Analysis Overview
score
10/10
SHA256
5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874
Threat Level: Known bad
The file LDPlayer9_ens_1111_ld.exe was found to be: Known bad.
Malicious Activity Summary
Cobaltstrike
Cobalt Strike reflective loader
Possible privilege escalation attempt
Manipulates Digital Signatures
Creates new service(s)
Drops file in Drivers directory
Reads user/profile data of web browsers
Checks BIOS information in registry
Modifies file permissions
Checks for any installed AV software in registry
Adds Run key to start application
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2
Modifies powershell logging option
Enumerates connected drives
Drops file in System32 directory
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
AutoIT Executable
Drops file in Program Files directory
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Checks system information in the registry
Launches sc.exe
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: LoadsDriver
Uses Volume Shadow Copy service COM API
Modifies system certificate store
Kills process with taskkill
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Runs net.exe
Suspicious use of SendNotifyMessage
Modifies registry class
Uses Volume Shadow Copy WMI provider
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-01 15:23
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-01 15:23
Reported
2024-07-01 15:28
Platform
win7-20240508-en
Max time kernel
277s
Max time network
276s
Command Line
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe"
Signatures
Creates new service(s)
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\FuncName = "EncodeAttrSequence" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\FuncName = "DecodeRecipientID" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\FuncName = "WVTAsn1SpcIndirectDataContentEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\Browser | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Browser | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVG\AV | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetFltUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxPlaygroundDevice.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetAdp6Install.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\concrt140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxDDR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l2-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-memory-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-private-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxAuth.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SDL.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDDU.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-time-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\padlock.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\ossltest.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-namedpipe-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\concrt140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\vccorlib140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\loadall.cmd | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libcurl.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxNetDHCP.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-profile-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9VMMR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDTrace.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\Ld9BoxNetLwf.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxCpuReport.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxNetFltNobj.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-localization-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-1.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-string-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-utility-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcr120.