in-addr.arpa udp
US 8.8.8.8:53 139.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 21.105.202.67.in-addr.arpa udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 35.214.191.66:443 csync.loopme.me tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
IE 54.77.98.227:443 bcp.crwdcntrl.net tcp
US 104.22.51.98:443 spl.zeotap.com tcp
NL 35.204.74.118:443 um.simpli.fi tcp
DE 35.157.119.107:443 match.sharethrough.com tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 216.200.232.253:443 sync.mathtag.com tcp
DE 18.197.7.178:443 rtb.mfadsrvr.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 116.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 178.7.197.18.in-addr.arpa udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 pixel.tapad.com udp
US 34.111.113.62:443 pixel.tapad.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
NL 81.17.55.106:443 sync.smartadserver.com tcp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
IE 52.209.140.47:443 ads.yieldmo.com tcp
DE 3.126.129.69:443 match.justpremium.com tcp
DE 52.57.22.80:443 sonata-notifications.taptapnetworks.com tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
FR 146.59.148.16:443 pixel-eu.onaudience.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
NL 63.215.202.169:443 pubmatic-match.dotomi.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
BE 35.210.53.219:443 pool.admedo.com tcp
BE 35.210.53.219:443 pool.admedo.com udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
NL 35.214.191.66:443 csync.loopme.me tcp
SE 213.155.156.181:443 d5p.de17a.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
NL 188.166.17.21:443 match.adsby.bidtheatre.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
FR 141.95.171.142:443 green.erne.co tcp
SI 195.5.165.20:443 core.iprom.net tcp
IE 54.217.19.5:443 cm.adgrx.com tcp
FR 141.94.171.212:443 pixel-eu.onaudience.com tcp
US 104.18.24.173:443 s.tribalfusion.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
GB 142.250.187.206:443 analytics.google.com udp
US 199.232.213.91:443 softonic.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net udp
GB 163.70.151.35:443 www.facebook.com tcp
NL 139.45.197.253:443 notix.io tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 34.254.84.230:443 match.prod.bidr.io tcp
US 54.167.184.132:443 sync.srv.stackadapt.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 67.202.105.21:443 ssc-cms.33across.com tcp
FR 5.135.209.101:443 ssbsync-global.smartadserver.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 81.17.55.106:443 sync.smartadserver.com tcp
US 104.18.24.173:443 s.tribalfusion.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 18.239.94.61:443 s.ad.smaato.net tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
GB 163.70.151.35:443 www.facebook.com udp
US 163.181.154.234:443 www.ldplayer.net tcp
US 163.181.154.234:443 www.ldplayer.net tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 163.181.154.235:443 www.ldplayer.net tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 163.181.154.235:443 www.ldplayer.net tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
NL 18.239.50.126:443 js.adscale.de tcp
DE 3.68.152.157:443 ih.adscale.de tcp
US 104.18.41.104:443 cds.connatix.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
US 172.67.70.36:443 cmp.setupcmp.com tcp
US 172.67.70.36:443 cmp.setupcmp.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
NL 18.239.69.105:443 cdn.ldplayer.net tcp
US 172.64.146.152:443 cds.connatix.com udp
US 151.101.3.52:443 img.utdstc.com udp
NL 18.239.69.105:443 cdn.ldplayer.net udp
US 104.18.30.49:443 stpd.cloud tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
GB 142.250.178.22:443 play-lh.googleusercontent.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
SG 8.222.176.52:443 api.ldshop.gg tcp
SG 47.245.114.192:443 invite.ldplayer.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
SG 47.245.114.192:443 invite.ldplayer.net tcp
SG 8.222.176.52:443 api.ldshop.gg tcp
NL 18.239.18.74:443 apien.ldplayer.net tcp
US 13.107.246.64:443 www.clarity.ms tcp
NL 18.239.18.74:443 apien.ldplayer.net udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
NL 18.65.39.121:443 tagan.adlightning.com tcp
NL 142.250.27.84:443 accounts.google.com udp
CN 14.215.182.140:443 hm.baidu.com tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
NL 18.239.18.12:443 tags.crwdcntrl.net tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
NL 89.207.16.146:443 proc.ad.cpe.dotomi.com tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 172.67.75.241:443 script.4dex.io tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 104.18.34.178:443 mp.4dex.io tcp
NL 89.149.192.193:443 prg.smartadserver.com tcp
DK 37.157.2.230:443 adx.adform.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 172.67.75.241:443 script.4dex.io tcp
DK 37.157.5.133:443 cm.adform.net tcp
US 104.18.22.145:443 cadmus.script.ac tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
US 34.149.40.38:443 u.4dex.io tcp
NL 23.62.61.112:443 articles-img.sftcdn.net tcp
NL 46.228.164.13:443 d.turn.com tcp
US 34.149.40.38:443 u.4dex.io tcp
US 54.167.184.132:443 sync.srv.stackadapt.com tcp
US 35.186.253.211:443 rtb.openx.net udp
US 8.8.8.8:53 112.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 38.40.149.34.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
IE 52.49.81.5:443 io.narrative.io tcp
US 34.149.40.38:443 u.4dex.io udp
NL 35.214.174.141:443 a.sportradarserving.com tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
FR 51.255.68.171:443 dsp.nrich.ai tcp
DE 159.89.25.223:443 node.setupad.com tcp
NL 35.214.174.141:443 a.sportradarserving.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 34.149.50.64:443 s.seedtag.com tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 50.31.142.159:443 sync.outbrain.com tcp
DE 18.198.220.176:443 exchange.mediavine.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 104.21.48.215:443 adxbid.info tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
BE 104.117.77.160:443 csync.smartadserver.com tcp
IE 34.254.84.230:443 match.prod.bidr.io tcp
BE 104.117.77.160:443 csync.smartadserver.com tcp
US 104.19.158.19:443 assets.a-mo.net tcp
US 34.96.105.8:443 tr.blismedia.com tcp
NL 89.207.16.137:443 openx2-match.dotomi.com tcp
BE 104.117.77.160:443 csync.smartadserver.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 54.88.142.103:443 pxl.iqm.com tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 64.74.236.31:443 b1sync.zemanta.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
NL 79.127.227.46:443 id.a-mx.com tcp
GB 89.187.167.3:443 vid.vidoomy.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
IE 52.18.177.157:443 a.audrte.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 188.42.196.115:443 ads.betweendigital.com tcp
US 104.18.38.233:80 crt.sectigo.com tcp
FR 54.36.150.183:443 cookie-matching.mediarithmics.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 s.company-target.com udp
US 8.8.8.8:53 157.177.18.52.in-addr.arpa udp
US 8.8.8.8:53 115.196.42.188.in-addr.arpa udp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
US 34.96.71.22:443 s.company-target.com tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
US 54.147.46.253:443 sync.ipredictive.com tcp
DE 57.129.18.121:443 wt.rqtrk.eu tcp
NL 188.42.63.48:443 dsp-ap.eskimi.com tcp
US 44.193.117.232:443 rtb.adentifi.com tcp
IE 52.17.107.72:443 dpm.demdex.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 154.59.122.79:443 ums.acuityplatform.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
DE 18.184.216.10:443 ps.eyeota.net tcp
GB 89.187.167.3:443 vid.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
US 163.181.154.231:443 ldcdn.ldmnq.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
NL 18.239.82.205:443 d3n1ms4uhtqgov.cloudfront.net tcp
NL 18.239.15.83:443 d1arl2thrafelv.cloudfront.net tcp
NL 18.239.15.83:443 d1arl2thrafelv.cloudfront.net tcp
US 52.224.31.34:443 h.clarity.ms tcp
NL 18.239.69.5:443 encdn.ldmnq.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 52.224.31.34:443 h.clarity.ms tcp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
NL 18.239.36.94:443 shield.reasonsecurity.com tcp
NL 18.239.15.49:443 d1arl2thrafelv.cloudfront.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
NL 18.239.36.94:443 shield.reasonsecurity.com tcp
US 44.241.28.218:443 analytics.apis.mcafee.com tcp
GB 104.91.71.143:443 sadownload.mcafee.com tcp
US 3.214.3.211:443 track.analytics-data.io tcp
US 3.214.3.211:443 track.analytics-data.io tcp
NL 18.238.243.25:443 update.reasonsecurity.com tcp
US 3.214.3.211:443 track.analytics-data.io tcp
US 3.214.3.211:443 track.analytics-data.io tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
NL 18.239.94.2:443 electron-shell.reasonsecurity.com tcp
US 3.214.3.211:443 track.analytics-data.io tcp
US 8.8.8.8:53 49.4.219.8.in-addr.arpa udp
US 3.214.3.211:443 track.analytics-data.io tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 89.149.192.193:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
