Malware Analysis Report

2024-09-11 05:41

Sample ID 240628-wfbk7a1bqr
Target http://food
Tags
cobaltstrike backdoor discovery evasion execution exploit persistence privilege_escalation spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://food was found to be: Known bad.

Malicious Activity Summary

cobaltstrike backdoor discovery evasion execution exploit persistence privilege_escalation spyware stealer trojan

Cobaltstrike

Cobalt Strike reflective loader

Creates new service(s)

Manipulates Digital Signatures

Downloads MZ/PE file

Drops file in Drivers directory

Possible privilege escalation attempt

Modifies file permissions

Executes dropped EXE

Checks BIOS information in registry

Loads dropped DLL

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Reads user/profile data of web browsers

Modifies powershell logging option

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Checks whether UAC is enabled

Checks installed software on the system

Adds Run key to start application

Checks system information in the registry

AutoIT Executable

Drops file in System32 directory

Drops file in Windows directory

Launches sc.exe

Drops file in Program Files directory

Enumerates physical storage devices

Checks processor information in registry

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Uses Task Scheduler COM API

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Enumerates system info in registry

Kills process with taskkill

Runs net.exe

Suspicious behavior: LoadsDriver

Suspicious use of SendNotifyMessage

NTFS ADS

Modifies data under HKEY_USERS

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
System Services
T1569
Service Execution
T1569.002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Event Triggered Execution
T1546
Component Object Model Hijacking
T1546.015
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Event Triggered Execution
T1546
Component Object Model Hijacking
T1546.015
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Subvert Trust Controls
T1553
SIP and Trust Provider Hijacking
T1553.003
Install Root Certificate
T1553.004
File and Directory Permissions Modification
T1222
Modify Registry
T1112
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-28 17:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 17:51

Reported

2024-06-28 18:21

Platform

win11-20240611-en

Max time kernel

1800s

Max time network

1792s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://food

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

Creates new service(s)

persistence execution

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\rsCamFilter020502.sys C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsKernelEngine.sys C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File opened for modification C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\FuncName = "FormatPKIXEmailProtection" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverCleanupPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2003\FuncName = "WVTAsn1SpcIndirectDataContentDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\2.5.29.32\FuncName = "FormatVerisignExtension" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLREMOVESIGNEDDATAMSG\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCertPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustInit" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d3vliphs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp836079730\installer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Users\Admin\Downloads\Driver_Updater_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2RN7P.tmp\Driver_Updater_setup.tmp N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpC328.tmp_collect\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
N/A N/A \??\c:\program files\reasonlabs\EPP\ui\EPP.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\program files\reasonlabs\epp\rsLitmus.A.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Program Files\McAfee\Temp836079730\installer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\rundll32.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Modifies powershell logging option

evasion

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_E3A0B2E345AA9F5A174687564C886046 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_686A447EF0220EBC1D36EF897F31F606 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7850C7BAFAC9456B4B92328A61976502_617BA9B1A20C7A7A9F013422932F5C48 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\48B35517638A85CA46010B026C2B955A_0E2607AD9B9E618A16D313BC98EDE832 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_686A447EF0220EBC1D36EF897F31F606 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_0A8150CD5694083719E0AD512DE543D3 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\439F613B3D55693954E1B080DE3085B4_C4927E03400A4F6EDB9D613E6354F864 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0E663C78920A8217B4CBE3D45E3E6236_FAC429BFCC14A89D4D351DF26B2C8FD0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\206932163209AD483A44477E28192474 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_726cea1f0f349cf7\machine.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_0A8150CD5694083719E0AD512DE543D3 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_E3A0B2E345AA9F5A174687564C886046 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\439F613B3D55693954E1B080DE3085B4_C4927E03400A4F6EDB9D613E6354F864 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\48B35517638A85CA46010B026C2B955A_0E2607AD9B9E618A16D313BC98EDE832 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7850C7BAFAC9456B4B92328A61976502_617BA9B1A20C7A7A9F013422932F5C48 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0E663C78920A8217B4CBE3D45E3E6236_FAC429BFCC14A89D4D351DF26B2C8FD0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\206932163209AD483A44477E28192474 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\ReasonLabs\EPP\rsExtensionHost.exe.config C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Text.RegularExpressions.dll C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-IL4VQ.tmp C:\Users\Admin\AppData\Local\Temp\is-2RN7P.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\wssanalyticsraw.luc C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\transport_aws_apigateway_v1.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\upsell_toast_handler.luc C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-zh-CN.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-it-IT.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-BR.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\ldplayer9box\tstVMREQ.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-FJM0H.tmp C:\Users\Admin\AppData\Local\Temp\is-2RN7P.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hr-HR.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\version C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\ldplayer9box\tstPDMAsyncCompletion.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Detections.dll C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-hr-HR.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsswps.luc C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_ss.png C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-en-US.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\observation_analytics.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-hr-HR.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-zh-TW.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\productupselltoast.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.Primitives.dll C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\baseaffidlookup.luc C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\datasets_catalog.json C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\data_collector.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\operations.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\Temp836079730\wa-utils.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\warning-icon-toast.png C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-4K15Q.tmp C:\Users\Admin\AppData\Local\Temp\is-2RN7P.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.dll C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.BTScan.dll C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-el-GR.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-el-GR.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Net.WebSockets.Client.dll C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\ldplayer9box\x86\msvcr100.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-CN.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Compression.dll C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-hr-HR.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-da-DK.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-hr-HR.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\dictionary.json C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ReasonLabs\EPP\TraceReloggerLib.dll C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\ldplayer9box\fastpipe2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp836079730\icon_laptop.png C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nb-NO.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.dll C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.firefox.extension.json C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf-PreW10.cat C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-it-IT.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fr-CA.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptionexpirydate.luc C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ta.pak C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp836079730\jslang\wa-res-install-en-US.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hu-HU.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\Temp836079730\jslang\wa-res-shared-fr-FR.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sk-SK.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\sha256.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\x64\SQLite.Interop.dll C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp836079730\wa_install_close.png C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-CA.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sr-Latn-CS.js C:\Program Files\McAfee\Temp836079730\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\INF\c_monitor.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File created C:\Windows\INF\c_media.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File created C:\Windows\INF\c_processor.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
File created C:\Windows\INF\c_display.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe N/A
File created C:\Windows\INF\c_volume.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File created C:\Windows\INF\c_diskdrive.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UINumberDescFormat C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceCharacteristics C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ParentIdPrefix C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LocationInformation C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UINumberDescFormat C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \Registry\Machine\Hardware\Description\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\ = "IGuestDnDSource" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\ = "IProcess" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6FA-430E-6020-6A505D086387}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E1B7-4339-A549-F0878115596E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\ = "ICloudProfile" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-aedf-461c-be2c-99e91bdad8a1} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids\PCHelpSoftDriverUpdater.HDM_encrypted C:\Users\Admin\AppData\Local\Temp\is-2RN7P.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E9BB-49B3-BFC7-C5171E93EF38}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-d545-44aa-8013-181b8c288554} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1}\ = "IMedium" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FD1C-411A-95C5-E9BB1414E632}\NumMethods\ = "23" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC7B-431B-98B2-951FDA8EAB89}\NumMethods\ = "31" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6989-4002-80CF-3607F377D40C}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session.1 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E64A-4908-804E-371CAD23A756}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00A7-4104-0009-49BC00B2DA80}\ = "IMachineDebugger" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\NumMethods\ = "26" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AE84-4B8E-B0F3-5C20C35CAAC9}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7193-426C-A41F-522E8F537FA0} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-d8ed-44cf-85ac-c83a26c95a4d} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-057D-4391-B928-F14B06B710C5}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5637-472A-9736-72019EABD7DE}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\NumMethods\ = "14" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\HELPDIR C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-416B-4181-8C4A-45EC95177AEF} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\ = "IExtPackBase" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7006-40D4-B339-472EE3801844}\NumMethods\ = "13" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6679-422A-B629-51B06B0C6D93} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486F-40DB-9150-DEEE3FD24189}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6FA-430E-6020-6A505D086387} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B855-40B8-AB0C-44D3515B4528}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9}\ = "IHostNameResolutionConfigurationChangeEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\ = "IGuestFile" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\ = "VirtualBox Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}\ = "IDHCPGroupCondition" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\ = "IFormValue" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 340953.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Driver_Updater_setup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 786654.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\SYSTEM32\fltmc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2RN7P.tmp\Driver_Updater_setup.tmp N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4948 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://food

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeb2c33cb8,0x7ffeb2c33cc8,0x7ffeb2c33cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1840 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3452 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11936 /prefetch:8

C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11720 /prefetch:1

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayerex.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM bugreport.exe /T

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=47a3c61784924cfe651ffe43d9c5f4f87fc8f570&dit=20240628175481248&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="C:\LDPlayer\LDPlayer9\"

C:\Users\Admin\AppData\Local\Temp\d3vliphs.exe

"C:\Users\Admin\AppData\Local\Temp\d3vliphs.exe" /silent

C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\UnifiedStub-installer.exe

.\UnifiedStub-installer.exe /silent

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp836079730\installer.exe

"C:\Program Files\McAfee\Temp836079730\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=589886

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\C77F6A39-8BEE-432C-B2F2-3BEE1DEE277E\dismhost.exe {EBDD2040-0F6F-4232-A676-E4ADBBB857A7}

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml

C:\Windows\SYSTEM32\fltmc.exe

"fltmc.exe" load rsKernelEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\LDPlayer\LDPlayer9\driverconfig.exe

"C:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffeb2c33cb8,0x7ffeb2c33cc8,0x7ffeb2c33cd8

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.roblox.client|package=com.roblox.client

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12068 /prefetch:1

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeb2c33cb8,0x7ffeb2c33cc8,0x7ffeb2c33cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10732 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12456 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12640 /prefetch:8

C:\Users\Admin\Downloads\Driver_Updater_setup.exe

"C:\Users\Admin\Downloads\Driver_Updater_setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-2RN7P.tmp\Driver_Updater_setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-2RN7P.tmp\Driver_Updater_setup.tmp" /SL5="$80066,5837648,810496,C:\Users\Admin\Downloads\Driver_Updater_setup.exe"

C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

"C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /INSTALL

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Schedule" /F

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Monitoring" /F

C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

"C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /START /INSTALLED

C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe

"C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe"

C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

"C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /TRAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13148 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\tmpC328.tmp_collect\PCHelpSoftDriverUpdater.exe

"C:\Users\Admin\AppData\Local\Temp\tmpC328.tmp_collect\PCHelpSoftDriverUpdater.exe" /COLLECT

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"

\??\c:\program files\reasonlabs\epp\rsHelper.exe

"c:\program files\reasonlabs\epp\rsHelper.exe"

\??\c:\program files\reasonlabs\EPP\ui\EPP.exe

"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2160 --field-trial-handle=2164,i,15264358968908044340,15755914421825128867,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2572 --field-trial-handle=2164,i,15264358968908044340,15755914421825128867,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2700 --field-trial-handle=2164,i,15264358968908044340,15755914421825128867,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3760 --field-trial-handle=2164,i,15264358968908044340,15755914421825128867,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=10748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=10856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1808,1936723917483001455,5016092228228801825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5504 /prefetch:8

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\program files\reasonlabs\epp\rsLitmus.A.exe

"C:\program files\reasonlabs\epp\rsLitmus.A.exe"