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-sysinfo-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp100.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\msvcr120.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-interlocked-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf-PreW10.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9VirtualBox.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\regsvr32_x86.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-string-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\vccorlib140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-time-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\Ld9BoxSup.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-locale-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\Ld9VMMR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-debug-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxDDR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetLwfUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\platforms\qoffscreen.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SUPInstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-environment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-localization-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\MAIN | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6000BDF1-37BE-11EF-BF51-4E559C6B32B6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426009493" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000a5037247a54b1e28ea48884a66aa72d5fd8809faa2b62245b10b068512f6e7b1000000000e8000000002000020000000d8eea03387faf39d41a9b5ea5b574388cddef6c4052455b8a65f940170adbf36200000001d9425cac65b5eced24a62fd7d2e0a68302078abf716001f6587c062d7378e8e4000000041ad2f85e0036e65514d7147410f979ecc71d529d4fc846063c61814c6e4579c3eedf36494f6a60a50fd38aad70743903fa1a21adf922f13154213709c6a46c4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0be4336cbcbda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AE84-4B8E-B0F3-5C20C35CAAC9}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573}\NumMethods\ = "19" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\ProgId | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7966-481D-AB0B-D0ED73E28135}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9070-4F9C-B0D5-53054496DBE0}\ = "IMousePointerShape" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\ = "IEventSourceChangedEvent" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\NumMethods\ = "31" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.apk\Shell\Open\Command\ = "C:\\LDPlayer\\LDPlayer9\\dnplayer.exe apk=%1" | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC7B-431B-98B2-951FDA8EAB89}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-735F-4FDE-8A54-427D49409B5F}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-604D-11E9-92D3-53CB473DB9FB}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-2354-4267-883F-2F417D216519}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-F4C4-4020-A185-0D2881BCFA8B}\ = "IDHCPGlobalConfig" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8384-11e9-921d-8b984e28a686} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2FD3-47E2-A5DC-2C2431D833CC} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2FD3-47E2-A5DC-2C2431D833CC}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\ = "IGuestFileOffsetChangedEvent" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-1A29-4A19-92CF-02285773F3B5}\ = "INATNetworkChangedEvent" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6038-422C-B45E-6D4A0503D9F1}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00A7-4104-0009-49BC00B2DA80}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}\ = "ISnapshotDeletedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\ = "IGuestMonitorChangedEvent" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-800A-40F8-87A6-170D02249A55} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7006-40D4-B339-472EE3801844}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-8084-11E9-B185-DBE296E54799}\NumMethods\ = "9" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9641-4397-854A-040439D0114B}\ = "IGuestScreenInfo" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\ = "IRangedIntegerFormValue" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5FDC-4ABA-AFF5-6A39BBD7C38B}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4289-ef4e-8e6a-e5b07816b631} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-E254-4E5B-A1F2-011CF991C38D}\NumMethods\ = "82" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-4974-A19C-4DC6-CC98C2269626}\ = "IGuestDirectory" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-7708-444B-9EEF-C116CE423D39} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-00C2-4484-0077-C057003D9C90}\ = "IInternalMachineControl" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\NumMethods\ = "16" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-34b8-42d3-acfb-7e96daf77c22} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5}\NumMethods\ = "26" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-6989-4002-80CF-3607F377D40C}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-E9BB-49B3-BFC7-C5171E93EF38}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-be30-49c0-b315-e9749e1bded1} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\ = "IGuestFileStateChangedEvent" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486E-472F-481B-969746AF2480}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\ = "IFramebufferOverlay" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C9D6-4742-957C-A6FD52E8C4AE}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1111 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=197092
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\system32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\system32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/4bUcwDd53d
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\dnplayer.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:2
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x544
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:734214 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | d19mtdoi3rn3ox.cloudfront.net | udp |
| GB | 18.245.158.103:443 | d19mtdoi3rn3ox.cloudfront.net | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| ES | 108.157.125.64:443 | encdn.ldmnq.com | tcp |
| ES | 108.157.125.64:443 | encdn.ldmnq.com | tcp |
| ES | 108.157.125.64:443 | encdn.ldmnq.com | tcp |
| ES | 108.157.125.64:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| ES | 52.85.187.22:443 | d1arl2thrafelv.cloudfront.net | tcp |
| ES | 52.85.187.22:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| GB | 216.137.34.105:443 | d1arl2thrafelv.cloudfront.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 79.133.176.213:443 | en.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | advertise.ldplayer.net | udp |
| GB | 163.181.154.182:443 | advertise.ldplayer.net | tcp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 163.181.154.182:443 | advertise.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| GB | 13.224.132.14:80 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:80 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| GB | 79.133.176.224:443 | www.ldplayer.net | tcp |
| GB | 79.133.176.224:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| FR | 13.249.9.19:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| GB | 79.133.176.213:443 | ldcdn.ldmnq.com | tcp |
| GB | 79.133.176.213:443 | ldcdn.ldmnq.com | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
Files
\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | d9cb0b4a66458d85470ccf9b3575c0e7 |
| SHA1 | 1572092be5489725cffbabe2f59eba094ee1d8a1 |