NL 185.89.210.244:443 secure.adnxs.com tcp
NL 185.89.210.244:443 secure.adnxs.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 89.149.193.85:443 ssbsync.smartadserver.com tcp
NL 89.149.193.85:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 e2c55.gcp.gvt2.com udp
US 52.224.31.34:443 h.clarity.ms tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 34.149.40.38:443 u.4dex.io udp
US 8.8.8.8:53 a.audrte.com udp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
FR 5.196.111.73:443 rtb-csync.smartadserver.com tcp
IE 52.214.131.115:443 a.audrte.com tcp
FR 5.196.111.73:443 rtb-csync.smartadserver.com tcp
IE 52.214.131.115:443 a.audrte.com tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
NL 18.239.69.105:443 cdn.ldplayer.net udp
US 8.8.8.8:53 match.sharethrough.com udp
DE 51.38.120.206:443 onetag-sys.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 trace-eu.mediago.io udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 64.74.236.31:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 amazon-tam-match.dotomi.com udp
US 8.8.8.8:53 8proof.com udp
GB 142.250.200.27:443 storage.googleapis.com udp
US 8.8.8.8:53 ads.us.e-planning.net udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 89.207.16.140:443 amazon-tam-match.dotomi.com tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 52.116.53.150:443 8proof.com tcp
IE 34.251.183.115:443 match.prod.bidr.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
DE 18.192.200.108:443 match.sharethrough.com tcp
DE 18.192.200.108:443 match.sharethrough.com tcp
GB 104.91.71.143:443 sadownload.mcafee.com tcp
DE 35.156.79.54:443 1x1.a-mo.net tcp
CL 34.176.211.24:443 e2c55.gcp.gvt2.com tcp
DE 35.156.79.54:443 1x1.a-mo.net tcp
CL 34.176.211.24:443 e2c55.gcp.gvt2.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
BE 104.68.84.174:443 home.mcafee.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 cookies.nextmillmedia.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
GB 172.217.169.34:443 cm.g.doubleclick.net udp
NL 89.207.16.201:443 stx-match.dotomi.com tcp
US 172.64.151.101:443 r.casalemedia.com udp
US 54.87.96.158:443 cookies.nextmillmedia.com tcp
US 8.8.8.8:53 u-ams03.e-planning.net udp
US 8.8.8.8:53 d.adroll.com udp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
NL 46.228.164.11:443 ad.turn.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 52.201.179.227:443 i.liadm.com tcp
NL 193.3.178.4:443 u-ams03.e-planning.net tcp
NL 193.3.178.4:443 u-ams03.e-planning.net tcp
IE 52.48.123.34:443 d.adroll.com tcp
NL 193.3.178.1:443 s.e-planning.net tcp
NL 193.3.178.1:443 s.e-planning.net tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 beacon.krxd.net udp
US 8.8.8.8:53 aa.agkn.com udp
US 8.8.8.8:53 usermatch.krxd.net udp
US 8.8.8.8:53 cms.quantserve.com udp
BE 104.68.84.174:443 home.mcafee.com tcp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 ads.avads.net udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 34.128.133.112:443 ads.avads.net tcp
GB 172.217.169.3:443 beacons.gvt2.com tcp
IE 52.51.70.229:443 obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com tcp
NL 81.17.55.106:443 sync.smartadserver.com tcp
IE 63.32.160.254:443 dpm.demdex.net tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
IE 54.220.158.112:443 bcp.crwdcntrl.net tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
US 3.144.50.145:443 dmp.v.fwmrm.net tcp
US 8.8.8.8:53 150.53.116.52.in-addr.arpa udp
US 8.8.8.8:53 80.168.214.35.in-addr.arpa udp
US 8.8.8.8:53 108.200.192.18.in-addr.arpa udp
US 8.8.8.8:53 54.79.156.35.in-addr.arpa udp
US 8.8.8.8:53 24.211.176.34.in-addr.arpa udp
US 3.144.50.145:443 dmp.v.fwmrm.net tcp
IE 63.32.160.254:443 dpm.demdex.net tcp
NL 81.17.55.106:443 sync.smartadserver.com tcp
IE 54.220.158.112:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 201.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 158.96.87.54.in-addr.arpa udp
US 8.8.8.8:53 34.123.48.52.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
DE 91.228.74.166:443 cms.quantserve.com tcp
NL 193.3.178.4:443 u-ams03.e-planning.net tcp
US 151.101.1.44:443 trc.taboola.com tcp
DE 3.120.47.227:443 aa.agkn.com tcp
US 3.214.3.211:443 track.analytics-data.io tcp
US 3.214.3.211:443 track.analytics-data.io tcp
US 44.241.28.218:443 analytics.apis.mcafee.com tcp
DE 3.69.181.171:443 1f2e7.v.fwmrm.net tcp
GB 142.250.187.206:443 analytics.google.com udp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
US 3.214.3.211:443 track.analytics-data.io tcp
US 3.214.3.211:443 track.analytics-data.io tcp
NL 18.239.94.106:443 cdn.reasonsecurity.com tcp
US 34.128.133.112:443 ads.avads.net udp
US 52.224.31.34:443 h.clarity.ms tcp
US 44.241.28.218:443 analytics.apis.mcafee.com tcp
US 3.214.3.211:443 track.analytics-data.io tcp
US 3.214.3.211:443 track.analytics-data.io tcp
NL 18.239.18.12:443 tags.crwdcntrl.net tcp
US 3.214.3.211:443 track.analytics-data.io tcp
US 3.214.3.211:443 track.analytics-data.io tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
GB 104.91.71.133:443 sadownload.mcafee.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
CA 34.130.135.16:443 e2c21.gcp.gvt2.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 89.149.192.193:443 prg.smartadserver.com tcp
GB 172.217.169.3:443 beacons.gvt2.com udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
NL 185.89.210.20:443 secure.adnxs.com tcp
GB 142.250.200.27:443 storage.googleapis.com udp
DE 159.89.25.223:443 node.setupad.com tcp
GB 172.217.169.34:443 cm.g.doubleclick.net udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 54.167.184.132:443 sync.srv.stackadapt.com tcp
US 54.167.184.132:443 sync.srv.stackadapt.com tcp
US 54.167.184.132:443 sync.srv.stackadapt.com tcp
IE 34.252.244.225:443 pr-bh.ybp.yahoo.com tcp
IE 34.249.225.179:443 ap.lijit.com tcp
IE 54.75.221.163:443 ce.lijit.com tcp
NL 89.149.193.85:443 ssbsync.smartadserver.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 18.239.83.25:443 sync.serverbid.com tcp
US 69.173.146.5:443 pixel-us-east.rubiconproject.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 25.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 5.146.173.69.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 52.224.31.34:443 h.clarity.ms tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
NL 18.238.243.86:443 ad.ldplayer.net tcp
US 163.181.154.234:443 en.ldplayer.net tcp
NL 18.239.69.69:443 cdn.ldplayer.net tcp
NL 18.239.69.69:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 69.69.239.18.in-addr.arpa udp
NL 18.239.69.69:443 cdn.ldplayer.net tcp
NL 18.239.69.69:443 cdn.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
NL 18.239.69.69:443 cdn.ldplayer.net tcp
US 163.181.154.248:443 advertise.ldplayer.net tcp
NL 18.239.69.69:443 cdn.ldplayer.net tcp
NL 18.239.69.69:443 cdn.ldplayer.net tcp
NL 18.239.69.69:443 cdn.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
NL 18.239.69.119:443 encdn.ldmnq.com tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 8.8.8.8:53 119.69.239.18.in-addr.arpa udp
US 8.8.8.8:53 241.154.181.163.in-addr.arpa udp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.248:443 advertise.ldplayer.net tcp
NL 18.238.243.86:443 ad.ldplayer.net tcp
NL 18.239.69.69:443 cdn.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
NL 18.239.69.69:443 cdn.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
NL 18.239.69.69:443 cdn.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
NL 18.239.69.69:443 cdn.ldplayer.net tcp
NL 18.238.243.86:443 ad.ldplayer.net tcp
NL 18.239.83.70:443 alliance.ldplayer.net tcp
NL 18.239.36.47:80 apien.ldmnq.com tcp
US 8.8.8.8:53 70.83.239.18.in-addr.arpa udp
NL 18.239.36.47:443 apien.ldmnq.com tcp
NL 18.239.36.47:443 apien.ldmnq.com tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
FR 51.178.195.208:443 prg.smartadserver.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
BR 35.215.235.162:443 e2c46.gcp.gvt2.com tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
NL 188.166.17.21:443 match.adsby.bidtheatre.com tcp
GB 172.217.169.34:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 dmp.brand-display.com udp
NL 89.149.193.85:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 d.adroll.com udp
US 34.149.40.38:443 u.4dex.io udp
IE 54.217.19.5:443 cm.adgrx.com tcp
US 34.160.19.107:443 dmp.brand-display.com tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
IE 54.195.113.195:443 d.adroll.com tcp
IE 54.195.113.195:443 d.adroll.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 34.98.64.218:443 setupad-d.openx.net udp
FR 45.137.176.88:443 sync.adotmob.com tcp
IE 34.250.160.0:443 pm.w55c.net tcp
DE 159.89.25.223:443 node.setupad.com tcp
BE 104.90.25.54:443 sync.teads.tv tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 52.224.31.34:443 h.clarity.ms tcp
US 108.177.104.94:443 beacons2.gvt2.com tcp
US 108.177.104.94:443 beacons2.gvt2.com tcp
US 108.177.104.94:443 beacons2.gvt2.com udp
NL 18.239.36.47:80 apien.ldmnq.com tcp
NL 18.239.36.47:443 apien.ldmnq.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 52.224.31.34:443 h.clarity.ms tcp