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3408 --field-trial-handle=2164,i,15264358968908044340,15755914421825128867,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
US 2.19.252.146:443 aefd.nelreports.net tcp
US 2.19.252.146:443 aefd.nelreports.net udp
US 13.107.5.80:443 services.bingapis.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
US 13.107.21.200:443 bing.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 151.101.193.91:443 sc.sftcdn.net tcp
US 151.101.193.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 23.219.230.135:443 images.sftcdn.net tcp
US 23.219.230.135:443 images.sftcdn.net tcp
US 23.219.230.135:443 images.sftcdn.net tcp
US 199.232.209.91:443 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
GB 13.224.222.112:443 sdk.privacy-center.org tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 18.172.152.36:443 www.datadoghq-browser-agent.com tcp
US 172.67.41.60:443 btloader.com tcp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 172.64.154.167:443 www2.bing.com tcp
NL 23.63.101.171:80 apps.identrust.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 151.101.129.91:443 sc.sftcdn.net udp
NL 139.45.197.227:443 notix.io tcp
US 172.67.74.173:443 wct.softonic.com tcp
GB 172.217.169.65:443 eb569281d874056a6aa41f6749d10b62.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
IE 34.254.68.53:443 ap.lijit.com tcp
IE 52.215.212.10:443 ad.360yield.com tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 34.120.63.153:443 prebid.media.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
GB 108.138.233.123:443 api.privacy-center.org tcp
DE 46.4.139.58:443 s.richaudience.com tcp
DE 46.4.139.58:443 s.richaudience.com tcp
DE 46.4.139.58:443 s.richaudience.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
IE 34.247.240.165:443 id.crwdcntrl.net tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
GB 18.245.220.173:443 aax.amazon-adsystem.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 142.250.187.196:443 www.google.com udp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 172.67.74.173:443 wct.softonic.com tcp
GB 216.58.212.206:443 ampcid.google.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
IE 34.254.52.227:443 bcp.crwdcntrl.net tcp
DE 157.90.33.72:443 push-sdk.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 173.220.245.18.in-addr.arpa udp
US 8.8.8.8:53 53.68.254.34.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.212.215.52.in-addr.arpa udp
US 8.8.8.8:53 165.240.247.34.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 58.139.4.46.in-addr.arpa udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 227.52.254.34.in-addr.arpa udp
US 8.8.8.8:53 72.33.90.157.in-addr.arpa udp
DE 157.90.33.68:443 push-sdk.com tcp
DE 157.90.33.68:443 push-sdk.com tcp
US 142.251.40.163:443 csi.gstatic.com tcp
US 142.251.40.163:443 csi.gstatic.com tcp
US 142.251.40.163:443 csi.gstatic.com tcp
US 142.251.40.163:443 csi.gstatic.com tcp
US 142.251.40.163:443 csi.gstatic.com tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
US 104.18.38.76:443 cdn.indexww.com tcp
BE 104.90.24.23:443 contextual.media.net tcp
GB 2.21.188.239:443 ads.pubmatic.com tcp
US 151.101.129.108:443 acdn.adnxs.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 2.20.12.106:443 player.aniview.com tcp
NL 89.149.193.116:443 ssbsync.smartadserver.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
GB 18.164.68.102:443 api-2-0.spot.im tcp
IE 52.208.101.151:443 match.prod.bidr.io tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 15.197.193.217:443 match.adsrvr.org tcp
US 54.147.216.107:443 sync.srv.stackadapt.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
IE 54.171.23.218:443 jadserve.postrelease.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 44.196.209.172:443 cs-server-s2s.yellowblue.io tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
DE 51.75.86.98:443 onetag-sys.com udp
DK 37.157.5.133:443 c1.adform.net tcp
US 74.121.140.211:443 sync.mathtag.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
FR 178.32.197.53:443 ssbsync-global.smartadserver.com tcp
GB 142.250.187.226:443 cm.g.doubleclick.net tcp
US 172.67.40.173:443 spl.zeotap.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
GB 142.250.187.226:443 cm.g.doubleclick.net udp
DE 3.127.95.65:443 match.sharethrough.com tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 107.216.147.54.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 172.209.196.44.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 133.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 216.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 53.197.32.178.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 211.140.121.74.in-addr.arpa udp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 166.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 65.95.127.3.in-addr.arpa udp
ES 23.60.223.190:443 secure-assets.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
BE 104.90.26.20:443 eus.rubiconproject.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 34.120.63.153:443 prebid.media.net udp
IE 67.220.224.144:443 aax-eu.amazon-adsystem.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 104.18.19.30:443 www.eneba.com tcp
US 104.18.19.30:443 www.eneba.com tcp
GB 216.58.204.70:443 12325200.fls.doubleclick.net tcp
GB 216.58.204.70:443 12325200.fls.doubleclick.net udp
US 104.26.11.134:443 assets.eneba.games tcp
GB 143.244.38.1:443 static.eneba.games tcp
GB 143.244.38.1:443 static.eneba.games tcp
GB 143.244.38.1:443 static.eneba.games tcp
GB 143.244.38.1:443 static.eneba.games tcp
US 104.26.10.134:443 assets.eneba.games tcp
GB 13.224.245.27:443 static.hotjar.com tcp
GB 18.164.68.9:443 sdk.nsureapi.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 54.192.137.11:443 widget.trustpilot.com tcp
GB 18.245.253.79:443 script.hotjar.com tcp
US 104.18.18.30:443 www.eneba.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 18.164.68.9:443 sdk.nsureapi.com tcp
DE 3.66.158.36:443 sdk-service.nsureapi.com tcp
DE 3.66.158.36:443 sdk-service.nsureapi.com tcp
US 162.159.135.22:443 device.maxmind.com tcp
US 172.64.145.79:443 d-ipv6.mmapiws.com tcp
GB 18.165.242.74:443 fpnpmcdn.net tcp
DE 18.196.235.131:3478 use1-turn.fpjs.io tcp
N/A 10.127.0.244:49581 udp
US 52.223.49.99:443 metrics.nsureapi.com tcp
US 52.223.49.99:443 metrics.nsureapi.com tcp
GB 142.250.187.196:443 www.google.com udp
US 142.251.40.163:443 csi.gstatic.com udp
US 151.101.129.91:443 roblox.en.softonic.com udp
US 13.107.21.237:443 c.bing.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 172.217.169.59:443 storage.googleapis.com tcp
US 130.211.23.194:443 api.btloader.com udp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
GB 172.217.16.226:443 adclick.g.doubleclick.net udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 185.89.210.20:443 secure.adnxs.com tcp
US 3.217.89.82:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 13.107.246.64:443 www.clarity.ms tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 35.244.193.51:443 lexicon.33across.com udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
NL 139.45.197.227:443 notix.io tcp
IE 13.74.129.1:443 c.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
NL 89.149.193.116:443 ssbsync.smartadserver.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 52.208.101.151:443 match.prod.bidr.io tcp
US 54.147.216.107:443 sync.srv.stackadapt.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
IE 52.208.101.151:443 match.prod.bidr.io tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
GB 142.250.187.226:443 cm.g.doubleclick.net udp
IE 52.208.101.151:443 match.prod.bidr.io tcp
GB 108.156.39.69:443 s.ad.smaato.net tcp
NL 35.214.154.11:443 csync.loopme.me tcp
IE 52.208.101.151:443 match.prod.bidr.io tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
IE 67.220.224.144:443 aax-eu.amazon-adsystem.com tcp
BE 23.14.90.89:443 m.media-amazon.com tcp
BE 23.14.90.89:443 m.media-amazon.com tcp
BE 23.14.90.89:443 m.media-amazon.com tcp
BE 23.14.90.89:443 m.media-amazon.com tcp
BE 23.14.90.89:443 m.media-amazon.com tcp
BE 23.14.90.89:443 m.media-amazon.com tcp
BE 23.14.90.89:443 m.media-amazon.com tcp
GB 18.245.218.37:443 ts.amazon-adsystem.com tcp
IE 3.254.237.44:443 aan.amazon.co.uk tcp
IE 3.254.237.44:443 aan.amazon.co.uk tcp
BE 23.14.90.89:443 m.media-amazon.com udp
IE 3.254.237.44:443 aan.amazon.co.uk tcp
GB 54.192.137.6:443 s2.paa-reporting-advertising.amazon tcp
IE 3.254.237.44:443 aan.amazon.co.uk tcp
IE 3.254.237.44:443 aan.amazon.co.uk tcp
IE 3.254.237.44:443 aan.amazon.co.uk tcp
IE 3.254.236.173:443 sq-tungsten-ts-eu.amazon-adsystem.com tcp
GB 108.156.39.71:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
US 151.101.129.91:443 roblox.en.softonic.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 199.232.209.91:443 softonic.com udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 79.133.176.224:443 www.ldplayer.net tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 130.211.23.194:443 api.btloader.com udp
GB 79.133.176.223:443 www.ldplayer.net tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
US 34.120.63.153:443 prebid.media.net udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
GB 172.217.16.226:443 adclick.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
GB 142.250.178.22:443 play-lh.googleusercontent.com tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
US 104.26.4.6:443 cmp.setupcmp.com tcp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
GB 142.250.187.238:443 img.youtube.com tcp
GB 18.245.143.68:443 js.adscale.de tcp
GB 142.250.178.22:443 play-lh.googleusercontent.com udp
DE 18.197.25.194:443 ih.adscale.de tcp
GB 142.250.187.238:443 img.youtube.com udp
US 104.18.31.49:443 stpd.cloud tcp
GB 142.250.200.14:443 apis.google.com tcp
NL 139.45.197.227:443 notix.io tcp
GB 99.86.114.124:443 apien.ldplayer.net tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
SG 8.219.66.74:443 invite.ldplayer.net tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
SG 8.222.160.10:443 api.ldshop.gg tcp
GB 142.250.200.14:443 apis.google.com udp
GB 216.58.201.98:443 www.googletagservices.com tcp
SG 8.219.66.74:443 invite.ldplayer.net tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
SG 8.222.160.10:443 api.ldshop.gg tcp
US 172.64.146.152:443 capi.connatix.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net udp
GB 216.137.44.59:443 tagan.adlightning.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
IE 52.215.98.156:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 156.98.215.52.in-addr.arpa udp
US 172.67.23.234:443 a.ad.gt tcp
IE 209.85.203.84:443 accounts.google.com udp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
GB 79.133.176.224:443 www.ldplayer.net tcp
US 104.22.4.69:443 a.ad.gt tcp
US 151.101.65.91:443 prs.sftcdn.net tcp
US 151.101.65.91:443 prs.sftcdn.net tcp
US 151.101.65.91:443 prs.sftcdn.net udp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
US 8.8.8.8:53 bidder.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.169:443 script.4dex.io tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 104.18.34.178:443 mp.4dex.io tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
GB 142.250.187.196:443 www.google.com udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 104.18.23.145:443 cadmus.script.ac tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 35.244.159.8:443 u.openx.net tcp
US 8.8.8.8:53 160.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 35.244.159.8:443 u.openx.net udp
US 34.149.40.38:443 u.4dex.io tcp
DK 37.157.5.133:443 adx.adform.net tcp
FR 178.32.197.53:443 ssbsync-global.smartadserver.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
GB 52.84.90.15:443 cdn.mediago.io tcp
NL 89.149.193.100:443 ssbsync.smartadserver.com tcp
GB 52.84.90.15:443 cdn.mediago.io tcp
US 34.111.60.239:443 images.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 34.149.40.38:443 u.4dex.io udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 172.217.169.59:443 storage.googleapis.com udp
GB 142.250.187.226:443 cm.g.doubleclick.net udp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
DE 18.193.153.32:443 match.sharethrough.com tcp
NL 35.214.168.80:443 trace-eu.mediago.io udp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
IE 52.208.101.151:443 match.prod.bidr.io tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
NL 193.3.178.4:443 ads.us.e-planning.net tcp
US 54.174.33.90:443 sync.srv.stackadapt.com tcp
US 104.21.48.215:443 adxbid.info tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 104.19.159.19:443 assets.a-mo.net tcp
FR 185.235.86.38:443 gem.gbc.criteo.com tcp
NL 185.235.87.41:443 ag.gbc.criteo.com tcp
US 192.132.33.69:443 bttrack.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
US 8.8.8.8:53 113.110.2.8.in-addr.arpa udp
GB 142.250.187.202:443 imasdk.googleapis.com udp
GB 89.187.167.8:443 vid.vidoomy.com tcp
US 104.18.38.233:80 crt.sectigo.com tcp
DE 178.63.248.57:443 uidsync.net tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
GB 195.181.164.17:443 vpaid.vidoomy.com tcp
DE 157.90.33.72:443 uidsync.net tcp
DE 157.90.33.72:443 uidsync.net tcp
DE 46.4.139.58:443 s.richaudience.com tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
US 52.116.53.150:443 8proof.com tcp
US 52.116.53.150:443 8proof.com tcp
NL 35.214.168.80:443 trace-eu.mediago.io udp
GB 172.217.16.226:443 adclick.g.doubleclick.net tcp
GB 172.217.16.226:443 adclick.g.doubleclick.net tcp
US 172.67.220.122:443 sengode.com tcp
US 206.189.225.178:443 cint.pbrowse.me tcp
US 206.189.225.178:443 cint.pbrowse.me tcp
US 52.20.78.240:443 impr.pbrowse.me tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 cdn.mxpnl.com udp
US 130.211.5.208:443 cdn.mxpnl.com tcp
US 52.116.53.155:443 7proof.com tcp
US 8.8.8.8:53 240.78.20.52.in-addr.arpa udp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 208.5.211.130.in-addr.arpa udp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 8.8.8.8:53 bam.nr-data.net udp
US 162.247.243.29:443 bam.nr-data.net tcp
US 8.8.8.8:53 39.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 29.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 155.53.116.52.in-addr.arpa udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 35.186.241.51:443 api-js.mixpanel.com tcp
US 35.186.241.51:443 api-js.mixpanel.com tcp
GB 18.245.158.163:443 d19mtdoi3rn3ox.cloudfront.net tcp
US 8.8.8.8:53 163.158.245.18.in-addr.arpa udp
GB 216.137.34.195:443 d1arl2thrafelv.cloudfront.net tcp
GB 216.137.34.195:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 195.34.137.216.in-addr.arpa udp
GB 18.172.153.23:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 181.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 146.48.219.8.in-addr.arpa udp
NL 185.89.210.20:443 secure.adnxs.com tcp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 34.120.63.153:443 prebid.media.net udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
IE 108.128.73.200:443 ad.360yield.com tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
IE 108.128.73.200:443 ad.360yield.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 200.73.128.108.in-addr.arpa udp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 172.217.16.226:443 adclick.g.doubleclick.net udp
DE 46.4.139.58:443 s.richaudience.com tcp
GB 142.250.178.22:443 play-lh.googleusercontent.com udp
US 35.186.253.211:443 rtb.openx.net udp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 89.149.193.112:443 prg.smartadserver.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 112.193.149.89.in-addr.arpa udp
US 34.149.40.38:443 u.4dex.io udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 1x1.a-mo.net udp
DE 18.157.173.136:443 1x1.a-mo.net tcp
DE 18.157.173.136:443 1x1.a-mo.net tcp
US 8.8.8.8:53 ice.360yield.com udp
IE 52.214.18.255:443 ice.360yield.com tcp
ES 23.60.223.190:443 secure-assets.rubiconproject.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 136.173.157.18.in-addr.arpa udp
US 8.8.8.8:53 255.18.214.52.in-addr.arpa udp
US 8.8.8.8:53 ads.pubmatic.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 shield.reasonsecurity.com udp
GB 216.137.34.195:443 d1arl2thrafelv.cloudfront.net tcp
GB 18.244.140.87:443 shield.reasonsecurity.com tcp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 100.20.207.17:443 analytics.apis.mcafee.com tcp
GB 18.244.140.87:443 shield.reasonsecurity.com tcp
US 8.8.8.8:53 87.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 17.207.20.100.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
US 2.20.12.102:443 sadownload.mcafee.com tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 8.8.8.8:53 185.47.238.34.in-addr.arpa udp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 update.reasonsecurity.com udp
US 2.20.12.102:443 sadownload.mcafee.com tcp
GB 18.154.84.26:443 update.reasonsecurity.com tcp
US 8.8.8.8:53 home.mcafee.com udp
BE 104.68.84.174:443 home.mcafee.com tcp
BE 104.68.84.174:443 home.mcafee.com tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
GB 108.156.46.9:443 electron-shell.reasonsecurity.com tcp
US 100.20.207.17:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 26.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 174.84.68.104.in-addr.arpa udp
US 8.8.8.8:53 9.46.156.108.in-addr.arpa udp
US 100.20.207.17:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 8.8.8.8:53 161.21.208.18.in-addr.arpa udp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
GB 52.84.90.47:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 47.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
US 2.20.12.89:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 89.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 8.8.8.8:53 middledata.ldplayer.net udp
US 52.41.182.30:443 analytics.apis.mcafee.com tcp
US 52.41.182.30:443 analytics.apis.mcafee.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 30.182.41.52.in-addr.arpa udp
US 8.8.8.8:53 97.136.219.8.in-addr.arpa udp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 162.159.136.234:443 discord.gg tcp
US 162.159.136.234:443 discord.gg tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 ad.ldplayer.net udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 en.ldplayer.net udp
GB 18.245.218.124:443 ad.ldplayer.net tcp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
GB 79.133.176.224:443 en.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 124.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 8.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 advertise.ldplayer.net udp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
US 163.181.154.182:443 advertise.ldplayer.net tcp
US 8.8.8.8:53 res.ldplayer.net udp
US 163.181.154.180:443 res.ldplayer.net tcp
US 163.181.154.180:443 res.ldplayer.net tcp
US 8.8.8.8:53 182.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 180.154.181.163.in-addr.arpa udp
US 163.181.154.180:443 res.ldplayer.net tcp
US 163.181.154.180:443 res.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 163.181.154.180:443 res.ldplayer.net tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 18.172.153.128:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 163.181.154.182:443 advertise.ldplayer.net tcp
GB 18.245.218.124:443 ad.ldplayer.net tcp
US 163.181.154.180:443 res.ldplayer.net tcp
US 163.181.154.180:443 res.ldplayer.net tcp
US 8.8.8.8:53 128.153.172.18.in-addr.arpa udp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
GB 18.172.153.128:443 encdn.ldmnq.com tcp
US 163.181.154.180:443 res.ldplayer.net tcp
US 163.181.154.180:443 res.ldplayer.net tcp
US 163.181.154.180:443 res.ldplayer.net tcp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
US 104.26.4.6:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
GB 79.133.176.225:443 leap.ldplayer.gg tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
US 104.18.31.49:443 stpd.cloud tcp
GB 79.133.176.211:443 leap.ldplayer.gg tcp
GB 18.245.218.124:443 ad.ldplayer.net tcp
US 8.8.8.8:53 alliance.ldplayer.net udp
GB 18.244.114.101:443 alliance.ldplayer.net tcp
GB 142.250.187.238:443 img.youtube.com udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 104.18.31.49:443 stpd.cloud tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.22:443 i.ytimg.com tcp
US 8.8.8.8:53 225.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 76.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 101.114.244.18.in-addr.arpa udp
US 8.8.8.8:53 211.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.153.172.18.in-addr.arpa udp
GB 13.224.132.14:80 apien.ldmnq.com tcp
GB 172.217.16.226:443 adclick.g.doubleclick.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 13.224.132.14:443 apien.ldmnq.com tcp
GB 142.250.187.196:443 www.google.com udp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
DK 37.157.5.133:443 adx.adform.net tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 35.186.253.211:443 rtb.openx.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
NL 81.17.55.99:443 prg.smartadserver.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 apien.ldplayer.net udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 99.86.114.124:443 apien.ldplayer.net tcp
GB 216.58.213.22:443 i.ytimg.com udp
US 172.67.36.110:443 cdn.hadronid.net tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 14.132.224.13.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 eb2.3lift.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
DK 37.157.5.133:443 adx.adform.net tcp
GB 172.217.169.46:443 play.google.com udp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 81.17.55.99:443 prg.smartadserver.com tcp
US 172.67.23.234:443 a.ad.gt tcp
IE 209.85.203.84:443 accounts.google.com udp
GB 172.217.169.65:443 6e6f3f5c7842094b3477430b5de20294.safeframe.googlesyndication.com tcp
IE 34.247.240.165:443 bcp.crwdcntrl.net tcp
IE 54.155.250.144:443 ap.lijit.com tcp
US 35.244.159.8:443 u.openx.net udp
GB 13.224.132.14:443 apien.ldmnq.com tcp
US 8.8.8.8:53 8c77f43c004cbf04b744742241454535.safeframe.googlesyndication.com udp
IE 34.245.243.254:443 ce.lijit.com tcp
US 34.149.40.38:443 u.4dex.io udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
DE 159.89.25.223:443 node.setupad.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 144.250.155.54.in-addr.arpa udp
US 8.8.8.8:53 254.243.245.34.in-addr.arpa udp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
DE 37.252.171.52:443 ib.adnxs.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
NL 185.235.87.41:443 ag.gbc.criteo.com tcp
FR 185.235.86.38:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
IE 52.210.208.234:443 match.prod.bidr.io tcp
US 50.31.142.159:443 b1sync.zemanta.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 145.40.97.67:443 sync.a-mo.net tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 81.17.55.172:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.172:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.172:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.172:443 rtb-csync.smartadserver.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 234.208.210.52.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 159.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 172.55.17.81.in-addr.arpa udp
US 34.193.171.116:443 pxl.iqm.com tcp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
IE 52.50.68.5:443 ms-cookie-sync.presage.io tcp
GB 108.156.39.126:443 s.ad.smaato.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 8.8.8.8:53 a.vidoomy.com udp
ES 212.36.83.246:443 a.vidoomy.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
GB 142.250.187.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 126.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 5.68.50.52.in-addr.arpa udp
US 8.8.8.8:53 116.171.193.34.in-addr.arpa udp
US 8.8.8.8:53 246.83.36.212.in-addr.arpa udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
ES 212.36.83.246:443 a.vidoomy.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
ES 212.36.83.246:443 a.vidoomy.com tcp
US 172.64.146.152:443 capi.connatix.com tcp
US 8.8.8.8:53 pchelpsoft.com udp
US 104.26.1.116:443 pchelpsoft.com tcp
US 104.26.1.116:443 pchelpsoft.com tcp
US 8.8.8.8:53 www.pchelpsoft.com udp
US 8.8.8.8:53 unpkg.com udp
US 104.17.249.203:443 unpkg.com tcp
US 8.8.8.8:53 cloud.pchelpsoft.com udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 216.239.38.21:443 cloud.pchelpsoft.com tcp
US 8.8.8.8:53 203.249.17.104.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 21.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 mmentorapp.com udp
US 172.67.195.138:443 mmentorapp.com tcp
US 172.67.195.138:443 mmentorapp.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 store.pchelpsoft.com udp
CA 64.18.87.10:443 store.pchelpsoft.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 bat.bing.com udp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.21.237:443 bat.bing.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 138.195.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.87.18.64.in-addr.arpa udp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 privacyportal-eu.onetrust.com udp
US 8.8.8.8:53 analytics.fatmedia.io udp
US 216.239.34.21:443 analytics.fatmedia.io tcp
US 104.18.32.137:443 privacyportal-eu.onetrust.com tcp
GB 216.137.44.66:443 cdn.pchelpsoft.com tcp
US 8.8.8.8:53 partner-tracking.lavasoft.com udp
US 8.8.8.8:53 66.44.137.216.in-addr.arpa udp
US 104.16.148.130:443 partner-tracking.lavasoft.com tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
N/A 127.0.0.1:6471 tcp
N/A 127.0.0.1:6472 tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 drivers.avqtools.com udp
US 8.8.8.8:53 api.playanext.com udp
US 8.8.8.8:53 offers.playanext.com udp
GB 18.245.187.128:80 api.playanext.com tcp
GB 18.245.143.36:443 offers.playanext.com tcp
US 8.8.8.8:53 cloud.pchelpsoft.com udp
US 8.8.8.8:53 collect.avqtools.com udp
US 8.8.8.8:53 drivers.avqtools.com udp
US 216.239.32.21:443 cloud.pchelpsoft.com tcp
DE 116.203.251.147:443 drivers.avqtools.com tcp
DE 116.203.251.147:443 drivers.avqtools.com tcp
DE 116.203.251.147:443 drivers.avqtools.com tcp
DE 116.203.251.147:443 drivers.avqtools.com tcp
GB 143.204.67.183:80 ocsp.r2m03.amazontrust.com tcp
N/A 127.0.0.1:58435 tcp
N/A 127.0.0.1:58437 tcp
N/A 127.0.0.1:58439 tcp
N/A 127.0.0.1:58441 tcp
US 8.8.8.8:53 128.187.245.18.in-addr.arpa udp
US 8.8.8.8:53 36.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 21.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 147.251.203.116.in-addr.arpa udp
US 8.8.8.8:53 183.67.204.143.in-addr.arpa udp
GB 18.245.187.128:80 api.playanext.com tcp
GB 18.245.187.128:80 api.playanext.com tcp
GB 18.245.187.128:80 api.playanext.com tcp
GB 18.245.187.128:80 api.playanext.com tcp
GB 18.164.68.89:443 files.playanext.com tcp
DE 116.203.251.147:443 drivers.avqtools.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
N/A 127.0.0.1:58455 tcp
N/A 127.0.0.1:58457 tcp
N/A 127.0.0.1:58459 tcp
N/A 127.0.0.1:58461 tcp
N/A 127.0.0.1:58463 tcp
N/A 127.0.0.1:58465 tcp
N/A 127.0.0.1:58467 tcp
N/A 127.0.0.1:58470 tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 20.114.190.119:443 x.clarity.ms tcp
DE 116.203.251.147:443 drivers.avqtools.com tcp
DE 116.203.251.147:443 drivers.avqtools.com tcp
DE 116.203.251.147:443 drivers.avqtools.com tcp
US 104.19.229.21:443 js.hcaptcha.com tcp
US 8.8.8.8:53 stun.l.google.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 74.125.250.129:19302 stun.l.google.com udp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
US 104.19.229.21:443 imgs3.hcaptcha.com tcp
US 8.8.8.8:53 129.250.125.74.in-addr.arpa udp
US 162.159.133.234:443 gateway.discord.gg tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 162.159.137.232:443 status.discord.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 prebid.media.net udp
IE 52.209.247.91:443 ad.360yield.com tcp
IE 18.202.148.8:443 ap.lijit.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 37.252.171.149:443 ib.adnxs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 34.120.63.153:443 prebid.media.net udp
DE 178.63.241.79:443 shb.richaudience.com tcp
US 8.8.8.8:53 8.148.202.18.in-addr.arpa udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 91.247.209.52.in-addr.arpa udp
US 8.8.8.8:53 79.241.63.178.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 en.softonic.com udp
GB 172.217.169.65:443 310c94452110a765daf846277732686b.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.softoniclabs.com udp
US 8.8.8.8:53 en.softonic.com udp
US 141.193.213.21:443 softoniclabs.com tcp
US 141.193.213.21:443 softoniclabs.com tcp
US 141.193.213.20:443 softoniclabs.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 20.114.190.119:443 x.clarity.ms tcp
US 204.79.197.237:443 bat.bing.com tcp
US 8.8.8.8:53 sc.sftcdn.net udp
US 151.101.65.91:443 sc.sftcdn.net udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 spn-v1.revampcdn.com udp
US 151.101.1.91:443 spn-v1.revampcdn.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 151.101.1.91:443 spn-v1.revampcdn.com udp
GB 142.250.187.214:443 i.ytimg.com udp
US 8.8.8.8:53 21.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 20.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 214.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 amplify.outbrain.com udp
SE 23.34.233.58:443 amplify.outbrain.com tcp
GB 13.224.222.58:443 sdk.privacy-center.org tcp
US 8.8.8.8:53 propeller-tracking.com udp
NL 139.45.197.240:443 propeller-tracking.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 18.172.152.36:443 www.datadoghq-browser-agent.com tcp
US 8.8.8.8:53 notix.io udp
US 8.8.8.8:53 unphionetor.com udp
NL 139.45.197.253:443 notix.io tcp
NL 139.45.197.236:443 unphionetor.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
GB 142.250.187.196:443 www.google.com udp
GB 216.58.213.6:443 static.doubleclick.net udp
GB 142.250.180.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 btloader.com udp
GB 54.192.139.162:443 c.amazon-adsystem.com tcp
US 172.67.41.60:443 btloader.com tcp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 58.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 58.222.224.13.in-addr.arpa udp
US 8.8.8.8:53 240.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 236.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.139.192.54.in-addr.arpa udp
US 8.8.8.8:53 tr.outbrain.com udp
US 8.8.8.8:53 wave.outbrain.com udp
US 50.31.142.95:443 tr.outbrain.com tcp
SE 23.34.233.58:443 wave.outbrain.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
GB 52.84.90.40:443 config.aps.amazon-adsystem.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
BE 64.233.167.155:443 stats.g.doubleclick.net udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 40.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 155.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 id.crwdcntrl.net udp
IE 52.215.98.156:443 id.crwdcntrl.net tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
GB 216.58.212.238:443 www.youtube.com udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 sdk-service.nsureapi.com udp
DE 52.29.93.217:443 sdk-service.nsureapi.com tcp
US 8.8.8.8:53 217.93.29.52.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 update.reasonsecurity.com udp
GB 18.154.84.54:443 update.reasonsecurity.com tcp
US 8.8.8.8:53 54.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
GB 18.244.114.101:443 alliance.ldplayer.net tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 18.208.21.161:443 track.analytics-data.io tcp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:80 www.microsoft.com tcp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
BE 23.55.97.181:80 www.microsoft.com tcp
US 8.8.8.8:53 config.reasonsecurity.com udp
GB 99.86.114.49:443 config.reasonsecurity.com tcp
US 8.8.8.8:53 49.114.86.99.in-addr.arpa udp
US 18.208.21.161:443 track.analytics-data.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com udp
US 152.199.19.161:80 msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 239.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 api.reasonsecurity.com udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 68.9.67.172.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 8.8.8.8:53 135.141.209.44.in-addr.arpa udp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 8.8.8.8:53 edr-api.reasonlabsapi.com udp
GB 143.204.176.54:443 edr-api.reasonlabsapi.com tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 8.8.8.8:53 54.176.204.143.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bbfb66ff6f5e565ac00d12dbb0f4113d
SHA1 8ee31313329123750487278afb3192d106752f17
SHA256 165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754
SHA512 8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560