| SHA256 | 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05 |
| SHA512 | 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6 |
memory/2992-11-0x00000000038D0000-0x0000000003910000-memory.dmp
memory/2992-12-0x000000007427E000-0x000000007427F000-memory.dmp
memory/2992-16-0x0000000002D70000-0x0000000002D86000-memory.dmp
memory/2992-17-0x0000000074A90000-0x0000000074AA6000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3173.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 001fc11d141984fa9f3ad4c9713300e3 |
| SHA1 | 253159a5d8b427e001b3da9ef5fa6baea3d8aa81 |
| SHA256 | 3e39e53ba359d1e87f22342262da1031ec7aa1c1aa25707b45e48001f12831db |
| SHA512 | bda9d08396647458a35720fe5c2f91fd52add0a4dca95b5334bfc55d87626452a77c289ac4860538145b8f9e7a69c5750a3be1a1a61c500562103e02af8b03a6 |
memory/2992-154-0x0000000003890000-0x00000000038D4000-memory.dmp
memory/2992-155-0x0000000074270000-0x000000007495E000-memory.dmp
memory/2992-156-0x0000000074270000-0x000000007495E000-memory.dmp
memory/2992-157-0x00000000038D0000-0x0000000003910000-memory.dmp
memory/2992-158-0x000000007427E000-0x000000007427F000-memory.dmp
memory/2992-159-0x0000000074270000-0x000000007495E000-memory.dmp
\LDPlayer\LDPlayer9\dnrepairer.exe
| MD5 | 4def56a3500d5a4dec3ff797a88c5751 |
| SHA1 | 1a53c9c6f3d1e27ac8532e09f87990505c8090de |
| SHA256 | c09b51bdc9039b976a55eb8dc7c517d65d8d5f6eadda92d2de27ceee7845b0e4 |
| SHA512 | a96322ca61f45875bfdb7b514ce1a95bbc1faba3fc0b7bc7c0af3f05d68c14e47fddff64e595f6bf053df7e1efad3e5f9e33f3bc2e09501c3c20de62864ae1d8 |
C:\LDPlayer\LDPlayer9\MSVCP120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\MSVCR120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\LDPlayer\LDPlayer9\dnresource.rcc
| MD5 | d4d2fd2ce9c5017b32fc054857227592 |
| SHA1 | 7ee3b1127c892118cc98fb67b1d8a01748ca52d5 |
| SHA256 | c4b7144dd50f68ca531568cafb6bb37bf54c5b078fbac6847afa9c3b34b5f185 |
| SHA512 | d2f983dde93099f617dd63b37b8a1039166aaf852819df052a9d82a8407eb299dac22b4ffe8cab48331e695bf01b545eb728bec5d793aeb0045b70ea9ceab918 |
\LDPlayer\LDPlayer9\crashreport.dll
| MD5 | 19dae6362eb73913f7947f719be52516 |
| SHA1 | e157307ae8e87c9a6f31bc62ecdf32d70f8648d9 |
| SHA256 | ae0eba69019294d03e11d68fea0ee72e77bfe156803f1b83bc8566a0a4d3584d |
| SHA512 | f5eb5771eb03f7f2067e32573397814ff3ef54dc7fae0abadad6bfdcafef6a4a5bf6f3ab9874c0530cb70cb995f6716ca8fa1cba175ed5a1d298c700f6e59ad2 |
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config
| MD5 | e6eafa34e4c79244e31bc22950badcc2 |
| SHA1 | f6413968f5bbb512c40076dae5fa6127a0c03e33 |
| SHA256 | c02527dc6e4d229d69dc11c85474a500cf093cd10af15d5ab84e1df4fd3c612e |
| SHA512 | 7bc769727d19cbf43ef4c8104d2ccbad8f7b269113fd589c234ca45f6a9cf82d4c7f609ecd9be4afdcfb93b0205ad25d52b26693108d8fbf1124c38bd8be42e6 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-console-l1-1-0.dll
| MD5 | 1fb62ef7e71b24a44ea5f07288240699 |
| SHA1 | 875261b5537ed9b71a892823d4fc614cb11e8c1f |
| SHA256 | 70a4cd55e60f9dd5d047576e9cd520d37af70d74b9a71e8fa73c41475caadc9a |
| SHA512 | 3b66efe9a54d0a3140e8ae02c8632a3747bad97143428aedc263cb57e3cfa53c479b7f2824051ff7a8fd6b838032d9ae9f9704c289e79eed0d85a20a6f417e61 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 7ddd5548e3c4de83d036b59dbf55867a |
| SHA1 | e56b4d9cfca18fb29172e71546dc6ef0383ac4e9 |
| SHA256 | 75f7b0937a1433ea7e7fa2904b02fd46296b31da822575c0a6bc2038805971ef |
| SHA512 | 9fb30ef628741cebbc0f80d07824e80c9c73e0e1341866f4e45dc362fea211d622aa1cffc9199be458609483f166f6c34c68b585efe196d370c100f9c7315e0d |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-private-l1-1-0.dll
| MD5 | 18bdfd4b9e28f7eba7cbb354e9c12fcb |
| SHA1 | 26222efacb3fce1995253002c3ce294c7045cf97 |
| SHA256 | 3105da41b02009383826ed70857de1a8961daeb942e9068d0357cddd939fa154 |
| SHA512 | 7d27eeff41b1e30579c2a813eea8385d8a9569bc1ece5310b0a3f375fba1894028c5cec2cf204e153a50411c5dcf1992e8ac38f1c068c8f8af9bd4897c379c04 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | c99c9eea4f83a985daf48eed9f79531b |