Files

\??\pipe\crashpad_4704_HXPCOODSJCHBEOYA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8c5503e7c217f6faf6a3f800a6072b64
SHA1 4541e6d0ad0f9e08c06ea33ffd8201a985641da5
SHA256 0a65243da413bf1da06b682dc3f856cb76eb1829f9778539587809e08ff66074
SHA512 61ab0ebb6dcd028b0a7e3c9ba20d870120f9979c0b8afc3feddd6549ec702e115e926a8e6c54344a1f74bbec26fc299aac27e3d593bbb1fd95f5a7c06de99b12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b1c7f1a36c156192e5fe7d1440adf128
SHA1 d28d2a79a5adb20b57a8673252d396dd75c19a3b
SHA256 0e7c14a38ea466302f9b5cff74f31cfafae2541b4c1feeb37733e4573e416455
SHA512 bdbf85397385928e9b819111a79cb30d69ccfbfd69f2dca9cdae2d83e900ec09d5be002280f1ca29a2a34f56d93e49039c8d6b043aa43cbf491ee485fb725cb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ac69ac4add5bcb30e0dc5653e4086dfc
SHA1 8dfa7c22ba98e0fb517e74c9f09d9fd9c10d1e69
SHA256 78161312afc76f2953183845c97817efcffa0ee8850500936b8beb8791054332
SHA512 135160a718829ddd455a185f11573eada411ee99e774f45a05c259a82a07e34def9e677302a08c30b1881e62298253f78c447f8017d6ee16dbb0cd599c01cfe8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ac3b6ae6ffd951eeb43f208af55b0e4a
SHA1 9a0833971c1508746757f5d53ff7c96416882da5
SHA256 49cdf3fdbdf8371e2b0465ad00045781936ade1f0b02810d5a4ab7d8f342d2d8
SHA512 aa6ddabd0677721ae322df7d27ce5a8ef5787d0dd05fce4f85651cfe54d4d79f7ba68d7b3be95dc506b30132723470baaf06fc4aa19398711d7c068adf8c99b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 87b291e6f09394c5002356244a28cad6
SHA1 3572bfedf054e974133c0616dbb0b8dc717854c4
SHA256 56f442aae1a87843a634e2974e86fcd646acb648cd10c5766a5fe202d988b953
SHA512 a82a9b09db3f3a14a944387ad23e5a54ec3735dcddcccdea7a74925f475b1e41b87c5251e13eb37388ae58d8822f5ee4cdbb7b0b2f5b71a5ca6a3babae4a24ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

MD5 6593fb08e941adbe4a342ba22ef78356
SHA1 27348fbbd385f328960da9b5863cf8c28ee66069
SHA256 afd127c2f758872d2afd7a41f3ea0489f3cc11cd73ff4b9f200a75d89ded039f
SHA512 c066004a823bf0408037b7fa4e2efc5d230bcdfd189f7cdbb67f9fa437feac7b6d4eb731b61a882559afb867505ea620dfbc757774b661dbd5784044340e5c91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

MD5 670c3d10f4aabf3dcd41ab9458436a68
SHA1 a168ae02ac9ee77ce44e138db088d4c878b29dc5
SHA256 b1988b54c0b5ee2decf5fdc5ae628c69df7d60c185de5b742a980384dbd344fd
SHA512 f6d27f99fd5811cea6234432b3d8f64477e1bd39ddb09c83076d7f5bab467b51da7eefa4512c842b49cd91ce8ed5474b8f0a167fdc076b614639219b12e90e80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c0476a3ea57cd0e18c0ba606bbdb4c81
SHA1 6bc276e48630eca5b84741b275437113d13bc83c
SHA256 5daf4a5823db1ba7b5efe30863bb6e636a906f32222b1d8c9c5a99174e111d97
SHA512 f85ef9a93f4220ebd5dc27e2bc1b7c32c7f423caea1745a477f54c02102e289220509e0234b887ba0d848d5503174fcff043f4a29fa4b05dbd20c48ec4a11116

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fb1a0124164146b8a00e283702871e64
SHA1 d859b5d889ce4faee6530a4410207d496a146591
SHA256 5bca9447e2f06b826ab149d1d6491ebe4a4043001f252004061192df4fbd50c7
SHA512 8942008a6b2509f50da05b4fe04b60cf1839e198aa76cef921922afadc11555759d661b4bf36ac04bcc687bedbf99f14a87e970d52c81e44f4a33abfc98161ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 261d520278de7fa6f63fdb87fa4c27d4
SHA1 647fa4c7597ee1e1532ba1b0e6542b44b380b3c4
SHA256 ea71b30a0ad727802e9bf6a84b044fe342efa9bf4dffc43ffdd76212090f9bc4
SHA512 75a193a1a76a92310bc53408a70c9bf784f57d79fc0eb3bcac5d0777582ccd3d0fc89aa45d17cf82748af879bb515089e7a8b8ececc206ae852818d35c3157b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581b92.TMP

MD5 5004dc3dbafb8356e51e6c0d1180bb82
SHA1 5f6c3ecba7e74c51c76bb0a1a3a89c5607d3812d
SHA256 9b73d54e301f50a2d8c437a4f02cdda4e3fe7edb76dcc496d523ba136d762bd7
SHA512 c9489c6918542fbf832554d0fccfa3958f14fa4eb5668c95cfb99f67c288cf0c713ff66b946213c320dead3d32ac68bdf2308a10edd4a55566f9a2e06728bac3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e7d0d6a52daffa42ff0d404cf4b5d24b
SHA1 e13583012087eb203074f005c73164cc187e4835
SHA256 b0e38f943f3d2e3c56aa929341bb91d0ef7da5aedb12848b4c6079be7895b55b
SHA512 07f3a7e83401364afc51b66811c15a262e212d2ec72adfb202c79323d1bff407766679cebdaf3325fe8593eb71e8e9439b6fe488e29d33c35e7bf28e4ae16352

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

MD5 c762f1cf0daf6a1675ae7c35e00e01f3
SHA1 81f894d230a2d92d3154b72b5de8b277ed668b8b
SHA256 4d140627c3c720506210ffd8a8b88f38accc5b706a77e552a729f747f04ebc38
SHA512 a21dff3516cc1763d55c498928270764b42658f0243220eea3db92d2f79dc3e837971a4b47ca7cc73e986e2dd9744c057cc73fe1ccceba83c799e847957497ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 663cc916cb86317095e2d19e25aa077f
SHA1 a1402b32e34ab735f4e4f93687ae6e6bfc881e55
SHA256 d39ab6dc4c37ffd3b7c4c53ae54a3609f89e11e4107427a18d7ddd360b1761eb
SHA512 6fcf04ee01acc80bfbe2740e2e4b8595585107d3961d1a8ec4d745b8053270b219a35356d95babc5b90155a384f16c9d0ed4295e4a90816f584c9fde6fca1d3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 14be04060e1e8ea73c7e2485f5639932
SHA1 8f90a606aca0ade30c69d03726f1e153cd4512c3
SHA256 bbca48314336e386d62913617371fe2795cfb07de75e352fefb5ebf1f0226233
SHA512 d873c147f6c57999c06a86de61f5986bd080904b4f9da03bcf5f775cf00d19ede4aeb5edf073848d20cd33601c225a64f5e5e600a7b75d6b289af41eeb7f4be9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 9b914e7d3f4e83947a00f5554bdf1de3
SHA1 9a671d8899d86bea933146204b2e5e84252d2518
SHA256 d860ed663a305646092b29259ca3e4b4c9741b5fa19b718e0dccc570bac3ba5b
SHA512 c3387b2aa65ea52400200029f25d9ce378d3ad7bde9053d177c11f87ae99684c27a154ff2801c805e891c43114e58fc1ceb6e697abdf96edd5a1c0e80e5eb651