\??\pipe\LOCAL\crashpad_4948_JDLSJQHJODGVBPNE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9a91b6dd57fc9c4880d34e9e7c6b760f
SHA1 77a09da6ef4343a8b232386e000cd2d6b9fc30a3
SHA256 0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a
SHA512 9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e01d4a155c87270b087881e87720aa03
SHA1 cd0c9516771673ef44abadab046f0abe3880f18a
SHA256 3a47dee4d672842458502867fa35ca4800a899dd1404e2977c178e10770b4329
SHA512 23606d48bb1b1e2ea38fe0b77b1b4eb76d74dfd6c870a97dfae1196b54ca506a5d9a646533b995d582a9e0e57eb30ec6f0d26347e83c8692bd659ad1343e4f88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0be2d77f2172fb731970e23ef4eabf72
SHA1 c5a009a114fd9a65fc0071369654602429bed8e0
SHA256 03f83d73c6e9f1f62062de80a57213df796fba6479cf49f5bee7bb3ca37e8a2d
SHA512 ab1a35e2077e84d7359e874ffc800d911d66628005c1f040f1c198b37b44fdf22bffded0ee23456376cca3e7d68e40a40e8cadeb174f0191ad53e8b3c0f78f5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3336631b73f0a6a25864a2d675b17009
SHA1 bc4d6f8257359a549a9eb2ffc9c687b08178789d
SHA256 08151bd95917e9b1a444f48d22ec8e42ca9566a85282d41edf279211d9d30d79
SHA512 23846e8a3af21313d452f178d87ff6ab91343132b54b3bbb8dccc9575e8e6f8f60d4a8f0709290f263f8812eda3793bb091dcb4d3b83f0f2dc9726d02601b809

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 741f14ce67dfdbaf6f7994864e0e8b23
SHA1 2df0eec13ceb81d0cde961ee71264553d8c5e33c
SHA256 b47fbdda584e706e525b4c91395b1b041b81b75549a926695db97af8ea420e07
SHA512 8a1bbdb9d69dc4bb8109fe0377f1ba99e4aa0571be7a32f1ae428bffece9fac8e575530a6297774531b99c1d9897f0d1742db3f0794a3f8babaa864f6169bc75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 9e3f75f0eac6a6d237054f7b98301754
SHA1 80a6cb454163c3c11449e3988ad04d6ad6d2b432
SHA256 33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf
SHA512 5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 b15016a51bd29539b8dcbb0ce3c70a1b
SHA1 4eab6d31dea4a783aae6cabe29babe070bd6f6f0
SHA256 e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a
SHA512 1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 620dd00003f691e6bda9ff44e1fc313f
SHA1 aaf106bb2767308c1056dee17ab2e92b9374fb00
SHA256 eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586
SHA512 3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7286521a9b997583d51c1b66614d31ab
SHA1 0381969cda3f65ac3ee591fbe5bcc441aea4fef9
SHA256 083f4a86b526e4521b2701d2732146d571c04a18078325f8296bb7168d39f3d2
SHA512 22a710ef67200b45393137feb6e31a9066c477e2b72f4ced091e05c94084ca21a4c444268b74e86322ee36987055c1825941de54e01dea57b970840b2a75ce66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 80cebdf2f04da443241b595403a3d673
SHA1 9321eef7b4a2c007b2627d42ef5e81c3c130f2c0
SHA256 e72c7bfaf5985054ee2de629598bde18cd8d836b89e0794e2081bc3b5a4b79b2
SHA512 2a456adfeeb5fab8f595274493184ffa116f8e7545d1c3e9c2089ad15865521a9c2fbe6c534dbfbf0d25f7bb385fe83abf3ae2eb7c2927081a630f44aaf51caf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f96492dea41424292085279a3e03eacf
SHA1 b2f8b6743523675c615d2d7a0907ac5b76a4fe04
SHA256 2fc54829c86100659c73950b50e4cf9628f3552c02eb6f998754e86d91174a39
SHA512 7e0542a70e0b27234fa33fcae4857b936dc25b9e8ef7871f3ff4659bc9c131f084bb712171c7c96df4e5ce4a0c31f96effee9eab5e1bb18eb3e6115d7f725ea8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1471588beb7eb91cf8a3ba93a889f5b6
SHA1 9b17ef360572c7cdc9154da9082f7cebce4cf8eb
SHA256 01fc70775f167d4d5f8c07db96746ebe136fd8d99ea7d97aff5276ade8eb8616
SHA512 c238069e83ad4f7fac44e7b4031c6fc7bcbd89976f33d2bf9cb228a7abf4f3aa69088b275a1db43a979c716c9739cc8f2f3870bbb29cc5f6de3be4ac231f299f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1a5696b22f74ab1ccea3af00ec7541c8
SHA1 35194744ef1edfe8308d5bf6d04c85c9cb18b48b
SHA256 81d6c718aa1a19eaa964f5d0a40d836ded259de241be1311843dc88816c6b47a
SHA512 bce05599cb817f9c8c9e7d23f99f8a34a47626d21bbec572c6343a3abc8c39c654cbbb4fbb5595cb21d76a18a1a7fec02f0b47103365546fec60c8f7e8e5a6cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 007bb01992319ea7093b05a09bf7d41d
SHA1 38a7458d5c9551b7529987be1d0615c9bf7b4b71
SHA256 de2400ccc8b2697d0d66adfb8bd10b5948975171d4015e62add85b791d20e3a6
SHA512 87d34281619dae2507ef06ec4ebce1583c36d58f797bed77418ba4ac6d76d45f9abd5ef1b81073d82dc0113f3cd95a667333af9c58371c773c160dd29c8cfc0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aadf7fd84db154f85c725a658229fa8e
SHA1 4af6316067376b053381f0bf7f54b9142abbc167
SHA256 0db81002d2384f5eda41581a1ba87ac0048ce878027e5337d8b1213e5a38c0c0
SHA512 9186376ddb83ecf23de29dba0ac2216e1f38703c1f687ff17161f64e95886ffd5808a4026a714b33cb86d2c34b1b4bcdf3d9b4cd72322653aac4ddfbc0b6196e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 a91c8acf084daefe905c538075d9e3ff
SHA1 398a0d67e3e87fb1f01a644a5b9820ab5d5d69b6
SHA256 9901aba2e46fcf181f9b641590df7bba839243151e8747c1e6798703798bf4af
SHA512 2c0aaa2bd478af9cd3424bb483260dfe174f1c02ee1638565c6dfe43f7181e12e0788dfcd19316c6a884dbb02144ffb35fb886caedcf29f8a2c65ba70079fc0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d1794ebece690a6f553a81d0212fa2d5
SHA1 d229b70d50dab6069ae49a14ab99559dc2717162
SHA256 a088d36844660ce28b94473aac2a93a374c80333e2d07bcb52db9a9f2a9a9b37
SHA512 72d05c4df192192b5c48a4d0cadb54f9a23b28e71a49084f18adb9e81bda191c9235757f0d9d42f415e4ac40275b72a154fd255df3995f5808fa4076c42b30de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1eed51fd30a293c_0