| SHA1 | 56486407c84beecadb88858d69300035e693d9a6 |
| SHA256 | 7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5 |
| SHA512 | 78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-time-l1-1-0.dll
| MD5 | a992f1e06c3c32ffe9799d4750af070a |
| SHA1 | 97ffd536d048720010133c3d79b6deed7fc82e58 |
| SHA256 | b401edaac4b41da73356de9b3358dc21f8b998a63413c868510dc734b1e4022f |
| SHA512 | 50bd08680fccff190454e6555e65e2787bdc0e8a9bf711e364eb0b065951c2430559e049202b8f330ac65e9d4cd588349c524a71f700e179859d7829d8e840b8 |
C:\LDPlayer\LDPlayer9\vbox64\crashreport.dll
| MD5 | 54eb1567d87a7f8d522b558befab22da |
| SHA1 | b461e8eadbfe5a5beff264aec3bb7456524d6e9e |
| SHA256 | fca9cd3b650bb5384a25cdcf5a3947f246b5c3d9ca81c387fe1faab2427f20d3 |
| SHA512 | b1e3b347fabf3054ec729eefa7495f775f26fb4221bebfb785076e16ea1cfcd2d3738e2851ae0c8a753861bd8bad1931108067967f20faeebe33ed9b43916b93 |
C:\LDPlayer\LDPlayer9\vbox64\fastpipe.dll
| MD5 | 38a04f46d8f9d5c9c7f7ee6a7175fd4e |
| SHA1 | f829e1b3a21d1278f9729bb739b6e8cd74bcdead |
| SHA256 | ad34635b76825b34172af347934c831182891dc2ca6820deeb8a8bd7974c822b |
| SHA512 | 603853062cdbe8790a4c82b7cc72ee381f5566f7715085f091042731bfdab5019686f3a2a61e33675be14560f7aedf96986188bdf4f88520eee38c7452c466aa |
C:\LDPlayer\LDPlayer9\vbox64\GLES12Translator.dll
| MD5 | 413e78cd4603f4251407d30cfd504481 |
| SHA1 | d42e5ce14e38bbc62bd1d82f111efe3a7d5ad71b |
| SHA256 | 819567d94fe25e41e81c395faee4f8c97a17f0b45fcd1fc52aee436f9fb04020 |
| SHA512 | f1c162a511af04521497f19b01cfa7fd00e031141b504076da15bcd8ebc7c8ac8de7d4c5e3fcdcebe19870ca18a6f930684e0ea4cd9817821808300887166bc7 |
C:\LDPlayer\LDPlayer9\vbox64\EGL.dll
| MD5 | ef46946bf30878e9ecf2044feefe7761 |
| SHA1 | 873bd7311fd58de541d64955579ac1e3935e593e |
| SHA256 | a788ce50d0e0bfa2d49027c91f0260d4a17491694a6634ea950ea37bc7f664aa |
| SHA512 | f3c0c56903577a16119bcc39199fb446f9463f24435a8471ad508b8280639e178962bea70880f16918f5759d55393c68ee9412769062de4899b5071bf2d6dffd |
C:\LDPlayer\LDPlayer9\vbox64\concrt140.dll
| MD5 | 65f2e5a61f39996c4df8ae70723ab1f7 |
| SHA1 | 7b32055335b37d734b1ab518dcae874352cd6d5c |
| SHA256 | 8032b43bdd2f18ce7eb131e7cd542967081bea9490df08681bf805ce4f4d3aab |
| SHA512 | 0b44153ac0c49170008fb905a73b0ab3c167a75dc2f7330aed503f3c0aedfd5164a92d6f759959a11eceb69e2918cb97c571a82715ad41f6b96888d59973f822 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | cb4a19b88bec5a8806b419cf7c828018 |
| SHA1 | 2bc264e0eccb1a9d821bca82b5a5c58dc2464c5d |
| SHA256 | 97e4c91103c186517fa248772b9204acf08fde05557a19efe28d11fb0932b1f7 |
| SHA512 | 381edd45ecd5d2bdefd1e3ad0c8465a32620dfa9b97717cadb6a584c9528fed0d599d5a4889962f04908ca4e2b7b4497f0e69d8481ee5f34ea5d9106d99760c3 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-string-l1-1-0.dll
| MD5 | d3d72d7f4c048d46d81a34e4186600b4 |
| SHA1 | cdcad0a3df99f9aee0f49c549758ee386a3d915f |
| SHA256 | fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116 |
| SHA512 | 6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | a3f630a32d715214d6c46f7c87761213 |
| SHA1 | 1078c77010065c933a7394d10da93bfb81be2a95 |
| SHA256 | d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562 |
| SHA512 | 920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | 4394dafed734dfe937cf6edbbb4b2f75 |
| SHA1 | 06ec8f1f8dd1eab75175a359a7a5a7ee08d7a57a |
| SHA256 | 35b247534f9a19755a281e6dc3490f8197dd515f518c6550208b862c43297345 |
| SHA512 | 33d9c5041e0f5b0913dd8826ceb080e2284f78164effde1dbf2c14c1234d6b9f33af6ae9f6e28527092ad8c2dbc13bddfc73a5b8c738a725ad0c6bb0aa7fcfaf |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 77c5cc86b89eed37610b80f24e88dcc2 |
| SHA1 | d2142ecce3432b545fedc8005cc1bf08065c3119 |
| SHA256 | 3e8828ab7327f26da0687f683944ffc551440a3de1004cc512f04a2f498520f6 |
| SHA512 | 81de6533bba83f01fed3f7beed1d329b05772b7a13ffe395414299c62e3e6d43173762cb0b326ea7ecf0e61125901fcee7047e7a7895b750de3d714c3fe0cc67 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 2c8e5e31e996e2c0664f4a945cece991 |