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 2155f385101771026a23f3dc2808c97e
SHA1 550ba8b46e714011059de97b0f672f0349dcf8de
SHA256 4641db11da9224b6da70ab3719915060084de315ad9037ca51c566d7d161dcd1
SHA512 653fa69902507e82f884910143a60305e2b3c6e4d7ef411273c4ca2a67cb144ef9a367963bdefb1f45e21af4193393bfcc16ea599289b6f45c923884b3fe39f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 67e30bbc30fa4e58ef6c33781b4e835c
SHA1 18125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA256 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 fd2e5d7c86e0a2015db4e07852bd787c
SHA1 7030d49e28434e80f4bb0dd5064379ae4bf65c21
SHA256 22599ad8aec0686afa4d562ccf7b7e0c54792df2a1e56f3f04de76bc30239d47
SHA512 8d3f0a59fe82ff672e2c6ed66e856d36e8ff7da2055d7d6ea07f4aae84733984a08d3e43824b8580d8bd8d5280799231d6e9bbe55664ad88293447394b68ea1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 144854e84da83ffea974a51dc947756b
SHA1 50ad7fa26be4433392808f4e3f0f79ffc273cd78
SHA256 8c008eb45d08a7cdb74767dc72e2e47dd33264487749dfcac472f8d9e1311c12
SHA512 515d5343fd3da1fe397d6722bd6b1ef8fb5a971ba8f7ba351e5c022883f3f4a9b145c70e0e7c54e5b424047adaee997095667df62464781a9f684e74d752db11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 fe4789b7983b5d5e61a7338b8e91b74b
SHA1 72c8ffa2341202345cd309496f2ec59c33a167fb
SHA256 5530cd6edef842c432db61c7b40f60b845cb8b194021b52c4efc79e96ad2036f
SHA512 aa532a5ca68ae275d935d664dd2538c5b1616b884947f0628757b6d0e819a452bc7b732d42651f3c6b6b5a8e65fffb0aa9cb3b5dd6d08160dda6c8e3a46b7f2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 f4f9e3cf3f485977af7b3899d71abbfd
SHA1 d588dc6d5da4fa71326beef09f1599a63db86a58
SHA256 8599047d4191259e29d9aaa2db84a2c092c9542c68cff8c4bc42e1cd4730f538
SHA512 6dbcdacbe0d991fa75131f870c8baa9a19f96a04a2a7894e5aab3f192a3e5d48c51c46252d099efb065026be28d47c85ba6db25d63e441865bef2c42e01e231c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 e70e65ec4f5beddfdeb18c27947ef6c0
SHA1 a3cba8ef92c7a06d204417276372389eb97c77b9
SHA256 d5f2dfac315c92bbd505bd53028fd406e82308fb114ebb75d47cee9a00654b0b
SHA512 db6ea2a26ecbe55e8eaf9ad11bab315970a53d1402b7639cdab70ed51ec7a7d63c421ed558ffd59729f95248fb30b364ec1a7e71686a482f58523e255fe32112

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 cba58473a5e6a10ac516f6e8862ddca6
SHA1 23af28b2483c37a2ef954d71d614656a2a48a5dd
SHA256 4e834f9b8ffbffa149e213163680ff5cf84e9f67e202bdc353ca19edc5515ad8
SHA512 dc18591058ef24bb5a315a26f4c6349cf78b03fe8ff728c915e40d3f9ac92af2c527a6b268d5c013e4273b69771d3cf4c400eaa49d530fc7cc152785cf76c788

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 e7b8870a570232171df710b285d148e4
SHA1 249c93b60ae8baa3c6724161787baa90976b1e39
SHA256 4de38ca7d4314592f1efbacf7a957b402bc0930c4be1803521d8086da5572de7
SHA512 ae956b277c3cb1db0a97c32e9c05b328e5d58b62d76bf2dac4875474959d3d1cdcb6d1588dfb72fedae4cb30789ccc65af2b49cc2fcf651018c7443544880e13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 71474203d68661b534dc8bd155c5fde6
SHA1 1e01530281efdb2900f5305c136475adae00845d
SHA256 c2815e2e82ff72159021df734f65472a18741148bb4eb75e9a0220bdcf209b0c
SHA512 81aae5ef23a29ba45ef395bc97dab017e0c4c94f8f55e9db58da77aee718b40fb38874fa465138bdb3f300847255188754ba8a92508fe8dc3c712e52fc725422

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 24cecb1a91a15673edf41974eb222b4e
SHA1 ff73e613462631b984da1bbe9c132fb25fe863e3
SHA256 93eb21d39e631d78381324ce3311789289f8ccf49d55b7491df7487ca00ca1cc
SHA512 b7bda65fc34f0251af21a6d3144112f7adbb120c26eb98d8b0f74b05768dff6d9f3bc80cc7dd98a7cd2247e1fad7b48d103753bac4b93642f61d43ab9604335f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

MD5 b890d0f8639fc1843297700a30f14e92
SHA1 467e1b2c9c930d157574e0dca11c5e1138d71292
SHA256 e7f6ab91631d21af37be9d045b3a0072c90b73a43ec4d8ae9386e56822e6a586
SHA512 00fb263dd3efce0c34f523e414677ec5edf8f0bc991b9c371227787e83d100314c7222d63936885e7b014f623acc5e88663aec3a879c0b7f7ca273ce0bc56fd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 26088c06661d1fb4a002e2609404851b
SHA1 31293824e0579bc790426930cf73e9a0c71c0aa8
SHA256 8e9b4a4680b498db825ef610e4e7c68bf3dbfe95383031c7531f1e6dbad454a8
SHA512 3527d553940a6c91b5cef149df40bd5537e46d16442b5bce1e593e743014d3f25250ca8008d912b87b41745006e03e1c942be94a1590b36c1db72bd8ba23e12c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

MD5 b2ec40fec881deb01bcc54722b963716
SHA1 04111ee7f3adef31b8121efe70e63ea0a2d20cba
SHA256 3c39a5d8549b59dcc7d571f3248cd13c816732de4804f5831a1f53446816381c
SHA512 14926e18161aaa4cbd03427c6f58db1146c31bd844fc24b100da23edd30f5cdc9f00c558fbeb4c5b8c34b8822f8257cf70fa9fd7f76552aa769ba731ec35808c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c4336dc341af41842d5b7307610cf6e9
SHA1 f3373add621a7d9ccd721eb201bafb65eb4d09da
SHA256 9fab4adf3f41b57d7e9f62b4fbc78d73e6a6352d4fadda7fe83eae1972bde20b
SHA512 df220acbad16980e5c32d336ac49c7a86b3978b67a22224a4c40b22e1ebbcaf4deda26943a7d19474ac0463f6c97e478ae02d635fc358153e34f87ba5f3a4e67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cfb51eb364c3c109_0

MD5 c68c0ea6dd816c0ba0026499ce9ba262
SHA1 f22c53f5fb00d4d2993c636bf93164f43399980a
SHA256 7b3c8eae0ff1bae47043a1997eda10c2b86bc1bb7757be9a6845e525ef852ed3
SHA512 42075a0f12a5a1c0abf05043f1369ef49a3cc0f62644f2f9f593212a250c859ab4c2f87c25cf8cf19ef9a27222608a785c181e97484ccb684922ad12ad6dfd67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cf740101cc876de6_0

MD5 a62e9dfcc56113532767e20e0b21fc86
SHA1 110acb308a17457446265c15d12dd0f6a9ba3a96
SHA256 c9847c9496de2b6af82123c1de5d0d5c27b330562f7bef7d9dffd13a3ef10319
SHA512 ac3d9676051b7d24e938b252c3813f024ba71f0ca6ef431c426ba119c7b74f31e9ed1671048102e3505c749749dfa97652ec1b348a106f12da749c56d4bd9fda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8f2cc2c2c79a9efcca25759e09115ba
SHA1 eda07f52140f2006c52252558607b2eeb9e00e9b
SHA256 2bcc68929901059f7a8e000550be339d21fc6f57c1db42cf63f2eecab7d4f2d9
SHA512 f8164a36a7f0ea45fb1c541020d9e925cf9fbb0f42bafd9e5f8637c3f29c4ca97e3b781a52622331c1af3aa9fde48e31222152514bea0abf1de1e8943007c6e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000094

MD5 05e9679509b61424a07cc4d4efb7247f
SHA1 db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81
SHA256 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b
SHA512 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093

MD5 2d20b1ca490e1e70032714c785df685d
SHA1 04059769cdb4eadcb04e51c4240a6ae657d598e8
SHA256 573a145d97b17a0f48d299f6bec2ccf64d6c3273cdfb2a7a7d9b3ac96d391cb9
SHA512 5917b4df4d24b5494edf4a2e776878b034076c227504d1c8df47c6dbd199a60cb3d7e02b36d66ad8f8d26de79b82222f515cba4559329da3f2344749500c9742

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6bd9734c985c721bfd6eeca4edd137ae
SHA1 92c8415575c4b656dbe500c6bb619135343ed6a0
SHA256 bcc9233aca03675bcba7beb621be71c16028a5a55cf0835787eca3f36c8f79d3
SHA512 3fe61e45cf1b721f9bbf9033cd630147ba7a2e07dfe14fc42c9c3719cfc2138d9920e2a8b9e66f837f248d5628bdedfced91a862ff9d92b3d5387e76ce75448d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 47fed2aeda7d965a55ef76405e61871c
SHA1 8e9bb141b2c0878927aede76e2c8224920929ebf
SHA256 8e236c9a96aa51d442cfce0b048cd3a4cdd1bab32dbede7848bee04a22a71e74
SHA512 91f77236badee33e0b74889bec3d8abdae2bcf65d8f8f75a4893a495786dbf8751d26e4c885e6337a84f606de0ed18816711dc14252b45c5f9eaf4a7655480d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 34406d678b05bc877f808bf82a27e04e
SHA1 a471635010306d2a3bc2bb47c72b2334330377ef
SHA256 03e840711316992bfc31da7e1cfbd1fe873b23ee303e0e9f452b2bfffe6e404b
SHA512 439e88d6a8346c11c60f3c025483af8fa525f4ff737bb5a9521ba583310bb7ad9002ab2712c05cd1df70760e8ad92adc353673a4a708cd17b3270eaedfd8f839