MD5 00dc42f11b62b21bd63f7d69eaaf2ff6
SHA1 1461e0a5ac37ec338edff5cf66088900ec7ea42b
SHA256 f202423352dd748be65b1d1e90cd19a06666fdac060bd2cd10f3b9b1d7669822
SHA512 36ddf96ee58ed0fc9fa147b74ac6a6652b279a8ab3cbd98adf8bc8e4436f7b69d44b5e6d310c7268f22b88b7276afcbcc276f1ed1f2cf05671a05ed1592384da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad65f8cc700f771e_0

MD5 375b77d25683db5847efb066ba1ad3aa
SHA1 dfe14f9ddba2e434c6f45f97efad9f92ebd57102
SHA256 48f49ab7ed0adffc13e6738f89710392feb1f9daaef3c2af862b36b390750e89
SHA512 eba442ccf9e24bf99da1b07a1a4b5d03512e4c59dba05ffe82aca2a840445e00d39e4804611168f9f1c8b4d248929c6edb66c1faec15cf6aa619ffecd9348c86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aa9433f81ac6844f56bca60da5ab74e1
SHA1 b50bd1633ae6e95b13e300d837614563d6adff65
SHA256 f81cd5c43377076f80fccab59ab70f7b2373294850c58268a9d9f48c628f9995
SHA512 89c05d922b2cd522844d5d4b91deb593db79117947de52c67f6c09051a35c90d80d2d8044bd02060982039df29e4e7e016ccaeb2b956248d04791593f37fa668

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0398f7db337833417c6aba2b687ba3b7
SHA1 26132d7ff2de846d9c548f90bbc41951422bd64d
SHA256 6ed90dd07de574c2fed0fd610f678d3d07f3b6dfe7f7b9ac8c36ab9eb3f5ff2c
SHA512 446e7cad36e525fc5e513b77bf14308fe3a8770882172409fac7dcb32d4c69cf54ec1e677abefc275fc1a66f1c9bf1dfb2c08d69de3666328f124f5ca1291f0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5bf32ba683a58a883a9af7bb07ba708a
SHA1 43347d898609fc18638b4c1cc48fae5f6440869e
SHA256 a42d91f12a5582d35ca6b3cdd836348497ebe03ea8b0e0daf03b702e5b1405e1
SHA512 fa164f7376fdc1766ff1a7496af2707a6576496daf2a89c53ee4a5153e1d68bcbc5844820570c565be1f724565426c6a19a563a3df9207c134779ef00bfe03e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 50cf8ae99b73a173bbc0cc1fc8644e5a
SHA1 1993aabbbd1c60516a74c63f8dc8c1783859cadf
SHA256 098f7a39471b113a9790032715952653f5f67d86055c0a60926a4ab19aa1f472
SHA512 1f39a96bc09ee82dd084647a22367ea74d8060ff269aa96376f86e639dd3ab1831c4992da9695e21b7a9c89692df623918ec3ab2cda4ec06023e2c904052491d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 67e30bbc30fa4e58ef6c33781b4e835c
SHA1 18125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA256 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 f217636c5050b9eaaac52fc5d35677b0
SHA1 6833e0cf26347ad2c7aa759fce46f85469500932
SHA256 62b6d34f24298abdbefd9aab31bdf89b4cbf27480072d57f7a61faf51679bcf2
SHA512 89193c9813c31a7f3dfa12ef4dae321d16146e296788efa52f5e4403fbb3979cf83eae5e3c9218150da4cad45e7df85e04bcd6e9200d8fe40f3863b20707385d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 bd17d16b6e95e4eb8911300c70d546f7
SHA1 847036a00e4e390b67f5c22bf7b531179be344d7
SHA256 9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352
SHA512 f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 19c73397068ded824edd2c5b13d0a9da
SHA1 7f0f149b66309aaba41974d524ca69390a34e4f2
SHA256 8c93e33fb098c30a82d774c6a9db9aa92ea0e34586e907ed7d9d2935582c6100
SHA512 8795cd26570fe65181d49676dd9cc9a8012bc22c3e505ac8ed8c1bea68ac7db7f77d6bade360a403a8d79cc4126ac18c2c10e3b83a163e3b42f2e3f60c32426e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 e7789186ec22ea8caf2d9978b893baea
SHA1 ed0f94668dd8e43e8bc4f3c2e50654ec3029255b
SHA256 4ff5155985f6257327889a66f2974aba80fa396dd9d6245bf5cc92fe48343eaa
SHA512 d1c798badfa37be51ad621d7b2b34bffc041dbbeb38631f00765310689fca14e1a37831b209ac7332d537d4ce8893ec02ea2990de255400d843f4402564ef93d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 efbe7b6d187dea0d7f803276c6bcf37c
SHA1 de5905dea9fdb2ba98cace82fe80eaf4385f233f
SHA256 a04d2b858190dccad1f3bf431b96d150a10a87d0e436249347f9ebe8721a85a9
SHA512 3f627e3b4b59fc9b2f8a787b2095e71c0fbfbc43c61c60b19eae084186bef531b05043d65a47d60daf60bcf805078870335585df388eb631bb6d983fdafdaf0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 7651b1187bb58ac4c7be625337b35e5b
SHA1 307d969ef4137a66fe2793737dc1c546587c7f43
SHA256 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968
SHA512 a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 9daf28ddac030aac8d9cf74ad21df43c
SHA1 9b22e0883083d0d9086a8780537475b6c7607155
SHA256 8caba8015de3363cccb51aa9850ab477ec73a4b42a671844ffbbd32189a2205e
SHA512 9d1dbc940d5168e830bbf8969296c337b08d8f39cdd8dbb92fd188163b0db7d2a0b01a2755829ea88d84844884e042c0298cea6ce70d14167152a173e33fa27f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 06f6cadeb72f21fea2b6baafa80a7d3f
SHA1 6e702f40092ff9bb667015a5afa8d202c64fa107
SHA256 3930cb4778d56b24816847402cae4926ee8cd9a4a413d7113960f10f9731266c
SHA512 b68d09fcd7fbbac65983a0709fb570973837552c3e2579a2c1fb3ab3f2bcf4d58a60912a13a686806ddbd0dcea989905c547c3771f0efd239b0143f95e3df489

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 14f33848af4c37ec317aa817da7fe26e
SHA1 51cb5bf9dbcff596ac23b33fe727dd1946cd6326
SHA256 40798de8c899cc5261a00a82e750c830892e5ae438f6b8528d0c78d654fcbac6
SHA512 fb3135384d0e1bb7674d33cf90e50065b6cf139dc9a7624a1d9746361484b32e2d5dc3c1900726860d8d5cf7d7b14f555e7a832e43472a2a03385ba866a5c5a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 1dcc6bc630d6c2b245801d1330f08350
SHA1 4cf7911a7e1cdc8b5bd630772dad4000535adcf7
SHA256 2cb7933fc4e636bb4cf5ea1fe764163c0ca8a62eb2dffeba6857b0f0e1b871de
SHA512 f76ea19fafe07e6b6da1cfcaf8c0c810e42871733c92350e91eaf748493ae9de902abbb2bba5c9f0273e3953462eac138861d0f4dc0bb060853149af9f3fe6aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 b7a2ad9645afa7b6047557956d9540e2
SHA1 afe9d2f2c53149890784506e97057536dc39bd8f
SHA256 127539d026f851bef3cb66520c714050802898d52a93504114b74da81e197454
SHA512 612416421dffab66c38e80bb3b26884384e5029f906f1d7ef8b3f9a38948b52dc3c0e31dcd9a704f76416c8b8119addc1783d0bb229b229dcf539f0361c05a52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 edf8906bf0f8ed9cb2746d41333085d1
SHA1 d7f11d2f5be80a8f4a9dc56726991fd342c2cdd7
SHA256 345357e8e6c3b76bae5266a7ec1af790542f6d6668881bc249da7b643032600b
SHA512 594ae78e4089e790c04849ed33e8f9f33772eea93e66b4271ede8ff8330308d3072df2af714186982864ee5d00242685988d8149d027d8dd5ff4e985339be3bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 f307ec414dd198e0d43e1f19c1e304f6
SHA1 439694699a48e3d83ec9a97f7054cd581ed38785
SHA256 87786315a94e851fea76093c56a4ef3cfcd516444a7602df69746277e5f73612
SHA512 f07c9697c622ca8f7fe8c7c3affadf79dd36edcc0b450cd5aeb6d2d070795f2cb9e1b79f6bb72eb305d3c82561493f68fec9e851f630735e6e43020adeec9445

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 7820201f0db0c706a0ea5bb7ce018ef2
SHA1 6d116650afbb3b25bfd6226c7d5ee00dd1fe4515
SHA256 04f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a
SHA512 bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 21b7c9101ce246b83e038aa6432ee04a
SHA1 de43a51519dc006bf3f55439a1a155fd0187b3aa
SHA256 58b575353d2298089a5f3e3ae55c9bdfefab83b313abf6667b1a05ea0536de00
SHA512 1913ab27e52303c32833d8cb52c084350d0ef29054541392a83537853fdf01590e947b9c8ea98de7c55dff8dc9b97e7156865a150a6c17f71a05e74d4f311dc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 d444c34c9033633f83e5656145428054
SHA1 322de3da1f6426c548d60ce7e99daff3e22ce394
SHA256 18d69ba4351ab051bc3c16dea776fff4feb75958625a715e1e81a9ab0a693f69
SHA512 f23f54f1dc87e4304603c790ac41911ce1a02a38e6d6983701780d3a928c6f7a0e52f8f7ed3b3f9953759040c41595bc6103e785dd812abfd1d72faa80170a4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 036b74783ce20828ebda3211e891cb04
SHA1 7db78485a24e74851b46bda99b7182c086312b46
SHA256 4e78c615a7d6e9bd891b73196de1aef20908169f95ee0506aa1b8889cc8e7cda
SHA512 603b40cb949f402480bafb423486cef83e34334f1f139e51fcc13aee5e2fd933613c26b011cc75a10a5730c4252c0b406cc24022bb5aa841d9c29b2ee8ad487e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 ea4554d7eedb1a28940cd07c6fb57e1e
SHA1 9f758b5a93ab8a4fcc5f8fd64cb419a2d8c3beba
SHA256 0263fabc9d05f3ff5df5d7dd58d49bf29c76f94caccc53cf267390fba61238fc
SHA512 5dd1d1d690402f51f6025bc702dd3403edacfd09ab69bfd73f547af72af4fc4f6888d0d84ad1f199156ff03ffd6596fe4f9d4916eef43a91214141637b8eabbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30afdfc835ecbd0d_0

MD5 0be344367365dac3692faf7bf7a96d16
SHA1 2e790a0e91943ec63b167bf293a393d049d8c146
SHA256 694444026ce1e4e39113caedc28062750301f77809c35757ecf071dc48d5bec3
SHA512 24d50248dde440245f6302a0815b437d3670197c06908fedad62a656a959b6de4e612b387731076339de69ab8a6811d2523209fc3d0b7cd8d91a633e0b544437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d782f305bb50c377_0

MD5 81062fb38fddcd7cc4219c0f56ebcb71
SHA1 a7b0e97b389601804df4cb02a11e82e385734bbe
SHA256 dea6c271086e82b504ec494cc0b575f0256274b3cda706b12efe53f5b1cbee3f
SHA512 8c849c2e38f06c2785e66d8095048a635d64b672f5dfd280d562b46ac131bd938532da4f571d76698bd87aa1a6adb2a16166cf4567770874377ab587b06393f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 c610514e5756020cfb3c727b77b2c83e
SHA1 4083cc96db7af4deac95b32329baa78b7a584f49
SHA256 0148f8f91e2ef35d38ba66c9e01f3deeab27bfedcddc77cd782908c401ac9ca8
SHA512 039625607b59612a9eefa3bd00a07be62cb531aa201d1413da190ecc9ff33e35a8c7a4d095615dc3d08856de1c0ff6c4e080bee8b7ca53174f78d349a2fc6572

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 c52f3521639f61d058b371c90f7340a0
SHA1 26cda00aa74d363215fe8e5de80878cf767d9747
SHA256 98dadb40ba05b9079b6c7cfdcdce83a11764b15cee748e1d6b06ef13e94f1736
SHA512 ead5c9d264cb85f32a1e4e7ca84df51b2d8fcad89abe35b8a9e461cab914224e5ee9c3b0cbcaf720ffaf43566b9d9c958667024e0e6988f948640fd782ff3f23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

MD5 05e9679509b61424a07cc4d4efb7247f
SHA1 db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81
SHA256 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b
SHA512 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ba316f55-994b-42ff-9169-0356522763fd.tmp

MD5 7e59728e0b87dcb61b41e8f35682f7f2
SHA1 64bc886f3ebbf4781b0ec7202bcde8126bf7fd7c
SHA256 c091ab799fbbe98144ffd495dd29ec1479e54b21cd528c59a17d10c7d219549b
SHA512 c9fab405ee4d51e0069fbafc88e5e38e13d9ae3fab176b73cfce20d36653ce96af86041381e9c6ed049f4a6e74e9b0bc0914a731bd8e3c0f750f6b2076ecfccb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a50c257da437dfff88c8ae8260bbbd8
SHA1 660b93b3d92af7289b2a3e291bf721fedd0cf040
SHA256 4968b9878ea7aab73c6956d1ce56085efb4a0d7b72d686b9c106d629042e9840
SHA512 f1769e1943eae2f8a566d0031acdf68271b165eb0ffcb2df83bd2fd579c06bb2d53695e8f76d8eb61409316f9e423650232d9964f41c2d9b34f298ba3394a979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5888838ab451f9aa285762da5a11419c
SHA1 e1dd9caa39be5caa7820a9dcfb0c66269efd9d91
SHA256 ddd0bb7073ba45c6a4c69b88ac881395cac81de2a4bc7011d8f83a7f1473332e
SHA512 4d65ae5da1ca5b32f906bf939ee81baa3db759b43180d8d08a004c0a5e7a2900e99fa4fc549d50ce549c254efbd8da49b138dbe6b7e64119704bc4f66b1c9e98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dcb087facc18bfbacb28f4e07c0411c6
SHA1 fc471d7233f3f55b35725fb7405653f534d83060
SHA256 282bf82429e6ba8bdfad4fdbb427d74ef8aacc761a9ce7e553387566713ef5ed
SHA512 0e08fa2dd84abbce4a4fd9137d1de8ce33060cd12716246c7bbd9fb0e1bdbfddfa1b8d9746a3f5dcbc5ca9bdd30bd2bdd0b7ca793f7dbfc34090ada02534e6e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c2

MD5 86fca06e090f8017dd323ccc516a7ed9
SHA1 720fd4f4d0ac09308d19d229c8fbfde71313ce7d
SHA256 5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874
SHA512 05f6ea47c48a2da3304a2d14a741403200ccf47e1f1b7155a2eba3fe694e4f42b8a327010fbc20b720ba06e4f84ee96b39d885989ae7cd20cc459261cd02b34b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 81cc9c7d8e65b7d1818e72073e071568
SHA1 d9760064b5439fcd468aed804d06d2516a33881b
SHA256 36bf502d421d0466c88411e65f6343f695bc12ba15c863ee077825387356a2c5
SHA512 7ad719910b0dc1c0e69f4520d1b6949a5ca4e0529df49994c73b9e81dd8c12d5a417c0b24dd2cb814ddabf4fd8dad374eee79e77b9f6dc55e035d840232e6b86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2798f560944b6a61f84fa4567907742b
SHA1 18868bacce5fcf3beec4375eaf2b7babd7a06f72
SHA256 b131709d2fb22a70c8386fb713305e6c4dba822b574f475b57878f2953b211b4
SHA512 04c74aaa07a60c4105eeabde6b6e7fa1a70094878a102433d1cdad7db115dbb9d67173f54f6bd2b66e9a132e5831a58d1f0ecdf377b3bc4e65c4ba1bb903df60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e270e46346dc103696f159a83a001e1e
SHA1 05d2477669ddbcac865cb6915c64bdffbb414d6d
SHA256 2fea92a5ddc7c172f006f9777e23ce9b994fa49fc5b4faf1fe1f6ce856b2135e
SHA512 ee9710200c2ba5e44ac5ea593320266542158273d1e229b69a71bad84d30438189ceb0cf351abf81cbf098d80312d929ad9e105089b692a1c903c6a1d3016e0b