| SHA1 | 8522c378bdd189ce03a89199dd73ed0834b2fa95 |
| SHA256 | 1c556505a926fd5f713004e88d7f8d68177d7d40a406f6ed04af7bacd2264979 |
| SHA512 | 14b92e32fb0fd9c50aa311f02763cba50692149283d625a78b0549b811d221331cf1b1f46d42869500622d128c627188691d7de04c500f501acd720cea7c8050 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | fbfcf220f1bf1051e82a40f349d4beae |
| SHA1 | 43154ea6705ab1c34207b66a0a544ac211c1f37d |
| SHA256 | 9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d |
| SHA512 | e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | bef17bf1ba00150163a2e1699ff5840a |
| SHA1 | 89145a894b17427f4cb2b4e7e814c92457fd2a75 |
| SHA256 | 48c71b2d0af6807f387d97ab22a3ba77b85bdf457f8a4f03ce79d13fbb891328 |
| SHA512 | 489d1b4d405edbb5f46b087a3ebf57a344bf65478b3cd5fcf273736ea6fdd33e54b1806fbb751849e160370df8354f39fc7ca7896a05b4660ad577a9e0e683e4 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | c7c4a49c6ee6b1272ade4f06db2fa880 |
| SHA1 | b4b5490a51829653cb2e9e3f6fbe9caf3ba5561e |
| SHA256 | 37f731e7b1538467288bf1d0e586405b20808d4bad05e47225673661bc8b4a9f |
| SHA512 | 62ccdfac19ef4e3d378122146e8b2cba0e1db2cc050b49522bedbf763127cc2103a56c5a266e161a51d5be6bd9a47222ee8bb344b383f13d0aac0baa41eab0ff |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | 0fb91d94f6d006da24a3a2df6d295d81 |
| SHA1 | db8ae2c45940d10f463b6dbecd63c22acab1eee2 |
| SHA256 | e08d41881dbef8e19b9b5228938e85787292b4b6078d5384ba8e19234a0240a8 |
| SHA512 | 16d16eb10031c3d27e18c2ee5a1511607f95f84c8d32e49bbacee1adb2836c067897ea25c7649d805be974ba03ff1286eb665361036fd8afd376c8edcfabd88c |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | ebac9545734cc1bec37c1c32ffaff7d8 |
| SHA1 | 2b716ce57f0af28d1223f4794cc8696d49ae2f29 |
| SHA256 | d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26 |
| SHA512 | 0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | c0c8790510471f12f3c4555e5f361e8e |
| SHA1 | 7adffc87c04b7df513bb163c3fbe9231b8e6566a |
| SHA256 | 60bd8f0bd64062292eff0f5f1a91347b8d61fbe3f2e9b140112501770eae0b80 |
| SHA512 | 4f71aa0942f86e86f787036dc60eaea33af0c277f03cf1e551aaaba48dad48593bcceeccc359efbf18ef99cf49f2d46b4c17159a531ffb1c3a744abce57219eb |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-util-l1-1-0.dll
| MD5 | 7243d672604766e28e053af250570d55 |
| SHA1 | 7d63e26ffb37bf887760dc28760d4b0873676849 |
| SHA256 | f24a6158d7083e79f94b2088b2ea4d929446c15271a41c2691b8d0679e83ef18 |
| SHA512 | 05b0edf51f10db00adc81fa0e34963be1a9f5c4ca303a9c9179c8340d5d2700534c5b924005556c89c02ac598ba6c614ee8ab8415f9ad240417529e5e0f6a41b |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 6f9f9d52087ae4d8d180954b9d42778b |
| SHA1 | 67419967a40cc82a0ca4151589677de8226f9693 |
| SHA256 | ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0 |
| SHA512 | 22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | 56486925434ebcb5a88dd1dfa173b3d0 |
| SHA1 | f6224dd02d19debc1ecc5d4853a226b9068ae3cd |
| SHA256 | 4f008aa424a0a53a11535647a32fabb540306702040aa940fb494823303f8dce |
| SHA512 | 7bb89bd39c59090657ab91f54fb730d5f2c46b0764d32cfa68bb8e9d3284c6d755f1793c5e8722acf74eb6a39d65e6345953e6591106a13ab008dcf19863ae49 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-2-0.dll
| MD5 | a639c64c03544491cd196f1ba08ae6e0 |
| SHA1 | 3ee08712c85aab71cfbdb43dbef06833daa36ab2 |
| SHA256 | a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60 |
| SHA512 | c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-1-0.dll
| MD5 | e1debeda8d4680931b3bb01fae0d55f0 |
| SHA1 | a26503c590956d4e2d5a42683c1c07be4b6f0ce7 |
| SHA256 | a2d22c5b4b38af981920ab57b94727ecad255a346bb85f0d0142b545393a0a2d |
| SHA512 | a9211f5b3a1d5e42fde406aab1b2718e117bae3dd0857d4807b9e823a4523c3895cf786519d48410119d1838ab0c7307d6ef530b1159328350cc23ebc32f67cd |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-string-l1-1-0.dll
| MD5 | b72698a2b99e67083fabd7d295388800 |