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 305fff92cbadd18b39a343da69445633
SHA1 c1a80beb30dce558708a8951a5844579cc303827
SHA256 ed91424b06291c922d73ff3b902cc3021d3ecd305989fda3febf183c23537b16
SHA512 57cd52f871559d8496f359c5046c8a75fda44a7b9d22120924277709f61844ceb3920c4a57d0dcb2d63fba716191da2485ef812bacb69be63858e869e2241bb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009b

MD5 1aca735014a6bb648f468ee476680d5b
SHA1 6d28e3ae6e42784769199948211e3aa0806fa62c
SHA256 e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f41dbfe5166e1283dbed95336105aadb
SHA1 a3a999e73863374f669fe2c44660d919eb619518
SHA256 5437c01a00392f5ad1d7528bb96a7297743a46ede0d102b68bdc734418f80ebb
SHA512 03e7161c02666c7306a9f328f2dac225365ebcc8c092925b6f9fee4082fab4aad7e0afe640ee8a63f0cdb242853bf4464905bfc99a240e47e6416d1ebab18321

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3bff1e2b85e2584d14c945ffab4868f1
SHA1 b30be917e367b513f058a8a87d04330cd6b6d106
SHA256 0eb8d4ec9a37066432d2286ece721bbb6d071b923ca18d4174f0597c2e9ccc52
SHA512 56c37f4e6a0dea5db47d35d53bc6c3b9ee882494c2370062a5b236d4e2b1a89f91eeb9e98e888ff01fb4d8349ccb10eaa0ce1989097aaafd7b257fef17b93f62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 113a6f7998dbc5c8c1e0069df85e7681
SHA1 c4de51a8bd5031f70f1667a0e94eec7a6c0d024f
SHA256 2da6e4721b2110a32e1a312d9b7b0ad292259c240234dd5d5fc391b0b90936c3
SHA512 8820a18da68930dc983cb09836191ddb5a378a54c28518b9281fc2e1049cc1777b29a7aff198f5071bd345fd232f9e131970bfdc8a97d33daea128966bdd9426

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a6

MD5 3470dad8219537a4b4d9f1ff73436893
SHA1 fc5ba88ce9719ad6ba6febbaab971801cd625933
SHA256 1f5cc5c2211c48f57acf7d4113a487fbbd74a423303102821c913139d7ff782a
SHA512 2cf931cf203650781ca27051cf58b61a26700cb492086ce04a8680a49126b63276c77241d5d3f31a8a948edf56e0accec57c78e620200d310af48fa076d33c94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 138c2481ab53ec19480b40c6f5aefe30
SHA1 2131625cbd3b5477096353c6fb369d95af51cc20
SHA256 34bddd05b1fcbc15a693294ce4eb7681ddc9e9a6e710172bd3009368fd125c4a
SHA512 cec9a4951a9c29eb4a340d792c0190ecbaa1c79accc34997052c541b9c88cbc802e7ea79a7ebcf55ad5f8a90749ce70fd15ee12bec5470497a0747c10f97aeb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e48e5f5e979e41daf7d69abc5955f383
SHA1 6a2f5765cd1790d1b972a92c22c551ce645b02dc
SHA256 00169e180681790e52359d4b63b62fe8a50ea5ffd2672d531eaafe660eb29846
SHA512 908321eb6ccaccae00736230f85beb2084004df1ff4fdf992e7e3eee23ab7d73696f26bf61ba1f8cf63d37dab2420442883a3b4bbbe6661d2dabc0a50de7328a

C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

MD5 7d5d3e2fcfa5ff53f5ae075ed4327b18
SHA1 3905104d8f7ba88b3b34f4997f3948b3183953f6
SHA256 e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4
SHA512 e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589

memory/5148-1456-0x0000000005420000-0x0000000005430000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ea211ed7812dcca3b1edc60e9831ba1a
SHA1 0618150f4a7c77f2c79cb205420ccaeb7e5ac4c6
SHA256 d02a0e38954e4eff4a577ec510e9ce36da6ff0395d57d6c4aba7362e0fb6b798
SHA512 bebef1e1ef953aa521df2b9ada722e9e5a595185a90052a68d8589725ab36cbca52c01ca90b61f9df3f118fca3ef6665fc109df96738d0f6bae60ee0da8d11d8

memory/5148-1462-0x000000007328E000-0x000000007328F000-memory.dmp

memory/5148-1464-0x0000000007AD0000-0x0000000007AE4000-memory.dmp

memory/5148-1465-0x0000000073B40000-0x0000000073B54000-memory.dmp

memory/5148-1466-0x00000000080D0000-0x0000000008676000-memory.dmp

memory/5148-1467-0x0000000007EA0000-0x0000000007F32000-memory.dmp

memory/5148-1468-0x0000000009100000-0x0000000009144000-memory.dmp

memory/5148-1469-0x00000000091E0000-0x000000000927C000-memory.dmp

memory/5148-1470-0x0000000009280000-0x00000000092E6000-memory.dmp

memory/5148-1471-0x0000000009820000-0x0000000009D4C000-memory.dmp

memory/5148-1472-0x0000000009770000-0x000000000977A000-memory.dmp

memory/5148-1473-0x0000000073280000-0x0000000073A31000-memory.dmp

memory/5148-1474-0x0000000073280000-0x0000000073A31000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2da5aa865397a41e70a1a02e0d57c232
SHA1 4d1192e5f476749d61fbc4506c3e31c6ff2e3656
SHA256 0fd91428fe0e42d8ec4446f44bb7a1b90bd5133270212fff42aeba07cecf3add
SHA512 a59b060f7e6d0ac74bed6709bbf4221c7e920f0decdfab7b1a25675ea934f4d47c77bda0d8e9ba9016fbc3dff26ae4040a7dfe44881e00a850bc36953ce9ce6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ea2963277814e18bb40a29455d197418
SHA1 996b5c2d2cb77e300755bdf6b303184328ec75a5
SHA256 23d483eca9826455e7af2adfba5d3e79432de93a5831b81c73f67c9557b6a7a6
SHA512 cdb4ffde866b3c9ee0e418156e735f30df29949b1c67b516c7b2b3011717b07d30c03e0744bcec3015997d50374450cb50a73552977262d3045097f705d15731

memory/5148-1519-0x0000000005420000-0x0000000005430000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 aa12ea792026e66caab5841d4d0b9bab
SHA1 47beeba1239050999e8c98ded40f02ce82a78d3f
SHA256 65fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1
SHA512 0b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27

memory/5148-1531-0x000000007328E000-0x000000007328F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e13d58985f0573a32dd73a819091c79d
SHA1 ef00b3966e194b7069f9bf362d386932d0a6a15d
SHA256 1465174fc04e5466ecc6884401e43420d4dafc5b15832d7054d62fddadbbc60e
SHA512 7722dccd2e56049b1e4aae75e336c077baf30f21f01ede2f80a6e349484e9243fc57a104ba94423c758bbf8e897fa7f83559c07a094dcf9b18122d940984e355

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b89fc7b9bb3dd6f3cc6440363996c32
SHA1 cf15d7d793550267a6c98dc70510ad6c9d4dff9c
SHA256 937184f51887ee1017a1030ccabf67137b425fe5d9e62f247ec8ce38b3609ae8
SHA512 5c23bb9618e95a41aef2d4b78547186cf17d9cbe21e0a247edecc1f89300cc3261b04816340b2bb1a4da4151e54d6633f6c90917ca7861262c4fe15f0370718d

memory/5148-1559-0x0000000073280000-0x0000000073A31000-memory.dmp

memory/5148-1560-0x0000000073280000-0x0000000073A31000-memory.dmp

memory/5356-1563-0x0000018489470000-0x0000018489478000-memory.dmp

memory/5356-1564-0x00000184A3DF0000-0x00000184A4318000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00200057003F001D0006.txt

MD5 9805025dbec37d93e47d993055037282
SHA1 b4ed4ae99470eec10e8bb9538d07c29d45f8724a
SHA256 c4549178e86a735d54d3e4f5036cf05e0ac9b676e42708daa422cc3eda946b03
SHA512 d360b9c5e032747dccc56285848bc77d9d1e01a0ad4cadc54db304e833700813d54ab15ee4a1a510371036ef0bcb82f0786f540392f78f8dc25e765f4d43a3b6

C:\Users\Admin\AppData\Local\Temp\ktuhcsjz.exe

MD5 076092450f53e13c6c8ca6476aa87324
SHA1 73fbfdc5fed2495df411bb4af2018a568c20e186
SHA256 b267bb141300bd5fd2e5c61ada335f70f2a2f8729e36ce675fc93bb21a921db7
SHA512 782e8a2648a60fcafd96cec56d670196c96fadf859b60d644730bb0ef802adef0f7e18b48c2199e67c31875b6a1cb61d8f16116cb76ed34fd2052f8d2362c343

memory/6660-1642-0x000002C94AAA0000-0x000002C94AB28000-memory.dmp

memory/6660-1643-0x000002C94C750000-0x000002C94C790000-memory.dmp

memory/6660-1644-0x000002C94C790000-0x000002C94C7C0000-memory.dmp

memory/6660-1645-0x000002C965060000-0x000002C96509A000-memory.dmp

memory/6660-1646-0x000002C9651B0000-0x000002C9651DA000-memory.dmp

memory/6660-1649-0x000002C965AA0000-0x000002C965AF8000-memory.dmp

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

MD5 3068531529196a5f3c9cb369b8a6a37f
SHA1 2c2b725964ca47f4d627cf323613538ca1da94d2
SHA256 688533610facdd062f37ff95b0fd7d75235c76901c543c4f708cfaa1850d6fac
SHA512 7f2d29a46832a9a9634a7f58e2263c9ec74c42cba60ee12b5bb3654ea9cc5ec8ca28b930ba68f238891cb02cf44f3d7ad600bca04b5f6389387233601f7276ef