C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

MD5 d9cb0b4a66458d85470ccf9b3575c0e7
SHA1 1572092be5489725cffbabe2f59eba094ee1d8a1
SHA256 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05
SHA512 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6

memory/7128-2062-0x0000000073B60000-0x0000000073B76000-memory.dmp

memory/7128-2061-0x0000000007550000-0x0000000007566000-memory.dmp

memory/7128-2064-0x0000000007DA0000-0x0000000008346000-memory.dmp

memory/7128-2065-0x0000000007990000-0x0000000007A22000-memory.dmp

memory/7128-2066-0x0000000008E00000-0x0000000008E44000-memory.dmp

memory/7128-2067-0x0000000008EE0000-0x0000000008F7C000-memory.dmp

memory/7128-2068-0x0000000008F80000-0x0000000008FE6000-memory.dmp

memory/7128-2069-0x0000000009520000-0x0000000009A4C000-memory.dmp

memory/7128-2070-0x00000000077C0000-0x00000000077CA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 628b3b2fb5c646fc17a2f143f233c74d
SHA1 57f48c9b02acc06cebc22a6c297a2b27af3d610a
SHA256 9b281213c4b7c16c191bbed37881d9fb09fb18a0f63b8479326edd26db5f0315
SHA512 342bc306ba779330a3057d293a70ad53fcf3fdab761b4e662b8e79238af58be6f16e74242b8135389d3d14c85ff84b4c1d4851fcc990e9c19e2f3e7f457630fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a2a6858977afc066b566f65be48a4d51
SHA1 eca7a388c6143dfbda611b7edce088b3005e861f
SHA256 af610085a7358c03806bcebec272a2a7d966ba7af2191de22a58e728e6865625
SHA512 656de8b8f89254c1b4274556cdfcea547320c8c534d84e971325539803679cb393d99883485b01ad51c347c92e8f9bda344b905b7c0d55eb812ef054d0a160e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b975689cced86067cb2f26c93a4d12d2
SHA1 93e1b19ee0314f7c1ab38059cc9b355420dee5e0
SHA256 d26a73a531f24ec39cb21285663423731279b0c37f3d24dddb150300d4932487
SHA512 4e0ab1978f93255e2c28294e78fa1a0ddf7f63716d0c501b3685953e2882b14d2acfe55becc4d48912f1598f7eb646e339dca01c13b591056e2d03af9fdf2c7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47a3c22708ff5377c517b27fd1511454
SHA1 b66a8c1b4217f0537790bf50c87827b77496e0bb
SHA256 3a81deb2560f6b370ba1db19a5063de8efcf41b407a9d13a9d8ece195c02ab75
SHA512 86db77aa7ae6f94510a2273e2de0227ea7b98129d1d8ff48a852e37e8610a49f616a2842d6955aa2ac5203ef6f179deb593e62978c47dcb979b686165d060fb9

memory/7096-2201-0x000001EE6E830000-0x000001EE6E838000-memory.dmp

memory/7096-2202-0x000001EE711A0000-0x000001EE716C8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\d3vliphs.exe

MD5 9243e89a455bfba72585938c6907daef
SHA1 bee5b1e3aed99ccb4b225634e94c92b70e3fcfa7
SHA256 45bdcaaea2abe1396a70c64a6e0680648d016a179abb602ca3b2a60c44b234da
SHA512 78dec6b43759c4de21d2df68a265977b67d1d187d2d95695ce57fd54cb6c6167e851f6038b64d57e28260ef5a031f9826cefa66ff5033b03ab1641719fbb8238

memory/6908-2324-0x0000029FC58D0000-0x0000029FC5912000-memory.dmp

memory/6908-2323-0x0000029FC5310000-0x0000029FC5420000-memory.dmp

memory/6908-2325-0x0000029FC5920000-0x0000029FC5950000-memory.dmp

memory/6908-2326-0x0000029FC7160000-0x0000029FC719A000-memory.dmp

memory/6908-2327-0x0000029FDFB10000-0x0000029FDFB3A000-memory.dmp

memory/6908-2330-0x0000029FDFDA0000-0x0000029FDFDF8000-memory.dmp

C:\Program Files\ReasonLabs\EPP\Uninstall.exe

MD5 8157d03d4cd74d7df9f49555a04f4272
SHA1 eae3dad1a3794c884fae0d92b101f55393153f4e
SHA256 cdf775b4d83864b071dbcfeed6d5da930a9f065919d195bb801b6ffaf9645b74
SHA512 64a764068810a49a8d3191bc534cd6d7031e636ae306d2204af478b35d102012d8c7e502ed31af88280689012dc8e6afd3f7b2a1fe1e25da6142388713b67fa7

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

MD5 cc7167823d2d6d25e121fc437ae6a596
SHA1 559c334cd3986879947653b7b37e139e0c3c6262
SHA256 6138d9ea038014b293dac1c8fde8c0d051c0435c72cd6e7df08b2f095b27d916
SHA512 d4945c528e4687af03b40c27f29b3cbf1a8d1daf0ee7de10cd0cb19288b7bc47fae979e1462b3fa03692bf67da51ab6fa562eb0e30b73e55828f3735bbfffa48

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

MD5 8d6d7d2b4b15a56c187288485d57f2a3
SHA1 06980d9bb48deb03fcc34734d45a12a7e73a174e
SHA256 eeed21499b9903b7d8d09392db96475c432ada134afc8ac68099bcf4238dae05
SHA512 e6c3a2d2e956ff8cba77b824e1e9daeb25bce8350c85bd26f5184d5ce9d08e0c76bbdb3772e671a87eb50daeaa45966064cce09374bd6b68985bac90dfefd41a

memory/492-2695-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2694-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2693-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2692-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2696-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2697-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2701-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2702-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2704-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2705-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2703-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2708-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2707-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2706-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 25fd1239861096d3baa1dc4d3df212eb
SHA1 0b4010c31ab61996cc988163a98c4586199b2f3a
SHA256 da07dd19c3b09276da8b96606747280f68035f9b25a40535fd6dd9d125c28d44
SHA512 8553c443bdfc9b51b5ee3739bfb34ba6c71d8d41b19e76cb31f688fa7ce38619715ee461a6bc0654e4b33277bc3943f8b8105ff9d456761085ec357cb5273a25

memory/492-2700-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2723-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2722-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2730-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2729-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2728-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2727-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2726-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2725-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2724-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2721-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2720-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2719-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-2718-0x00007FF6DD760000-0x00007FF6DD770000-memory.dmp

memory/492-3102-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-3101-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-3093-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-3189-0x00007FF6AD610000-0x00007FF6AD620000-memory.dmp

memory/492-3022-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-3007-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-3004-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-2952-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2948-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2943-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2917-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-2901-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2885-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-2883-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-2873-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-2863-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-2858-0x00007FF6838B0000-0x00007FF6838C0000-memory.dmp

memory/492-2763-0x00007FF6D4F40000-0x00007FF6D4F50000-memory.dmp

memory/492-2758-0x00007FF6D4F40000-0x00007FF6D4F50000-memory.dmp

memory/492-2743-0x00007FF6D4F40000-0x00007FF6D4F50000-memory.dmp

memory/492-2731-0x00007FF6CD850000-0x00007FF6CD860000-memory.dmp

memory/492-3071-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-3066-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-3065-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-3063-0x00007FF6DB4D0000-0x00007FF6DB4E0000-memory.dmp

memory/492-2833-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2832-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2830-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2827-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2820-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2818-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2816-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2798-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2796-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2777-0x00007FF6A53D0000-0x00007FF6A53E0000-memory.dmp

memory/492-2740-0x00007FF674520000-0x00007FF674530000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 c6a14b77a0ca0bceb5cca730d04653ee
SHA1 cb3588513681e09c82c89228050a10f143e94033
SHA256 ec0f057693d3aff64e3c61a7532f39865bb0f7df7f55fbdea2621c492f61844e
SHA512 49238e829415fa3083870ddcbec54700094b4e3724b6fe5b37497e41c7eee6dd99b3bec2b95777c02b3e1ed3da20ee77e67773d16e9b58a80772af5a4c7d7149

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 905d3289017da917fb23029baef25787
SHA1 3e6135c7fbc93887c9ad25ad90010180f419d7fc
SHA256 9de2c39de630a77867bdf891301606f05056160f60acc9678700ebadbc06b260
SHA512 b0a38a9bd392633158d7c87a1acc68dde229b3cc8a9d356eb8f44be3a2e39b67a6cff9e0dfdeaa09329a5a55137de22b1c58db083f825a394f889b98a3579362

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 accec47372079cf0bbeb26a4bbfd4ff3
SHA1 5fc779a14ecade006d3d5e0cb1f5d6a3927ba05f
SHA256 83241de50f7769bc5b68a1a100f7931a8526c8a2fc6ec5d682d70eadf99ffa82
SHA512 86efcd115a6956ba9f28939e7a79ba01d77b7c494dca3abfa75a6972c1ae450003ea3e8c3aa4e3120de0bb11363bea362641dce144575a5c1790c9250dd0ea6e

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 280735abc85a7c3bb5f5aec9e1114cef
SHA1 605b31297d5706697d21e0e4b9f8a70d9c0262fb
SHA256 095a37f2b94db2c9513bde90690ee06224ee7d3b80d51f6818cb89d32763493c
SHA512 b8ba20d1b74456622042288505df702a63039adaae8f829144ed43428d3eb8c3167aeed8de07edfbcc65f4c5ba1270a7532f5be2ed1ea75115c57d17facb5bdd

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 582cb55f1d5488c19de8a02e5c22e1b1
SHA1 107898c4b33c797fbdeaccf0d4c73c18e30fe81a
SHA256 7740054020dd617171342f29863839b1ab9e7666ea5e5467039f30306bd409b1
SHA512 ca3abfb0ba9b34bd006dc9576b1d56294ccf2b3086483277a15e6b96ed7ed206a858acfa618d6188f76214d86b2f2f40b43f2f10b3026dc3e5bcbe223186357c

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 53197d1aacf52357df9d8ba12a1ada75
SHA1 0eb39c3133472aebe7b5d7ab41d0ab5be3d1da4b
SHA256 b0cdd006b64e27acdca27c843e9b73bb36a1cd70506438c83403e9412ae0be69
SHA512 27301297b4fa8ed61fad9e8de26dea2d8c95aea7a35c4b2c4708df2fe1c9a667b6baa17a5b6044cd4a4289fdb6f373945879deeecc75b4c08c70793eb81ad8dd

C:\Windows\Logs\DISM\dism.log

MD5 672dba791f47239561b24bcda2a943aa
SHA1 f156749060836bf362b858f591481e0df71f6e62
SHA256 dc95bdbe146d978f8b160f002f29ba961755838bc08859240c52fdd9e7894fde
SHA512 de0afeea32561a4fcfb1e0b60d43c17f621a051d719dff270ab7acb98be0bcbb8b02b60d56d7690a8caab188aa3d050e729ce8b1d842369f0cb7ea0533f6a111

C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

MD5 09e2401f12f54289c04af17d90f0798f
SHA1 2f95c7a2684338f5fc66b0c20e148b2a9938b154
SHA256 3efd3ea030a60cf4c5e0c6b93fdd24f1743e56cecd3a30329375ff80ef47091d
SHA512 8337b3f7bb29f546eaefe9adb8b7674007176c0f6d429d9b51df7eacf41b09042359d028ded0c934f71ce11e308252b86846027e10e07529327a451cfe7c2206

C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

MD5 5e2b4c627d4afac7b138fb229f3ba8cf
SHA1 7b8b27bfcbc2603f7e10474d3895e6dc821992c0
SHA256 b3df61de305444755aa5c79b4a88f10d5474980db8da0d674856ba158eb1c3b6
SHA512 325d151197bce5ba7a9ba76cdaaf5f9f5a3fc546542e78dc2b3b35337654a65ee2d19d20112d82b496104f148acb6b25e8c3d27a567b5eb6f0b2aa38aa4093ed

C:\Program Files\ReasonLabs\EPP\mc.dll

MD5 5761d96590d91fa336c068269a7dbd93
SHA1 5a1b0a8b4f255680a7549b2b27c28dd65a5a3e47
SHA256 7dc02294611987dcffef0d1ce99ff316926901fc872099cbea2fb76997e29f65
SHA512 f8f5743547c96aeb579b7786fc9af64102bef3cf46a6df270cccf5d51a48467d9547732ff49f8d5258e7f28a5bf2d234d3344c2862a5a67f5054de81ec6f4ea2

C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

MD5 b3b1147d7bcff3698ed64b9ca31dd75d
SHA1 cfcfecdfef6103e606e6559920b0164e6ddec856
SHA256 1f260a7cf65d80332a58a16b713570054e83d2d842b17ca76262dedef69922f8
SHA512 8638c0c96ed95c6ce5b00444b7287b0017b2ad1c1aab874b9caa9210fcaf4f7e7a3aac6b261e6e2686b66bbb02d6a68827541bf7a78a922d057a0c0846884614

memory/6908-4990-0x0000029FE0110000-0x0000029FE0166000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\0b28c8e5-4977-41ff-bc03-117bdb758c76\UnifiedStub-installer.exe\assembly\dl3\3ca432d8\47105276_eeb0da01\rsStubLib.dll

MD5 fa4e3d9b299da1abc5f33f1fb00bfa4f
SHA1 9919b46034b9eff849af8b34bc48aa39fb5b6386
SHA256 9631939542e366730a9284a63f1d0d5459c77ec0b3d94de41196f719fc642a96
SHA512 d21cf55d6b537ef9882eacd737e153812c0990e6bdea44f5352dfe0b1320e530f89f150662e88db63bedf7f691a11d89f432a3c32c8a14d1eb5fc99387420680

memory/6908-6647-0x0000029FE0170000-0x0000029FE01AA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\0b28c8e5-4977-41ff-bc03-117bdb758c76\UnifiedStub-installer.exe\assembly\dl3\436210ab\47e81367_84c9da01\rsJSON.DLL

MD5 8740daedb5e9ab8a48389ee3088a9c16
SHA1 4d821d8523ee72ebe2cd3e74e3c0cdcea7038d92
SHA256 8c0123b38ef50dc9aa0cb7c56028ae9c031425ab812ee0b56ff396c35b7af95a
SHA512 e847f7bd7c02662196b1bdbbd1073e21bb185c4a2d19c351b643de80c3efca661c126f9ebd834373d1baf56e8a67d03ce9624132d35f4a8deeec00d4a3236b26

memory/6908-6711-0x0000029FE0170000-0x0000029FE01A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\0b28c8e5-4977-41ff-bc03-117bdb758c76\UnifiedStub-installer.exe\assembly\dl3\a96339ae\47e81367_84c9da01\rsLogger.DLL

MD5 683e19faf979c5ab2ae5919f0b3d1485
SHA1 8453dbc5029e96e4c42cf96b327aef987b15b9e8
SHA256 60834a138a215289237b1f99c05489e7bda8e8c4357ef8e96d7914ef270e5ca8
SHA512 0b3764b1fe3b7fe10f7b78243f5a91c8563816eb19dad8d06e31dcaf6898ecfce667fe2585cff4dacc2a2650cd09428b5e4f2ff58baa54855e9749dc4f5d44f4

memory/6908-6793-0x0000029FE0170000-0x0000029FE019A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\0b28c8e5-4977-41ff-bc03-117bdb758c76\UnifiedStub-installer.exe\assembly\dl3\19fd61e5\f6da1067_84c9da01\rsAtom.DLL

MD5 f2c6d0704191203c591b7257beff2d57
SHA1 0f8e468f8c26b71c5162b33caa812fa48bac8dd6
SHA256 ea791c403f402fbe8763d1adbb3a317463562a42757aa74d96505f2a4997585e
SHA512 2637921c04e98b14085778f85716e92efb76f9a50a0a9c1793b0310043ad60413642199e49f72eccdb4d2cbdbaeccf87ed83bd49976e6409b10916ef0218be08

memory/6908-6806-0x0000029FE0330000-0x0000029FE035E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\0b28c8e5-4977-41ff-bc03-117bdb758c76\UnifiedStub-installer.exe\assembly\dl3\bbe8f4d8\560f1467_84c9da01\rsServiceController.DLL

MD5 3c11f1f4ab1b51e92af5210a25cb1a98
SHA1 f34e01f036d6279cb99ad36b7ad4f93875055ef1
SHA256 aadf52eefbc4330a9af62a2554635bc4f6d9503e0689ba86ee56c194b34d6382
SHA512 f872d8ec41c38e2c6527e4dd5285f7f877fe0714e94fde304f62b37b6f300d5bae38943df0c62dfa829886b0adbed01f6af14bdb8353ff6fdf73acedeb5ffcb4

C:\Program Files\ReasonLabs\EPP\rsEngine.config

MD5 3149ca79d09c362307bed37960f0fd04
SHA1 f5f43f511ef581dc7b88ed194bb8e86e42f45bd3
SHA256 5481ccc72cad44173cdfbf746a701bb79e2b75927ef71aee1226e07e1265d31b
SHA512 d7c519a58bdefd24bcc26ec681b27a72a0aabbf4135d8e47a493abe1e4affd7cb5740b132d445aa9ecf66247de7406d5974557ae671d5977e40d877167b94a70

memory/7332-6823-0x0000000004DC0000-0x0000000004DF6000-memory.dmp

memory/7332-6825-0x0000000005430000-0x0000000005A5A000-memory.dmp

memory/7332-6826-0x00000000053D0000-0x00000000053F2000-memory.dmp

memory/7332-6827-0x0000000005BD0000-0x0000000005C36000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rpi30w3n.rao.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/7332-6836-0x0000000005CB0000-0x0000000006007000-memory.dmp

memory/7332-6837-0x0000000006160000-0x000000000617E000-memory.dmp

memory/7332-6838-0x0000000006700000-0x000000000674C000-memory.dmp

C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys

MD5 8129c96d6ebdaebbe771ee034555bf8f
SHA1 9b41fb541a273086d3eef0ba4149f88022efbaff
SHA256 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51
SHA512 ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

memory/8528-6847-0x000002447EC20000-0x000002447EC4E000-memory.dmp

memory/8528-6848-0x000002447EC20000-0x000002447EC4E000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 b2ec2559e28da042f6baa8d4c4822ad5
SHA1 3bda8d045c2f8a6daeb7b59bf52295d5107bf819
SHA256 115a74ccd1f7c937afe3de7fa926fe71868f435f8ab1e213e1306e8d8239eca3
SHA512 11f613205928b546cf06b5aa0702244dace554b6aca42c2a81dd026df38b360895f2895370a7f37d38f219fc0e79acf880762a3cfcb0321d1daa189dfecfbf01

memory/8528-6861-0x000002447F070000-0x000002447F082000-memory.dmp

memory/8528-6862-0x000002447F5C0000-0x000002447F5FC000-memory.dmp

memory/7332-6874-0x00000000073A0000-0x0000000007444000-memory.dmp

memory/7332-6873-0x0000000007320000-0x000000000733E000-memory.dmp

memory/7332-6864-0x000000006EA30000-0x000000006EA7C000-memory.dmp

memory/7332-6863-0x0000000007360000-0x0000000007394000-memory.dmp

memory/7332-6876-0x00000000074C0000-0x00000000074DA000-memory.dmp

memory/7332-6875-0x0000000007B00000-0x000000000817A000-memory.dmp

memory/7332-6880-0x0000000007540000-0x000000000754A000-memory.dmp

memory/7332-6881-0x0000000007750000-0x00000000077E6000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 43fbbd79c6a85b1dfb782c199ff1f0e7
SHA1 cad46a3de56cd064e32b79c07ced5abec6bc1543
SHA256 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0
SHA512 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

memory/7332-6895-0x00000000076D0000-0x00000000076E1000-memory.dmp

memory/7332-6899-0x0000000007710000-0x000000000771E000-memory.dmp

memory/7332-6900-0x00000000077F0000-0x000000000780A000-memory.dmp

memory/9860-6901-0x0000014A9AA60000-0x0000014A9ADC6000-memory.dmp

memory/9860-6904-0x0000014A9A720000-0x0000014A9A742000-memory.dmp

memory/9860-6903-0x0000014A81A80000-0x0000014A81A9A000-memory.dmp

memory/9860-6902-0x0000014A9ADD0000-0x0000014A9AF4C000-memory.dmp

memory/10356-6916-0x000000006EA30000-0x000000006EA7C000-memory.dmp

memory/10600-6934-0x000000006EA30000-0x000000006EA7C000-memory.dmp

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 330013a714c5dc0c561301adcccd8bc8
SHA1 030b1d6ac68e64dec5cbb82a75938c6ce5588466
SHA256 c22a57cd1b0bdba47652f5457c53a975b2e27daa3955f5ef4e3eaee9cf8d127a
SHA512 6afb7e55a09c9aac370dff52755b117ad16b4fc6973665fce266ea3a7934edfb65f821f4f27f01f4059adb0cf54cc3a97d5ff4038dc005f51ecee626fd5fadd1

C:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 2061141f3c490b5b441eff06e816a6c2
SHA1 d24166db06398c6e897ff662730d3d83391fdaaa
SHA256 2f1e555c3cb142b77bd72209637f9d5c068d960cad52100506ace6431d5e4bb0
SHA512 6b6e791d615a644af9e3d8b31a750c4679e18ef094fea8cd1434473af895b67f8c45a7658bfedfa30cc54377b02f7ee8715e11ee376ed7b95ded9d82ddbd3ccc

C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf

MD5 93b877811441a5ae311762a7cb6fb1e1
SHA1 339e033fd4fbb131c2d9b964354c68cd2cf18bd1
SHA256 b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b
SHA512 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4

C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc

MD5 d4d2fd2ce9c5017b32fc054857227592
SHA1 7ee3b1127c892118cc98fb67b1d8a01748ca52d5
SHA256 c4b7144dd50f68ca531568cafb6bb37bf54c5b078fbac6847afa9c3b34b5f185
SHA512 d2f983dde93099f617dd63b37b8a1039166aaf852819df052a9d82a8407eb299dac22b4ffe8cab48331e695bf01b545eb728bec5d793aeb0045b70ea9ceab918

C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 b001f88504c8c9973e9a3b4dc03e6d1a
SHA1 a54b3046a70a4f2c792ad6a382b637b599f1dc48
SHA256 8ee4cbed114a588e934b5043f95c9c06f40468c2300fa0d1d938d16c1d46a8fd
SHA512 390e53be657fc35fb2e9f41b76b3b07c161a860d72445a4b1425ca973a6d8c0f32f6de6844719c6e9813e8d949ab65263642dea01c800a00285bd45595bed4d8

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

MD5 0df9077c628100feec3883bd3f1c4a95
SHA1 259b8b5a4d4c471fd5b9cf90949b55be108754c3
SHA256 3a86a2872cd807dbcada78c622348beb60d1d09edf6dd13010216cfe9c81b1a5
SHA512 4acf630bd5d70d8821d2bfdeb5e034852646692c8702254ffdf1eeede454caf090a5a6c49536af09cd23a0dbc0322d823a6784567e24f3bb91ecedfb942a55a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b888a64872c982baf9427fe61cbc9f23
SHA1 667137bf358c10e929eb703535c6b7e86be8a83f
SHA256 c45bc202f2ebe8d2b8b11c5567e666f65e37e36ca0eb955c392e5a4dbaf51332
SHA512 e57c244f99dc39bed59d5682049918e8df478b22f1cd821a2d689f003bcd345ac0f2d22942f0636677a100780c213b69e3abbbe679ae9373bf8fc4399af942b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

MD5 d5ed285f484aed0ce8e75b2fa1d92457
SHA1 f4dd0e2992e592d40ccaab2b30f9096dd437b10b
SHA256 653877b152f6c598e0a02c0adfd80b08adc0f33912610a543f60a5fc6f046e01
SHA512 c84dbdb9555bf06ad334929ac377966a06a92fe528554b2f7976aa5889c2150e069c180a53687936abc86fe6da4541a27bb8c8c4ba349803f2e6b9e5b789e9a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 31df78a4505a2833916383d861b91df5
SHA1 887f38df74c74afb69cf33216e1376e40c24a7c7
SHA256 623aca52b5f2ac0925534c1d1a10e66b1c98225a850cf5e6a8b5343373f4e236
SHA512 f8f782e6426fefda07bedb681655955ca12ffd3318cd28cb8d0c45508f5f349c6130d16378ad2d564c3ecf0debc0833507d02b7a77e8fc325b3f60226248fc94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a1be35009292f9cf66b6fd28aff58337
SHA1 298e779f06347c213e3fef8e8d9ab84871bbe7db
SHA256 b05c99bccbc265c89f99803f91b3ae936b71fb831ca1e186836d8e74f3c0af56
SHA512 083259c490c90ab98730e2d7c0fb04f2d5d5d5808fd64f68d484b371c43efa1029c1df9d56e8f02ba052e41cba354d1f4588509e8aa55176d3fb497876272116

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6

MD5 c99a6d99b8fe6b4737b211b497848564
SHA1 fd44f4edada95fc7136904147e23ea9fd2f63f74
SHA256 9d142e74424c3c33d63812acd9e20a6c8be5bb0a7302af20141f4951c92cac6e
SHA512 811f5d9008aea96d6634477d93d736cab1f093b4f56789cd12bf6bb8a7f2e6b14ba11b8ac73ab7f85907382df0fe14a639a68f026f7602059d2e5a5514b92de8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

MD5 8a42ba5472aa4afa3d3ac12f31d47408
SHA1 2add574424ac47c1e83b0b7fae5d040c46ac38a7
SHA256 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4
SHA512 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8

MD5 60140bc834da90837a9a4d1530484677
SHA1 d99868b0693b332681b4db7927f3f11b3ed37607
SHA256 29c0ba2fb11f5bbedff938e0d0a97da59f725cd153bc0c04f052419e779f134e
SHA512 448ddc49ab5128dfc0dc91ebe388d447e748848cd2f7dc15fe1fd0380a5436cc9872c32606d9d161d3648b20bff5eda0e48e8fb77c9293f3c0924ae89589eb37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b3

MD5 d453eca18d366c4054d2efd57717cf9d
SHA1 c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4
SHA256 be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc
SHA512 a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

MD5 42d9fcc7172456834d9e05605cfb999f
SHA1 d1df0982a953011482b7cc5e97803a5fae290ba7
SHA256 5029f1471e648ecdf5518199b5d7a6fdcf2dab7b9ba8367331b0836de3064575
SHA512 5fc471dfd6cf0516739b40db211b4f1e0d3e27e7b53eb1e0c8d34f7ddf5d09ff520bd4c3b7baca993857fd462f184621391fed363a548bc7b50eee3b7ef6ade8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bb

MD5 2335c53afb1602527663457cc9c69410
SHA1 8f5fc5d6c267d93a855106d908eb3e29c6b77d11
SHA256 9eace0b1569f237f159f7f0a949ba8c435b994331aea1f5c7f73c88d2383da89
SHA512 fb5c29cc151f75126a610aa2b81f05f0cc74ae3a115846ae3e0ea2ce5d233b48c3807868ea9043945de64107af790931fd44938ba28e8ceb90c0d549b0834984

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c18c2aa4bece6fcca9806cb4f0c87941
SHA1 5f10f716eaa07a18c604cd4b81caaad99981f46e
SHA256 12705c590db44bd777488929d3720cfea373ac6332b10079869160fcada18248
SHA512 6ad8b6944f1020db0cdad3fce6376d27791cbaad7e3ef6c9eed665a6b73c5d8c12ac9d2189e272aafca79a78fafc1d7669e7af7c6951a70103026c9d324f601a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8249603bbc50d249491f111c736bcbb8
SHA1 67e7155e7a0d1f71cbd2b291038da9202ade9ccd
SHA256 a14079e0afce776e3f227e6febf3409d40028b1a2f0bc08c1bad57141951c39b
SHA512 c545eae868e4aa52e3d7d5fbcfb9f30f7c1edf43a509dfece96ca9cdead830596f06856f50fd6795880a22cc6b04e0b0ef8c67af21d8de2be3763bb1d1d30f16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1682892c478f2a0a7c7f34cfaf5b18e4
SHA1 86011d83299d5570aace1b99601b59a5326359b8
SHA256 1b388b06522ba807ca79c10c441ee2017300c50a61faa322580c020ea1c06d48
SHA512 9fc95491570bb62a393697b1348daa140f201772a08ba259cc15735d2ddb8f74c4c3442b28148a2573d70b7064f2aad4d9ffddaa7b800ebbdbc6a34508929042

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c4e1caed87e2657ca08e8636d2e4acd0
SHA1 707a2d14434b99a1fc2fe484efd7706c8320a7b8
SHA256 e5a39422dd0aa6b5d6bc618c8b5d1e1b8fbe323b4d820dae7ec1c1e1a0eb7522
SHA512 2fb37152986890bbfcb5edd175817bbc63183b876e5577a36bce30a824f3267235bc9eae9f334e8c5972ffe15811be0af729dcc7934a04f386f8c31a20e6c67a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63b8e86100ad95eca067a12f2a2acac4
SHA1 fa6e72322c9ee1802ad359a4a6a324d19af1a072
SHA256 0b4cb33c60ba56fad4f81e6e75d02cbbc5cd5c6173f2faef0a359e5f81a9c284
SHA512 a3bea8f03c28f5f8548dac5bfc2ac5b240165261306b888483eab4de1fef30151f188dcad3c92ee96cc3fe5df1a42e73da3e996b9ae037c5bf3bd2f427b5b738

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5a79cfc87aee76d2e76b0f31b1bd4a9c
SHA1 ebfe757ab490f56d0f2784a91a279f54d0e11250
SHA256 1f76ae7f74b23fec4acd0a04560623e415ce6d4cbe55e2a38b1f37e049c5b544
SHA512 100706a6823d52ed5f7fd2edbb709cebc1fd4a13f273100b40ca0bc599850df365707d0e73f2e860201e9446d9f2ce96d30e086d436615c11eb414e9255541c6

C:\Program Files (x86)\PC HelpSoft Driver Updater\sqlite3.dll

MD5 842e8edbfbeffb9ef234a2da6d5980fe
SHA1 f76e944e5ac3c489d987a11a313b41dee3e813f3
SHA256 ec30f1214fa645b8e436142acab6cc9a07f5c4e3414b5e539a832df9237a7bb3
SHA512 1ca9449dffa72b274b842b3a1f2008d3f13c6f423e7ac466e2efb97fe2103e1aea052a5e8a9839083061154fb61ec870fbe8e35164b386a3aa0aaaf8064a0ed4

C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

MD5 bd374666922d72c4580a0462368ab5d7
SHA1 b846e43c6f060a94afd245f56511f4d1f4335320
SHA256 9dec8425a8a43e73a4d1ab347f92c86a38cc7e4faa6750cea2919854523264e4
SHA512 e026084aaa8990b7e704f65e4097fa7a3c8b1cabaee3aa76eb84bded044e7bf31f732e27a696d0eb93343b19d8078a81c3b24b72b861d490cb17f245b1bef3f0

C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.exe

MD5 4947f753eb5c3b1aa3ce496a9ab30130
SHA1 20da210a244b611cc51f3167688b108fea890cc8
SHA256 1cb7131714f41d651792f15b48a128840c959a5190d076a7fee5fe8b8efe232d
SHA512 70407d838aadae2f1c5e9e10446787fed29b683a8374eedb834ee0b255524adf5d1cea6e641e859b14a5e4f8b3fec313f7f943522d144fa902eed6dd5efab4ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 02d847e9cf9396ea5589732b32b0f5bd
SHA1 2926e54f1be14109a1301505bb07348bca5b7ddc
SHA256 d32b9750bd5cf7e33a68c11c4b6d4abbf035ca87554a3212acd0b94b3aa7a3ed
SHA512 07848be08791601a2a141132493fca5b7ceb2cd6b892c05c76dd99a5d81d26711d5b213cbb86e3ad3ebd09b0649e1572c01e41c20214e1a2e42747a8a8d53217