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

MD5 58b8915d4281db10762af30eaf315c9e
SHA1 1e8b10818226fa29bfa5cdd8c2595ba080b72a71
SHA256 c19df49f177f0fecf2d406ef7801a8d0e5641cb8a38b7b859cbf118cb5d0684e
SHA512 49247941a77f26ab599f948c66df21b6439e86d08652caa9b52ffbcefd80a8c685d75c8088361c98dde44936e44746c961f1828a5b9909fecd6ce9e7e6d2f794

memory/3344-1825-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1826-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1832-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1835-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1834-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1873-0x00007FF751950000-0x00007FF751960000-memory.dmp

memory/3344-2112-0x00007FF74F5C0000-0x00007FF74F5D0000-memory.dmp

memory/3344-2110-0x00007FF74F5C0000-0x00007FF74F5D0000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 e71df2d71572e3cef7ccde62499eefc6
SHA1 9502258fdc9bf41e9ec65cb8bac976615e86d915
SHA256 47c57e32fd89d44bc67c148ade81df0eefd74cdd846154be47ddd94b6884925b
SHA512 47912ad519467b60b121c58e30e89f2404da91ff9d0f1e64fbe15189be2804d240648be191b003b093010cb838cb5eca6fbd94b654b3e797467fae1a2d547282

memory/3344-2093-0x00007FF74F5C0000-0x00007FF74F5D0000-memory.dmp

memory/3344-2091-0x00007FF74F5C0000-0x00007FF74F5D0000-memory.dmp

memory/3344-2084-0x00007FF74F5C0000-0x00007FF74F5D0000-memory.dmp

memory/3344-2049-0x00007FF74F5C0000-0x00007FF74F5D0000-memory.dmp

memory/3344-2046-0x00007FF74F5C0000-0x00007FF74F5D0000-memory.dmp

memory/3344-2045-0x00007FF74F5C0000-0x00007FF74F5D0000-memory.dmp

memory/3344-2028-0x00007FF751950000-0x00007FF751960000-memory.dmp

memory/3344-2026-0x00007FF751950000-0x00007FF751960000-memory.dmp

memory/3344-2025-0x00007FF751950000-0x00007FF751960000-memory.dmp

memory/3344-2012-0x00007FF751950000-0x00007FF751960000-memory.dmp

memory/3344-2010-0x00007FF751950000-0x00007FF751960000-memory.dmp

memory/3344-2008-0x00007FF751950000-0x00007FF751960000-memory.dmp

memory/3344-2002-0x00007FF747FA0000-0x00007FF747FB0000-memory.dmp

memory/3344-2000-0x00007FF747FA0000-0x00007FF747FB0000-memory.dmp

memory/3344-1992-0x00007FF759890000-0x00007FF7598A0000-memory.dmp

memory/3344-1990-0x00007FF74F8A0000-0x00007FF74F8B0000-memory.dmp

memory/3344-1987-0x00007FF74F8A0000-0x00007FF74F8B0000-memory.dmp

memory/3344-1981-0x00007FF7694A0000-0x00007FF7694B0000-memory.dmp

memory/3344-1980-0x00007FF77D1E0000-0x00007FF77D1F0000-memory.dmp

memory/3344-1965-0x00007FF77D1E0000-0x00007FF77D1F0000-memory.dmp

memory/3344-1961-0x00007FF77D1E0000-0x00007FF77D1F0000-memory.dmp

memory/3344-1960-0x00007FF77D1E0000-0x00007FF77D1F0000-memory.dmp

memory/3344-1958-0x00007FF77D1E0000-0x00007FF77D1F0000-memory.dmp

memory/3344-1957-0x00007FF77D1E0000-0x00007FF77D1F0000-memory.dmp

memory/3344-1952-0x00007FF77D1E0000-0x00007FF77D1F0000-memory.dmp

memory/3344-1950-0x00007FF77D1E0000-0x00007FF77D1F0000-memory.dmp

memory/3344-1948-0x00007FF77D1E0000-0x00007FF77D1F0000-memory.dmp

memory/3344-1946-0x00007FF77D1E0000-0x00007FF77D1F0000-memory.dmp

memory/3344-1940-0x00007FF77D1E0000-0x00007FF77D1F0000-memory.dmp

memory/3344-1921-0x00007FF77D1E0000-0x00007FF77D1F0000-memory.dmp

memory/3344-1899-0x00007FF74E890000-0x00007FF74E8A0000-memory.dmp

memory/3344-1890-0x00007FF74F5C0000-0x00007FF74F5D0000-memory.dmp

memory/3344-1854-0x00007FF751950000-0x00007FF751960000-memory.dmp

memory/3344-1848-0x00007FF7468D0000-0x00007FF7468E0000-memory.dmp

memory/3344-1847-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1846-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1845-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1844-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1843-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1842-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1841-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1840-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1839-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1838-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1837-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1836-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1833-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1831-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1830-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1829-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1828-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1827-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1824-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1823-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1822-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

memory/3344-1821-0x00007FF7331C0000-0x00007FF7331D0000-memory.dmp

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 a7b0dabf4a52b6827c35de1e05111ba6
SHA1 21065f550492165d5290446e433e0f9cdefaeecd
SHA256 b92f20569bcb06eb12a87d278592af03f564281ad9803eb8ee748eed0c4afbf2
SHA512 5c4996df6335d5cf045f09d04ccf2382306ab4ab962dc2ab1889248df00f1470a336724bf137986df7be60e6b5b2417d75e4270b18f3f87fb533a8c1c530ed3d

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 488689d32ecdcbad7375a932c8a3eff2
SHA1 e163e9841054258eef6c9c48cc0681b24e24ab18
SHA256 569cc84712a56821769c564092df02306b3f23b590fd9f8d2fca45d93269bf25
SHA512 f7d3b20cbef55b1950e4189010d3ad5dc4b0161d5a3f00451b4833c278ff9566c55b5dffa061a65f67cad0b3f4bcb4d73f0222cecf506d3c61baffd5962f3cb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ee29ec797e6320337ef71d54728b42b3
SHA1 218cd5cd60c064921fa8ffc3d2498c9dd202586b
SHA256 3516055b6fe459a26a2ed8b09f146a3eff8330eb963b251c7d479360638c6194
SHA512 a521420221642c127936a725d6a1ab1229d9b565c6a41ab4136d9368ae313fb84a5cbfa8b3236ccbff93e7f50ab830e20ca77e7deaf0158970c0a308dfeb0803

C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

MD5 feadbb02bbce1a52cea80d5b38262eaa
SHA1 cba0f46ebb3570a08cf15ae992ae845afcd13801
SHA256 393b052e9e76bb446f568e755c84f61ff7f1b1db4ca0eb0114067ad1ff95daa4
SHA512 997d83820aeb16612313e33b63827de993fff39acd27c54835ea15ebaaa07bb24eeb955e892699f75fcbf2d1f92a8653416893341633b79cdddbcd8b9a119126

C:\Program Files\ReasonLabs\EPP\mc.dll

MD5 05aae9798ed4d8b021dac87c720c8d8f
SHA1 e652b7e4f5e345fdd7a019965062b455bfbb3f16
SHA256 e57e33ecca1da5b655502cbb1e521406015ffa7e095be31ed1f09347db8bfd82
SHA512 221ae09f1963c6454ac083bfe4dd41581e3c9e13f1caca5b0f39a53af583a094d34fe6bf6a7687e597e428c9dc48edd3f09b9593954afdc436651d65c07b34a9

C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

MD5 4b88a61fbbb3308a669f4b319052a4b1
SHA1 74d2b2fafa5e58c5289e82f12074c315f58b207d
SHA256 1c27b9059d56439ac82d8a4f430050611589901edeacea052b1ab79629243fc8
SHA512 216cf1f477af196e20da23d04a7c7e748ff5936280a1888da15af996045b764a0ad329d949e946a240b45bf4a4348f88c7e9c103f21462424069a216964d3f9c

C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

MD5 6a9180009669c530a95712cd3540c091
SHA1 16864aa292cf96ba28f539419bab03a810addf79
SHA256 fd17a55e4fd758e6afb3d4dee02c45a785c91d798245369aaebc0137a8680fb6
SHA512 c1893d55efe0ab7539faf46d7fb7ac3965ab87533e3d9b8ff80521da1f23e6c41dbe6d52c9af22ae24e0f4aff8795b42c3af639f38e8f06bd880e4ff644bc3a0

memory/6660-4088-0x000002C965B00000-0x000002C965B58000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\9ae0d4a4\ef3cd3fd_8bb3da01\rsJSON.DLL