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ad377920ab897d068cdbeb4b6f0dceee
SHA1 7e669de10fe2fa675340eb90f4efd0f477ffca02
SHA256 62a4e17e6342c4a89429ddb5bd5f39a29e1f5613a8c5dade15c68fa513a6c5f2
SHA512 46248166f79ced2a6e863f7f5e090188f01756ffb005a0c22025f8144f0fd254f30926c4de90da344fcf46376d622f1d1c7906b91e0fa51c4ea1aaeada404d24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0f7efbc94a24817fe5ec45a1743d9338
SHA1 e0a8cd9ea76871682cf91bf8e4487af2c5ff52d3
SHA256 b7d42babe8612b2d05df2fc979d9379ceb5e0f3a053cabb15edbc10558dd6952
SHA512 408f9c980ad801241d6768d9fe3e069f1c2a9388efd1d86ba06c1d3b189de575d89b3def336f2ed04f9536e539b6b6ca67f2c48d1ad3955c15f9bdf3bfad07a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8cf63accf4b37195a8eef9e3a0a42769
SHA1 72b91f403df53965a16d5f4365fc14cf7aad791f
SHA256 344661cf4692ed6475d128e2136bdfe2600d0a99688048da60b0a37977aae36d
SHA512 e6d1c7c76cd4cf61e5f6f89660f74d428d521681a64fdeb1ac9c1a3a22893a3802fae707dfc1b075acb09cb09a41317407091cdd297c2f113796f59f42c1f130

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d5fd3226aa9f5fc3b8959482f6752055
SHA1 f238a512e164f98e0fa78477615f8d601a22753a
SHA256 54aa84d476c37641d23590e7953711bbfbac2d72ce03f62ea0e9e090ff34feaa
SHA512 b436eaae099067b260bee38c6a5beffc35facc41bba80de1ee581146c1d568e04f7fad818eb4d8feda6e8263bf5de7aae584c64a79e1124065a029689a4eac5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 de0003cccbae974bff2d135d5b51dbc6
SHA1 1fe012f8282ed44f79de3ad6720b2ed0d58049e0
SHA256 083e13e349973579ccb82bbdf5784b9fd1fa259e731f3222d0847a83696387a8
SHA512 5f47adbac0ffa14dcc77a606990f192b56d8368809cb7702727d9bc8e00f5a72d7a04f7b703d42937c93ff7ed8ded3b6a83bfa74693a2d8544c1283b13ab6d98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9174366ac6bd636207a0880497ee0c6a
SHA1 89c88175357bad46f10a060daf47449229c82b87
SHA256 50346b7a153a61700c455f2400bc372623386400fedd1eaf15b198aa414e8ddf
SHA512 30afd570b156a574a9c215b06451e60c52e9b4d705e2c6224091a2d7932f05d4d50de399f7e59209ba9d0eae5c5f79ca4d55cd26c61d3f23d2140d7d50152c3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a5b4fe294358b38a6d7cafeeb13e3114
SHA1 297009e75d7502b7250ecb333e761af18000786d
SHA256 0e8a59399fef00a675597cf211253ad62a944ca3500b989c0b653aa51c34d754
SHA512 4fa9a271c2812acb827fb3e68556572bd27ea99967ec785f955498d72bb53caea2abd7dce4f19fcbd5716bd3dce27a003b2c98baf5531bc33958ace33694aac7

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 1adeae94f1826bbf2e09cf90b490b989
SHA1 7063941f76382f2639c8165e803697b1d7f2a54f
SHA256 418340192f18fa16167fc6c28d6f89ed4647ba2c5190efc363eb8c5816318167
SHA512 a5daf354879862cd9aae2d82d71e592a34d87c1a139404cd5b22751fda0541696e379449fe59cbc309f4e5fbaa5d14a08617fcf1e052374aaf1df16cc5f2059f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 582d29e8e57b5f8878ca98e96db7b95b
SHA1 cd6cd29140676c8c607e10eeac873af13cf754e3
SHA256 5e08362e1babcd06640773b8261ca01e0e92344c7109159e02901d0b6f647c2e
SHA512 37d79f0bbe285524b4f4b4e188f72b18920ed3ff18f9b245ffc188b91a6d363c212ed7b6c57b5af3144d9e485c002db9c9f686cbb79094009db528e0de3f29de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7ab4664ca371036827be31cb9483fdbd
SHA1 757c257bc9bdba7c4df4b5fbe88ea5d4258b6c4c
SHA256 85831355ac1d784bc26515a76a514facbca5adab40ab6f3ba297e8f5c887c90b
SHA512 b9e32d6d72747d7d73c9c1860438e632a24cdaa480e951b2a83cee40f9752cc7fe0363f338dce3c39351608f54975f37d6bc77fbba14134fd67410b47597a980

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000126

MD5 1af625b5988f4098155457b42c9e7604
SHA1 f101a2737ad079176c92bc2684f8961b074ad710
SHA256 44d44ea3935d534f44d0e33117954cadb08b712269e12e10093755e3d4885014
SHA512 b81654c38578ee6acb3ef12ced4fb5edaeb698add94d68a6745db933582494170ac6a048022eeb2dd734372232673f7ed50102fc8fc3094e3804110b20172d39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012e

MD5 fe0cb11576905a924b316b72b715c2e3
SHA1 31a833346d235602a4fc51b49ef9bf57d9d1409f
SHA256 ee9fdfd767036158d8d3bc22f6c3095c5bfa6c17d4611eaacd45a5a829a864b9
SHA512 0227816287e01021bc07b84db89642ed0cc5e1c3a653a8be2c38bc53dcb17cd62b1a45051cf143ba9c2a5880df961d281192547fbb0788d95659ec5169e98ac4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000131

MD5 d89db53bc50d25c5cf52ceb433bee641
SHA1 e49477e0f9b79a9e95fe33232f4976b79104cc69
SHA256 b1a035629418e7c9e332dbe9726141d19f055b33798b2833f87c248acc758b9d
SHA512 3fa535c2b7723262dd2dd3f8609dc0ee8fd01dd03179f2b413dc17707b7d8d21b7adc6cb6ddfc336cae0694700ad9c496b18a1a66c456f47bd62d45d10538f61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000132

MD5 9cc74dab45e360d90c7f3f189e18b9a8
SHA1 aca1940329422b99516d4b48a30700c8cdc2d042
SHA256 fa9471b70365a74dfa7d7ba7fa80ca30dd332c9e6fdb91726e005680d10acb3c
SHA512 6216a5236c4ac47aa3ebafb4e8ba04930f96b4ea5934a30771b197dde0f4225c08372e8394fd93b6ace14ba6867345cef41930806cdb49e56ef9fc8571d77eb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_softoniclabs.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013b

MD5 1b7ac631e480d5308443e58ad1392c3d
SHA1 95f148383063ad9a5dff765373a78ce219d94cd7
SHA256 7fb66071ac6c7cfff583072c47bc255706222c2a4672c75400893f4993c31738
SHA512 15134314dfd36247db86f9b3d4dcb637e162f8fd87c0ce73492ffdb73a87492fc80330655617f165dd969812ed2ebcc42503f632d757bb89ba9116137882119d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4699cdb8acd35de5fc637607ea4bf2c1
SHA1 faae30528467d14a2720533f75db33c491a52570
SHA256 e9b72180325777d565fee28e680ecda840f8f48f8133eeaa0c9771db6d0d5bea
SHA512 785b79499dd843e4cbdf29c7dff2e491c21b13d9d698ba81b732656db7389968f0bb27d838f453ae7657b47224f382048393aab3892f57f8aa12f98ad8cc11e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 216e41147e37eeb918791967aafce881
SHA1 6098913d090f1b0cecab06b0e33b512a9d29c079
SHA256 8a1560024cb3a087006c5e2e3647d4c33c2165273c62f4eb5e8d735e8204cea9
SHA512 ec4f671a10dc08c3661feb0c16af80cc9a70fd21a915c5b013a5962e86f5fc40c555be17e3648fad0e59162300897d676c830226184580b5b429881bf8df1813

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e3f48ee4a800bbddddbfc75538befecc
SHA1 6547c0c79a6c8d072d5b3a81030217f4a4109c8f
SHA256 071582238f6918ea29488c9aa63ec2866b491b8e5392d9782847985e2ba8e6a7
SHA512 11fcdd13c326406918a741661fb7582f2d716dad20cbee14c5fc4130a1aac9c1ebef3edeb0ae85869bb1bb66936f8dc6c92b30c74ebd45f2b8c91ac9022d4c29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7ad87ce71df690180e883d3738a8a70d
SHA1 a79efe2c2f9ce59671dfbaca162df46fb1c9782f
SHA256 08a11d3340c0d334ee56a6d4b88ebe8461963d0e97451cdde82668cb8358f494
SHA512 4e6062e53bcdd8b5622cec626e0c1b805363bcfd37d40e117384c773e4be0cf9c1ce37cdaef3955c92afac95489bdbd3b19384fbc298dd91b58cc8b2879a1233

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 86c87a804469f6436acc3b5c44c31daa
SHA1 7353526255d0e7f9bcf7cead98990768a9b29e73
SHA256 a41f4580a5bfceff2090ae46fdf6cf6b6fb3b9c98f176bdc5f91ca26a5a30452
SHA512 bc9c58ce02219ed73caa5979abfa3259c37d38e0c4f684102087c40a09be4454c20384093cccdf9eea96590f337bb9b89a7775cb3a777e1d07a0b2323660b475

memory/6908-8702-0x0000029FE0280000-0x0000029FE0288000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4A2965CA\0b28c8e5-4977-41ff-bc03-117bdb758c76\UnifiedStub-installer.exe\assembly\dl3\c04c0447\560f1467_84c9da01\rsTime.DLL

MD5 b61f9701f92bab290bcc2f4a815d50fe
SHA1 e3d60442c7d35baee6ce4827f7bd8babdd654dea
SHA256 8132b936e29ccddb7a50e1a853de60acf27759f50241dfb4822d22bde75e8913
SHA512 a3f261607ca5d08301371dfc2a45976845491b4e029da88af0ccaa1dacb49a07548395d5b4d1f61b140d9a60cc5a1cd1408721f888e0bc5042197addac051d37

memory/5312-8710-0x000002622AEA0000-0x000002622AEFC000-memory.dmp

memory/5312-8711-0x000002622CC60000-0x000002622CCBA000-memory.dmp

memory/5312-8712-0x000002622B360000-0x000002622B388000-memory.dmp

memory/5312-8713-0x000002622AEA0000-0x000002622AEFC000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 2afb72ff4eb694325bc55e2b0b2d5592
SHA1 ba1d4f70eaa44ce0e1856b9b43487279286f76c9
SHA256 41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e
SHA512 5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e

memory/5312-8723-0x0000026245500000-0x0000026245532000-memory.dmp

memory/5312-8724-0x0000026245B60000-0x0000026246178000-memory.dmp

memory/5312-8752-0x00000262463E0000-0x000002624663E000-memory.dmp

memory/11648-8756-0x000001D2D81C0000-0x000001D2D81F0000-memory.dmp

memory/11648-8757-0x000001D2D8250000-0x000001D2D82B0000-memory.dmp

memory/11692-8878-0x0000028824CD0000-0x0000028824CF8000-memory.dmp

memory/11648-8879-0x000001D2D81F0000-0x000001D2D8216000-memory.dmp

memory/11692-8880-0x000002883F410000-0x000002883F5A4000-memory.dmp

memory/11648-8881-0x000001D2D8220000-0x000001D2D8248000-memory.dmp

memory/11692-8883-0x0000028824CD0000-0x0000028824CF8000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 1068bade1997666697dc1bd5b3481755
SHA1 4e530b9b09d01240d6800714640f45f8ec87a343
SHA256 3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51
SHA512 35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329

memory/11648-8882-0x000001D2D82F0000-0x000001D2D8328000-memory.dmp

memory/11648-8896-0x000001D2D8360000-0x000001D2D8392000-memory.dmp

memory/11648-8897-0x000001D2D8430000-0x000001D2D84B6000-memory.dmp

memory/11648-8898-0x000001D2D82B0000-0x000001D2D82D6000-memory.dmp

C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog

MD5 789f18acca221d7c91dcb6b0fb1f145f
SHA1 204cc55cd64b6b630746f0d71218ecd8d6ff84ce
SHA256 a5ff0b9a9832b3f5957c9290f83552174b201aeb636964e061273f3a2d502b63
SHA512 eae74f326f7d71a228cae02e4455557ad5ca81e1e28a186bbc4797075d5c79bcb91b5e605ad1d82f3d27e16d0cf172835112ffced2dc84d15281c0185fa4fa62

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 6895e7ce1a11e92604b53b2f6503564e
SHA1 6a69c00679d2afdaf56fe50d50d6036ccb1e570f
SHA256 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177
SHA512 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState

MD5 362ce475f5d1e84641bad999c16727a0
SHA1 6b613c73acb58d259c6379bd820cca6f785cc812
SHA256 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899
SHA512 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

memory/11648-8912-0x000001D2D89C0000-0x000001D2D89EE000-memory.dmp

memory/8092-8913-0x0000016D28230000-0x0000016D28520000-memory.dmp

memory/8092-8914-0x0000016D0F4F0000-0x0000016D0F51E000-memory.dmp

memory/11648-8915-0x000001D2D8A50000-0x000001D2D8AAE000-memory.dmp

memory/11648-8916-0x000001D2D8E80000-0x000001D2D91EC000-memory.dmp

memory/11648-8917-0x000001D2D83E0000-0x000001D2D842F000-memory.dmp

memory/8092-8936-0x0000016D0F560000-0x0000016D0F598000-memory.dmp

memory/11648-8937-0x000001D2D9480000-0x000001D2D9706000-memory.dmp

memory/11648-8940-0x000001D2D8B20000-0x000001D2D8B86000-memory.dmp

memory/11648-8941-0x000001D2D8B90000-0x000001D2D8BCA000-memory.dmp

memory/11648-8942-0x000001D2D8AB0000-0x000001D2D8AD6000-memory.dmp

memory/11648-8943-0x000001D2D8BD0000-0x000001D2D8BF8000-memory.dmp

memory/11648-8944-0x000001D2D9230000-0x000001D2D9264000-memory.dmp

memory/11648-8946-0x000001D2D9270000-0x000001D2D929A000-memory.dmp

memory/8092-8994-0x0000016D27D30000-0x0000016D27D8E000-memory.dmp

memory/11648-8995-0x000001D2D9310000-0x000001D2D9376000-memory.dmp

memory/11648-8996-0x000001D2DAEF0000-0x000001D2DB496000-memory.dmp

memory/8092-8997-0x0000016D28190000-0x0000016D281A6000-memory.dmp

memory/8092-8998-0x0000016D28180000-0x0000016D2818A000-memory.dmp

memory/8092-9000-0x0000016D29490000-0x0000016D2949A000-memory.dmp

memory/8092-8999-0x0000016D29470000-0x0000016D29478000-memory.dmp

memory/8092-9001-0x0000016D29530000-0x0000016D29580000-memory.dmp

memory/8092-9002-0x0000016D297A0000-0x0000016D297C2000-memory.dmp

memory/11648-9075-0x000001D2D9380000-0x000001D2D93C2000-memory.dmp

memory/11648-9076-0x000001D2DABC0000-0x000001D2DAE40000-memory.dmp

memory/11648-9082-0x000001D2D93D0000-0x000001D2D9402000-memory.dmp

memory/11648-9083-0x000001D2D92D0000-0x000001D2D92F6000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp

MD5 10a8f2f82452e5aaf2484d7230ec5758
SHA1 1bf814ddace7c3915547c2085f14e361bbd91959
SHA256 97bffb5fc024494f5b4ad1e50fdb8fad37559c05e5d177107895de0a1741b50b
SHA512 6df8953699e8f5ccff900074fd302d5eb7cad9a55d257ac1ef2cb3b60ba1c54afe74aee62dc4b06b3f6edf14617c2d236749357c5e80c5a13d4f9afcb4efa097

C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp

MD5 d13bddae18c3ee69e044ccf845e92116
SHA1 31129f1e8074a4259f38641d4f74f02ca980ec60
SHA256 1fac07374505f68520aa60852e3a3a656449fceacb7476df7414c73f394ad9e0
SHA512 70b2b752c2a61dcf52f0aadcd0ab0fdf4d06dc140aee6520a8c9d428379deb9fdcc101140c37029d2bac65a6cfcf5ed4216db45e4a162acbc7c8c8b666cd15dd