MD5 fc5039cf40b355bdf0c6da26cce1829d
SHA1 2424100626a6b68c7b6e8eaf5058a06ef2b2f0cf
SHA256 af81ab29fc1de68fc1cf3c03d780fac427c55fe58a308e3afe8322d3c56e77c1
SHA512 4796c0003cdcf8733a338ede6e0626f31041b5d76934e728d7ec82736befae8b721ed5024a6befcf53cfc246afcca5c82802a9029a235c6bc26c5f0752b76434

memory/6660-5755-0x000002C965BA0000-0x000002C965BDA000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 1b066088518672f46e2dca63f2dedd8f
SHA1 2e230c2a56d3d8868f553fc22e3f069cce521252
SHA256 c7e3f801ae60cd82d1ef3e881b5ef55d603e37b84626741fd461549ed1267099
SHA512 b237a458825e3aadbafa22f99e615c5371b298e6aa116a4f0f36ae316f7eb27c882c8d62c0ce1b868a761888841de5002cb0dd36fa5a9fe50cb511547a4ff0ff

C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\7388686b\2f8bd3fd_8bb3da01\rsLogger.DLL

MD5 e12ac3dcc1587825766bd2d914f45993
SHA1 19f317677780f98a2d5918f0133d3e1c8064991c
SHA256 524affc19cc7e13ec985928181ae4d3cd03a76cc732b0b0dd4d7cf90d2d10c7e
SHA512 431fd58234d1928cf0bf73ad58d01585017dbf0ac5dc0ec4af4b06835d35dc95fddf5419ed00e4b472ed0059e4ffc8cf15eb7a1012b17fbc23d08fd3ff8e839c

memory/6660-5784-0x000002C965B90000-0x000002C965BC0000-memory.dmp

memory/6660-5798-0x000002C965B90000-0x000002C965BBA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\b3b4fe19\0916cafd_8bb3da01\rsAtom.DLL

MD5 29a3ebadbd3e25947a9b1a9d715d3438
SHA1 bdccd16225f63fccf5c747d1fa214c8a9bb4c386
SHA256 90b3e5dbfc98b04c7378fd5ac4cc3da49eaff0a1d009d442ff9d684375ecf9ea
SHA512 452322434ea37832987d43fa845192f285170b54707277a7dfebce888af584a217a5cd140be8d61441aced203a567e95ba19e8aed6007cf8fc3a5020e34d86e7

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 297efb38c561f481b05804819ac714ed
SHA1 0d865903fdfed36f7a694cdc04495a41a47703da
SHA256 9db01da16ed40b1eab25478b3af8bd00cdfbd20a1830cc08d78a6d6dd0ff0f3c
SHA512 87af29449bcf7f9e66940e8d4798f4c97369885c1900e90c1966523242c95e1de843d57785c84e0431eb7e6e59ace2b630fc29d80d32e85e041a82a23950b4c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7c2dbe05fc69c055e8b41ad77ac6360e
SHA1 7f763d8fccda82e3cb7f13fbf05d0b406fc4eee7
SHA256 342e5b12e3be4bbf399b6cece51751038825c3c48f4413e2679598d8e423a0c5
SHA512 7ce60641ae627431d010935310ff2b605ab6cb904fc6f52819f3119e1ca5822fce96f5cd2644da97d9d6234d9e6f6cdefb5b68cf8b108f2a6dc1db623f8421e8

C:\Program Files\ReasonLabs\EPP\rsEngine.config

MD5 8b57500701eec678b540f84e9bdf6e82
SHA1 0724dded1c41a0d2bc270c0a8e08cf00c50e477f
SHA256 e25722d0ee697a3f67bfe854fa16d794ddd94f775634ebbaf917d0d6476cd888
SHA512 f83435c2f060b67c2e4d1da5f7cd97b8cb16280a297e1e24b7808b69cf469896d135c9b7d819fe64a699a5afbf0a9437537c9e8d490e6cd34ed0bbd0f3de7b97

C:\Users\Admin\AppData\Local\Temp\nsm1F72.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\0caa223f\0db2d3fd_8bb3da01\rsServiceController.DLL

MD5 563dc8297d19772f74bac789644a2c62
SHA1 f1b414d2172d5031b555cca648cc5b1c6c40273d
SHA256 30964e46a5a5650a73e1c8457fb84787be615e3cc7de6811b7c80251b88345ec
SHA512 6f03f8bc3168abc9b13c5d9f590fe2dcf2863590a493e14af1ff0bae79bff6758a1f6928ebd4c4c8195e996807040f8baf17cd4ec2dc74ffe6134d3877d39d5d

memory/6660-5837-0x000002C965D20000-0x000002C965D4E000-memory.dmp

C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys

MD5 8129c96d6ebdaebbe771ee034555bf8f
SHA1 9b41fb541a273086d3eef0ba4149f88022efbaff
SHA256 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51
SHA512 ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

memory/3348-5871-0x00000229B3CC0000-0x00000229B3CEE000-memory.dmp

memory/3348-5876-0x00000229B3CC0000-0x00000229B3CEE000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 1264314190d1e81276dde796c5a3537c
SHA1 ab1c69efd9358b161ec31d7701d26c39ee708d57
SHA256 8341a3cae0acb500b9f494bdec870cb8eb8e915174370d41c57dcdae622342c5
SHA512 a3f36574dce70997943d93a8d5bebe1b44be7b4aae05ed5a791aee8c3aab908c2eca3275f7ce636a230a585d40896dc637be1fb597b10380d0c258afe4e720e9

memory/3348-5890-0x00000229CE150000-0x00000229CE18C000-memory.dmp

memory/3348-5889-0x00000229CE0F0000-0x00000229CE102000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 43fbbd79c6a85b1dfb782c199ff1f0e7
SHA1 cad46a3de56cd064e32b79c07ced5abec6bc1543
SHA256 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0
SHA512 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 21395560a1adf2ea6f2ac9ccc9d4b3d1
SHA1 c8c4bdc61c6c0748d99c3f7bde8a44b73ba1401a
SHA256 372dbaf926a5ac5532e7140aa8435a74a33f4a76749d2df89cff5cc5fffcf394
SHA512 d07ee29a7f27e8545e68d6c3a645e72bde7c385e1d9e0f02c125dbdcf036017b72e2bebd3b6fe680a298d27248ef404125789746f2cc5e4b89dd972457a1a28e

memory/9028-5931-0x0000021A3CFF0000-0x0000021A3D356000-memory.dmp

memory/9028-5937-0x0000021A3CC80000-0x0000021A3CDFC000-memory.dmp

memory/9028-5939-0x0000021A24410000-0x0000021A24432000-memory.dmp

memory/9028-5938-0x0000021A243C0000-0x0000021A243DA000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 cd5566282f1c6a988eb3d5c86e50dca4
SHA1 fea1b416f99cb1bc006732d8a1a784f2b56b33fd
SHA256 fc39c228a681d2dd7f9a086b726180fd64ab780e6fc63afc03936223f3a3cdc7
SHA512 b8bc254a08db62edb21d95088d3fcdcb8bb3d97f8a80a3b93e5f166a2c5b667c6799479100a19fae608f2fdb8ec705e1d41b527be9866e31843652557371e4cd

C:\Windows\Logs\DISM\dism.log

MD5 c56ee2c5eb2365606b144f7d99c46369
SHA1 566e3c0ea74ce9cc7fe086b91f5790765b5734a8
SHA256 4411cbcb2615f0cfcfb319faa8fca845814f2cc4379e44bfafee653f705b4234
SHA512 654fe014474bea32d9e17b7580378e967952081239f3b69c3f384fcc09b8f1d83e02373a0799405687890d7287f0976d4a0ecc5718af2b0803502a31530e53f6

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 6a1d94910f43f6c727aad03d8f500cf8
SHA1 dcb0a35aafa498857faafa10d95c9f6eb5a25ed9
SHA256 87b8d5a7a6831e08fe9ea3127ce662b06c19b7b9f9f57364ce9f90fc3702b93f
SHA512 a33a448e89b298f67edb49d9a3168f64537a1b1bd6b08777683626c53ab79c8e21e0d749475aa5ff9ad4b313ae6d28dafe31ba3fe90cdc1907386a4150c43527

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 6a2a2cdb39083738847698d57ca306b6
SHA1 7695a12beb41236bd4bd16c7e43a4e925a5396fb
SHA256 aa6fc2379722863873f8f78500c7b31bb3bc5557cb03ba703f6d1f5c51648e6e
SHA512 e2b3f4c67003c8cc07af00ab7dddaca508fb4b463fc4c6cccdddd5687aa9a170f8abd61e851f7f3ff064cbe1a2a455970c1487bfac11b5905c5e12d050daf6c1