C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp

MD5 afb68bc4ae0b7040878a0b0c2a5177de
SHA1 ed4cac2f19b504a8fe27ad05805dd03aa552654e
SHA256 76e6f11076cc48eb453abbdbd616c1c46f280d2b4c521c906adf12bb3129067b
SHA512 ebc4c1f2da977d359791859495f9e37b05491e47d39e88a001cb6f2b7b1836b1470b6904c026142c2b1b4fe835560017641d6810a7e8a5c89766e55dd26e8c43

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Cache\Cache_Data\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Cache\Cache_Data\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\fonts\segoe-ui.woff

MD5 9a2931180d6b1dc7b33052657eef554b
SHA1 77b8f3cb5410c779206782a310990c19af2b02ca
SHA256 f424915a692bc5a458d6e7d9c99e4fe0cf5cb8883bd3516b01d4fef5da8d3663
SHA512 e839eb6fa727c6a604da142e7c823c5d8b7d8e33b3d19937da7bc1948c32893b08f0ace35c020e391ab0a9694b479b28282024c3518dac995eb87fd7aa18c631

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\fonts\segoe-ui-bold.woff

MD5 52382539737f4e9913e4bf6b9966bee3
SHA1 d58d3dc5ff86fe8ff594134df53ea9b8074f6bc6
SHA256 d711a54cb4822ccf7926b1a95b7a43107fcfe8ef99a817e6906a1063657c7b28
SHA512 55f1767cfb589eca775f2849b975d8311295951f8e457be58de34983531961ce4fada3a856daed8d7cd712bd8b5fad53ceecf438949deaafb7d5cb87114ecb4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\fonts\noto-sans-semibold.ttf

MD5 dfad8b708bc7b6911ed49a6f35680b10
SHA1 44bd4f1602342642f6bbfc019cca65852d9f3ee0
SHA256 6a27c11bf011fbe565c4d5be9ab49d8535c7cfefeb3aa44dad5d1339f68aad1b
SHA512 0ee222bb6dd7882ec802fb21193ec49e814014f0ece7303c16c2fe24f94735f8d420fba59c9cd689748e89519880b723dfcbd4bbc635d2b89261cc336498e1a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\fonts\noto-sans-regular.woff

MD5 0a66f097fb9215e828bc0ada73d19e45
SHA1 f962197011fa900ec29b4bd14f624a3309854626
SHA256 8e5f3060067847d71c398a897b8f8aecadbacadec3324b41d6eec5b3014fed89
SHA512 060d79916429b617f950a86ef6783198ceb844f26e65b7d26fd667a37c577c5913ba4ef183d2ca0e7f46b3d6e13c128a5bf8c4ae7e0f543c53c051bf13a92fd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\fonts\noto-sans-medium.ttf

MD5 09dc02dbe8133545806d275a2fec2ca7
SHA1 f85d0a08f987df19288a61f18a22519ce0551c3e
SHA256 9d0511ca54de389e3ef4e8a8accdd94e6fdf73eb144f7bba2017e55924092822
SHA512 afd4ad23eaee89cdf729c8645f3d51ead449d8f9fa943a0158270857141d40c8619e3da98163b17770c09c0409536cd60c367736938645e119e60a11ea93dd53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\fonts\noto-sans-bold.woff

MD5 a65fc7725f81daa832e2ac5d4820c2b1
SHA1 a5602a3cb911cdb6ed538c22f451763d884092f0
SHA256 5adee3972bb1a6f74b582f79a5d3b4735e665c00b2e49938a4fb68755e56d9df
SHA512 f8b07d9d46733c8820cf2466a14203710f10ceba789f80fb700b00ff950e5c1f30fb035939911e4d1a4e7ab92f37ce8f6fb47f5d9ab58f5eb5031804e4ad96a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\icons\icon-upgrade.png

MD5 8f0dbfccb36007d663b552bb84db01d5
SHA1 709b15810f26fe075d1037b7d90e196f4471d574
SHA256 07b43077658e1bbc63ac5c7431fd1940f74e8231a532a055de9e2fa0ae79b0be
SHA512 064962f997821ab44b523dc6a7524b6ff21352d90fb9e13281a72ad4d09d3431173d96c71277c92cae023f91d435700169113f14171446d52e65e48b1a44f719

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\icons\icon-threat.png

MD5 02e2204d82355dd71f3e9a493087ab40
SHA1 dd3e5c7ba4d4f7d4784bb040718ced43b0ec6d57
SHA256 d6c4b23336f9539c8dfb12a44282aebe1c052a8bd2a808587c08b01809a755cf
SHA512 035814b7e5ecee257c897e4ce0aee38839760eba0b745df3258e2544429e3ba0a351eed5596ac6125b2c3ab13aafb8d3b97383c2fadb56ed315d7a0b7dd92a54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\icons\icon-34.png

MD5 15b14e66c46e0a83449fea81f4d0e59c
SHA1 c3512dc47f25eb700e21a04f0925aa9d6996f08f
SHA256 10a9008f1b5e61a13f2fc225e9444f17a30036f76855826ff0f881de880db15e
SHA512 c0296a9252e9ea8336a28a73fdeb6d90a3fbd13cb5699f9b90e8b2e3858f041509e8886d056b402c5444e9b36a5950fdb8dc93dd46c15a79d84e1e579b5cd887

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\icons\icon-128.png

MD5 a3c4a97b3abf5c40532df4c73b6a0aed
SHA1 487bcc26a31f4545cada98e13532510784f3d9e4
SHA256 dc9ab4985526d23074e9cf2ee176e68dd7a5cd282c147df32733da083b7ce8a6
SHA512 71c82630413b7d9e8f2541bb036b1884c2e88ba5abee2e6abf79744951f1f2e65f7a3d82fb59c274ad7f02b3e49ee5fa2f20973410db3cc2ca92e6bb3dd42fbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\images\logo_with_name.svg

MD5 7077be1629422619bbe5057dea2afcf6
SHA1 dccf730b9bd0ba9fb7c505f350aa2428457bc952
SHA256 0d28843ed45447345a2437b02ac99a6426de73143015d70bf2eb43ccd4fc75fa
SHA512 48da879c4223098c02814106279abcd6e5cd4a4379baf4cfeffa2fa7a961c4d8791ce10bb79a6643c1fc63d9b57e969f4fa2e5a2dc47e2ac60a1970b2f67f24f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\images\logo-white.svg

MD5 716872be17ae1eabffaafacfb8c0d518
SHA1 f2dd6d573d2fefe6ee189dafebc829098e6c973c
SHA256 824842f23358a42597e09fcc04efadd083e1bbfd6a75a863fabc413713013cf1
SHA512 a54c370a019f85be810337c5550392cd55c6c208b8ce71156c670cd6d5a62c6708f9c4a2d7370c76b0bff3c4dbdf2f99df3dca043084d3d1b552011f0688de40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\images\logo-blue.svg

MD5 846cbae00ad12be63ce5319c6a260323
SHA1 aa840c643cc93e70f704b2d191d4686df04c11c9
SHA256 26abe92c6ad8587e0a373ed74aba3c33f82eb2c8efefd5fba08ce66014417fa9
SHA512 6f3688b8964a38ddd081dd9f431c413656b44de3d0cdbc14a536ce4a32a1ad5fcf7a4f3f5d75b2c986e8fa647fe75cdd32bbaef27bec39bd9c4d03b328a8eca3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\images\crown.svg

MD5 e2e93bf6f4365635d8d01a854caf31d5
SHA1 33502919a2f609b8ef7c8a18f7722d3ce337360b
SHA256 7bf49e91bda1b6dd05b94288fbd86391500557f272b4f8e0ad3a69549e7a6104
SHA512 5548d7fc0faff4ecae85888dbe938438390d478110c26db26e27f9764a3dfc3e5faf91789f84e9e76575b8f371a6cc0cd90feae6b8e3dbf317e59129b71cfeee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\images\close-white.svg

MD5 1fe8bf19c860d2e13f6e9f1ebd2778cb
SHA1 3a47b23b93a3b89abaee6b57fdb597a742be1d23
SHA256 39c46e8e2da43cc6f31ec85120a8879bee0eefdde9b20ce92d1f5e8733b6eb40
SHA512 a3b13146700e148dd855df06045b374ad0f887c3e7452daf480ce913e47d199425741553d9c56e01721739829a1f741d27bdb564882499b908d55af55f57ea71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\images\close-blue.svg

MD5 8d8bf8908be87508c56d626e0a776978
SHA1 3cad5703edacdadf1dc6fcb48fe921712b16fbf0
SHA256 9c5c3329378a3bfba29911b873f1d94239f6ac54dffe6bab113b3d51d8dc0ae0
SHA512 fc0b25c71d69c3721c104afd9ce6af91d89a92a37bf47f97e7df96187e45ed25ac08651e564a09281906e678f7df25af11aeff44b80a3fc17bf2c25c78e1236b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\images\check.svg

MD5 0b2e057ac7229a93f0c0815343c57ff9
SHA1 4c99a278bb5dd30203fb4f33f8d3dcfc5aae5a8e
SHA256 98ce9f3ebf75b2ca71e096bd01988540667d9e9636d5512fe17d099d9eba91ea
SHA512 daf1f0ac010b53f48a1769201bb48df13ef40531e55d3b0736925fdb81441af75f6d3f4e068090feaa6c8ece9f5168c8e44e1dc18c171aca6ef3596a596e067a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\images\attention-icon.svg

MD5 5232d122e13560c86cf3ff0c84ecc3de
SHA1 7c0a78dd1c15e4b50943e1101f0caa8c0405f2c6
SHA256 616cff0cab3ee3e3b69aff4423a541daba199172d2eb2b0f5e7d83e1d6e13f99
SHA512 619222dcc939be36477504882d3a6689a58f9ede708c135fc621d1b8c9d3d9bb4bf6abbecfe7c13bbbbcd7ae2f0f150baa3ac5cd5358db0c057453042484d7a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\assets\images\arrow.svg

MD5 8a4011cef8b4f6e1fe6dfd28c497ad69
SHA1 395ce130677ff0b579f1f3c7f8b45b8489490094
SHA256 31313b5ae51fffa0684dcd10537b9534413f105cfcfc3a8a39890bad5f3aa3f4
SHA512 e25314ee23995bc6d8cec92bd969b9b7e956d46e8bcf8d3ac209445c6f551d311468382f145f8017f6ab26d7cb8c9b6a0c4b3b41c5e7c3f03384116bf720ed85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\_metadata\generated_indexed_rulesets\_ruleset1

MD5 944cc7b993253154878990ae8d949f99
SHA1 63bbb58e604b046a08b0e10de8484343922d54fb
SHA256 3ecb29ec9d6b71e2be72715e0649c965fa2b10ab41d26860913b25c774d5e0a3
SHA512 1f3869717809e7969ce4391afab9716a49593b0d136d0d4b62b00e35734c73f85ae1460c66a2341a2f19487c8d68926fa183420cc770918f45b9fc1b283cf1ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\_metadata\verified_contents.json

MD5 1b01ffc2bafd0a464913805b97e1dd6a
SHA1 f64210c6b06215c5d288f26b3195c557951db428
SHA256 f14934357881f8c7340890752a4fdc0e5440c7ddeb29660ac642c9a972e5f551
SHA512 0d26c87a86371b26bdee126c4ea37fa437538391f88cd263c058e3aa64edaca91efaab01bf93f5c81d4d8df92e73469fffccf403dfb4d49267653e851fc6da20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\rules.json

MD5 5736d36e31b7bc0d59788d30260281ea
SHA1 c2810c0335d1760d2ab337db349c362596df06be
SHA256 79ecc25acaf4d184958e339a9e48a1f0d187f82a676843dc6a40ff907e1853f3
SHA512 046686a280f60d50791ff8bd13989ba4bf058f402bc3d45c3688bc60e8ea91e6e44ec3ae8bf66f1e47b66b336ea8b0f70f20ff1279f6dfb377d662d633296c7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\manifest.json

MD5 36c7c3d8f8d37e17ee06d7a4ce3099d0
SHA1 ea7a3d54e78ddbb80a05888412b2f079a75e5b7f
SHA256 1b594fb15c701e51f960bbb9efdfa72198cb3b6c3aa122ad759524e2c82a2142
SHA512 990a66fa225c7f63804a5c0ca9d4d1af87bff0c1ddf55cce2557d14ebfb17f8639dca12f544fc2c5b218723622fb1be6f7779d5ce8755a562957e5361d6fc9c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\index.html

MD5 336fd61de62addda84cc9e5c283b7e67
SHA1 6b5985b920c40c61fb320f70be5f89233754699c
SHA256 6476c7b35152cbbe4906e94dada4e68faf052744cb0da74589679b86d49edd15
SHA512 2f641a563c6283ee3582c597c10be2336a18cf5e4a1e0c1a3c8b661e1ef49774145f15630b90cb5c1f9bd9439c6d64dc2bfc160763ae3d949eb0eca805bfbad6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\index.bundle.js

MD5 21a57bcfd8166f1a78e93ff075073dad
SHA1 b222925084dcb825c56a1f4d061ce60d73b5e697
SHA256 5fb95e4a8b1ee5fdf974bf4fa3e0890b3d973b98598ced1fd5f4cbfa27e7babb
SHA512 5de66932e9868b16eba364c24052131fa8bad2e097c72bc51f8493b91e8380df4b4717ff97536fb3789a6cffedf198c8b5bfba395572ceadf32fa1eeb130417a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\contentScript.bundle.js

MD5 b5420e42524ff930ce283a078768460e
SHA1 505dbcb230b71985e0b75e1e323ebffe3b15f295
SHA256 a5d2108a9097c9f3fa821b3b90d79c5e4824f74ca21a18c5ff7271b05fda83c5
SHA512 3e8df8ad43c6dc59fa551719057f631d197402d7009b09be898454f28e56378c8539994a22c6141ea527f37549554dfe74e3169eb989d21e9ceb0637d22f61a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4948_1944691275\CRX_INSTALL\background.bundle.js

MD5 a0f181524d2f89830b233309e578191b
SHA1 5112f2f12100b01f242b0690a3aaf5f7e729cd9f
SHA256 727de56a3efb2b77feda4ac895cd5ab0e7f24b28ebec029b0b3460ffd5912eaa
SHA512 f4324039feb00e2109372a40927d69aa2f739d2dc8383f929689c510fc1a14bff653fe179810daa5d2a4c5518c846020ce8fdfdba403e400535a49f6976b8c59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 614a5f99d550c209ceb0cf6c76cdc96d
SHA1 8dfb3f5f719acf475edf91f4b3c78cac11ebd10a
SHA256 774f4945e0323c3d64a88d4b15ed6e73619968a3e7b096281d22877df54b4427
SHA512 e45bc57a7bc46a9931a0b9dd6237a1dad2423d670cb61c0e746636c000a925009353407239445e354b08ae1568202bb49bb83f27dc20ed7055a62b05881e08d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d9ce5283e8b9e0f278fff169d7711456
SHA1 93bcc6dcd27a20f186c54e823ef0e74a79fca17e
SHA256 a66005bb96c0a3366424cb88c4e0aa3945aa65864bbe460d6b2a48ebb4ac5972
SHA512 a40c3029ccff5808c8545315f6762f134e5133c7761bf8e335bcd85c3007ea7d68844d0c85d7865b4e2680fa42c0d4d47eb8dbe85081a8ff43147bd125a3d930

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State

MD5 6f666efd6b2133826995e179dc228d9f
SHA1 79e7c8948d8c5bb91b649d381257931adb61c44e
SHA256 a552e7aaca745722027093fb2e501d6516d19cc407781dea43fbba24f154fa17
SHA512 cba66e68ed1be137d536e524f489dee149e5472a3778ee25064e48a8a714b5cc979254e08d3159ecd43746f9b834b40fc490f498fd2e77e1e6df198afd554fc5

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Network\Network Persistent State

MD5 bd27986e59fba376f9d936d75c4dc3df
SHA1 774b1f26dbc1ab17a929b0c374f8f363bbe79bd8
SHA256 dbcef89487b8b4d387e210bfdf6c25567f7ad43e8583dad3fd93c33027befb62
SHA512 e5c24af0aef0ec078adbf0e91322071d02fa19a1e1a7c74594fea0b6001826d9f5defa88601e141f17b0b87ff8b958112ce8f638916a4452603d5219cd7fa7ef