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 28603c01b5791b6baec2fc8f2a21a521
SHA1 8512de3852cd39b02464525ddc4456bfc9f50c96
SHA256 9c515a7f55706ec43a84ab0457b7273f25bbacd1a6e370f49cb439b664d1ad95
SHA512 f7e9b1c540d866ab6674519fb5c973b22d1fb13379b4afcdd0c9c4823722a4a1d700a48711d595f82bc94f8df8bc956349e18aaf623acf36ae7c2f04bbaae712

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 ceea7649d9211bce47c96642b2c8e778
SHA1 38e98a582d46ce833df0a1bdf3177b3a8bd968dd
SHA256 dfda58067b079461a04a45df9825da4146e54950d52aa7702deff5de45fcb8a3
SHA512 8dd940fe40c3e7240f444da64a0bab813c026e51cf3b077aa7b0a9990737486cfbe568633fa38b35be965e2825c594dc123bdb453366a5b908e0b81856393716

memory/9440-6251-0x0000000002210000-0x0000000002246000-memory.dmp

memory/9440-6258-0x0000000004EC0000-0x00000000054EA000-memory.dmp

memory/9440-6261-0x0000000004BD0000-0x0000000004C36000-memory.dmp

memory/9440-6260-0x0000000004B30000-0x0000000004B52000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ewxsaov2.d2p.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/9440-6270-0x00000000054F0000-0x0000000005847000-memory.dmp

memory/9440-6271-0x00000000059E0000-0x00000000059FE000-memory.dmp

memory/9440-6272-0x0000000005A10000-0x0000000005A5C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1e53961033e489ebcd5ce1d21f67ba5e
SHA1 7c8241f12ebaac16f0d4749a362a177d39b21b83
SHA256 de37ce67e4f6dd68516734a84788b4baaad33ab17b9cef9fbc664c5d700dfd39
SHA512 fcd6289e633eababd453c363b57198e8fe0a0f8924274558f4c1489296f5905d00b82415c4bd9aafff69a6cdccf5b1475d733012a4c9ad1bbe441c88e1d4c2e4

memory/9440-6288-0x0000000005FB0000-0x0000000005FE4000-memory.dmp

memory/9440-6289-0x000000006E340000-0x000000006E38C000-memory.dmp

memory/9440-6298-0x00000000069C0000-0x00000000069DE000-memory.dmp

memory/9440-6299-0x00000000069F0000-0x0000000006A94000-memory.dmp

memory/9440-6304-0x0000000006D30000-0x0000000006D4A000-memory.dmp

memory/9440-6303-0x0000000007370000-0x00000000079EA000-memory.dmp

memory/9440-6306-0x0000000006DB0000-0x0000000006DBA000-memory.dmp

memory/9440-6307-0x0000000006FC0000-0x0000000007056000-memory.dmp

memory/9440-6308-0x0000000006F40000-0x0000000006F51000-memory.dmp

memory/9440-6309-0x0000000006F80000-0x0000000006F8E000-memory.dmp

memory/9440-6310-0x0000000007060000-0x000000000707A000-memory.dmp

memory/9816-6329-0x0000000005A60000-0x0000000005DB7000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 3594b9b4634a979f7c5accc3f58d4c6f
SHA1 784ef07a610651637f421c0f3ec6ccacfa7f78b9
SHA256 6258ee06c8b53b96ef35b6d8e07ab484de82aafa029916ab3a2efc9974957e49
SHA512 c0a13159477c7c25b11c1470dd22207ddebad66bf6029ad65b099dbabf310bd83e574e8b894a0a65ca63bff95c3e4929f2c76f5a1f0bbd2ce9de011d33ec0d9b

memory/9816-6335-0x000000006E340000-0x000000006E38C000-memory.dmp

memory/9988-6366-0x000000006E340000-0x000000006E38C000-memory.dmp

C:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 a723044f1c511790dd0ee3a3fa68c4cf
SHA1 670e6f907c2557c9685ad26c26d6d8fee5139942
SHA256 861be3e240b075752d52c7b50c41bf22eab9314db4f11a20362c648198a0f2e4
SHA512 0fa7da71864d1abdff83d3aa01597f5902c01899513b0333bcc5d756a15be02b8c5293b55c1d88e556010f53412a7dbd27b57b63b1074565f1f6de8e2952377c

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 f96c25bb4feee47fe4111660fa0706b3
SHA1 284126ce4f80b6bfd6037f6137dee90c941e4eec
SHA256 9b5d44c60b18b36bcc1cc0e28585ae168d92239beda197d739c3e64edb229867
SHA512 b4297728f031863ccfb50de52d18f443d6ae893322e2f6b315497e187329275fbf41828867e614b35e9ff60ac6e3e1ae77d876fa8e131336c2d6a1fb6ff7db36

C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf

MD5 93b877811441a5ae311762a7cb6fb1e1
SHA1 339e033fd4fbb131c2d9b964354c68cd2cf18bd1
SHA256 b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b
SHA512 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4

C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc

MD5 70058f2d60daef1ccc7bbcba210f0ace
SHA1 ef214ade419a724272ac82e9de5233d7c0afa64b
SHA256 43b26f40e04ae6854569a01803541245abffcd130f1345191afd8bf6b0ca7873
SHA512 a0b3ca59ffad882fbff69012023eaa8aadb77d3ff1252562e5480e7dc3c9336afb3c5f58fb435246ec48c758d3c9d17ae9ea8a28f9d4766fad1a4c672cbf9b9a

C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 893d360959eec5649294f03d4d6a6b61
SHA1 e31ee5f42b644af13f8c1dae21b5d6a3f80b13db
SHA256 e94fb68ace80293e5ecf651011d06976c8d99c941a76dbacc72d27f118439112
SHA512 6843b853cb4073737c898bea7f4c8d310382b54b967db861044f0f4c7725e623b916f07fd4a8cf98dad0c495e806a09e3c0c3b6330954d86dd5df545bfcb194e

C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt

MD5 a088345d5d78f38d13e8c171db87b446
SHA1 6683383d49ef2a91aca7d4faa1af34b8bec7f641
SHA256 e970a9a38afa08c5071a11899691ba9eef5ca85ee04131f199fbafc35ac050ac
SHA512 61cf198306c4f152d8df940c337bc7e91cf9118e542fb8aee6a0e9ce9df63f99c3d7e33cb0fc77347970573c02a32fca62143e9983dec5b7af0a6724508c77ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5bf10ef408f240d02f08c50dfad04283
SHA1 62be1288b1ae85b7412046cd3f3fb375ab1fdfb6
SHA256 46ceba2a4b8b2435060753328f316f668bdf980e3dab395a6eab3e82b14831a2
SHA512 b600819f24abe680d9b827b2cb8450d05c40d54155bd3d23a687d444d19674e7c36ebe74ea2ad319edd84065b5a5e4c4a507ef1d050e06b51aecb6624e57506d

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 6de0ef4a83aadebe5d7e07a64fc9d220
SHA1 f2162f30992ced0b882bfced0477ebf62b7ce186
SHA256 b7c4de833b0e2689724414802fbdda35d7cc1c4529eb95282fd0ffd175119008
SHA512 eebe007e0ece66c08138720bb46864470826a6b49a8edb1fd1593c4efade4bbf32c764d205383ef4745a738a1242f92e4c396abeb56e6ff9e785977ce8f646da

memory/5148-6584-0x0000000073280000-0x0000000073A31000-memory.dmp

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a1afe5ab9b39170dcdfc783a6812bd8f
SHA1 8ee6c18d55a8848bbc8e405995d729c440babeb3
SHA256 c422a971c991ef88bcbc7b3c0f80f03791771453d595306895fcf7e9e654ed3d
SHA512 95768142eace036082ad205d4661f341227e0460c3792ea32d387071f0d3a471c7bc5329dd2631f1d17532f5a3b9f0e121074f84b41f9fd0beca8474bcad8e25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 bbdce7283f8c8e7d66ccf5cba06bcfdd
SHA1 c2e2d0145906f8992455ad7819275db251f1a482
SHA256 ac592c3e751c5521f73447f2f32b6d4fda91635f349431f89f975c1e3208537e
SHA512 b8fa50f8201bdbf43b9065e9a9f0ce5cc1a182ab5da6ce275afe823b3ea4cca84c7c43e7e09ec47523fda2013c8af5081656378326cc148c89eded6dd62e0a37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8410805658dcb42e907af34c10ca8056
SHA1 0e872bf7f48032aae1a5c19be95ad73295243d98
SHA256 260f35c3b0ede7a6644dcf6f12662a920ec7fe5da99bec09b2e622ce23db1796
SHA512 bdba606cbd2933ada00aa6d33efadf16878461cc5626d68c08b08a7730ddac630789dfd99be64005de63f2a1af431eaabacdf814e6c273880e7d1d71ab0037ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fd8fd9cc6748fb3623fc0f62162292cc
SHA1 3422c1951dbcb3bc99f54a7b1238225530297546
SHA256 f22e16c524a2c35fa826fdb8a7e6a869d80b9f546edea41be7549fc7fbd8ad17
SHA512 f5342bd7b706ff0012d806d2912a730a1dfc5625b891fc87cf2eb00c14d64a988edb27fdcf5573c39a2c18e231e3c42e7e12b35a9202eebbded4c7b7d2d041c8