| SHA1 | 17647fc4f151c681a943834601c975a5db122ceb |
| SHA256 | 86d729b20a588b4c88160e38b4d234e98091e9704a689f5229574d8591cf7378 |
| SHA512 | 33bdfe9ac12339e1edab7698b344ab7e0e093a31fedc697463bbe8a4180bb68b6cc711a2ceb22ce410e3c51efaa7ea800bad30a93b3ac605b24885d3ef47cb7a |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 6e46e5cca4a98a53c6d2b6c272a2c3ba |
| SHA1 | bc8f556ee4260cce00f4dc66772e21b554f793a4 |
| SHA256 | 87fca6cdfa4998b0a762015b3900edf5b32b8275d08276abc0232126e00f55ce |
| SHA512 | cfeea255c66b4394e1d53490bf264c4a17a464c74d04b0eb95f6342e45e24bbc99ff016a469f69683ce891d0663578c6d7adee1929cc272b04fcb977c673380f |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-profile-l1-1-0.dll
| MD5 | a37faea6c5149e96dc1a523a85941c37 |
| SHA1 | 0286f5dafffa3cf58e38e87f0820302bcf276d79 |
| SHA256 | 0e35bebd654ee0c83d70361bcaecf95c757d95209b9dbcb145590807d3ffae2e |
| SHA512 | a88df77f3cc50d5830777b596f152503a5a826b04e35d912c979ded98dc3c055eb150049577ba6973d1e6c737d3b782655d848f3a71bd5a67aa41fc9322f832e |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 6486e2f519a80511ac3de235487bee79 |
| SHA1 | b43fd61e62d98eea74cf8eb54ca16c8f8e10c906 |
| SHA256 | 24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667 |
| SHA512 | 02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | 540d7c53d63c7ff3619f99f12aac0afe |
| SHA1 | 69693e13c171433306fb5c9be333d73fdf0b47ed |
| SHA256 | 3062bd1f6d52a6b830dbb591277161099dcf3c255cff31b44876076069656f36 |
| SHA512 | ce37439ce1dfb72d4366ca96368211787086948311eb731452bb453c284ccc93ccecef5c0277d4416051f4032463282173f3ec5be45e5c3249f7c7ec433f3b3e |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | 77e9c54da1436b15b15c9c7e1cedd666 |
| SHA1 | 6ce4d9b3dc7859d889d4ccd1e8e128bf7ca3a360 |
| SHA256 | 885bd4d193568d10dd24d104ccf92b258a9262565e0c815b01ec15a0f4c65658 |
| SHA512 | 6eecf63d3df4e538e1d2a62c6266f7d677daebd20b7ce40a1894c0ebe081585e01e0c7849ccdf33dd21274e194e203e056e7103a99a3cd0172df3ed791dce1c2 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | b8bce84b33ae9f56369b3791f16a6c47 |
| SHA1 | 50f14d1fe9cb653f2ed48cbb52f447bdd7ec5df4 |
| SHA256 | 0af28c5c0bb1c346a22547e17a80cb17f692bf8d1e41052684fa38c3bbcbb8c8 |
| SHA512 | 326092bae01d94ba05ecec0ea8a7ba03a8a83c5caf12bef88f54d075915844e298dba27012a1543047b73b6a2ae2b08478711c8b3dcc0a7f0c9ffabba5b193cf |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 89766e82e783facf320e6085b989d59d |
| SHA1 | a3ffb65f0176c2889a6e4d9c7f4b09094afb87ed |
| SHA256 | b04af86e7b16aada057a64139065df3a9b673a1a8586a386b1f2e7300c910f90 |
| SHA512 | ea4df1b2763dde578488bb8dd333be8f2b79f5277c9584d1fc8f11e9961d38767d6a2da0b7b01bad0d002d8dcf67cca1d8751a518f1ee4b9318081f8df0422c7 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 769bf2930e7b0ce2e3fb2cbc6630ba2e |
| SHA1 | b9df24d2d37ca8b52ca7eb5c6de414cb3159488a |
| SHA256 | d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a |
| SHA512 | 9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | bedc3d74c8a93128ef9515fd3e1d40eb |
| SHA1 | d207c881751c540651dbdb2dbd78e7ecd871bfe1 |
| SHA256 | fefc7bc60bd8d0542ccea84c27386bc27eb93a05330e059325924cb12aaf8f32 |
| SHA512 | cdcbce2dbe134f0ab69635e4b42ef31864e99b9ab8b747fb395a2e32b926750f0dd153be410337d218554434f17e8bc2f5501f4b8a89bb3a6be7f5472fb18360 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | c9649c9873f55cb7cdc3801b30136001 |
| SHA1 | 3d2730a1064acd8637bfc69f0355095e6821edfd |
| SHA256 | d05e1bd7fa00f52214192a390d36758fa3fe605b05a890a38f785c4db7adef1f |
| SHA512 | 39497baa6301c0ad3e9e686f7dfa0e40dbea831340843417eecc23581b04972facc2b6d30173cc93bf107a42f9d5d42515ef9fd73bb17070eb6f54109dc14e3e |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-heap-l1-1-0.dll
| MD5 | 13b358d9ecffb48629e83687e736b61d |
| SHA1 | 1f876f35566f0d9e254c973dbbf519004d388c8d |
| SHA256 | 1cf1b6f42985016bc2dc59744efeac49515f8ed1cc705fe3f5654d81186097cd |
| SHA512 | 08e54fa2b144d5b0da199d052896b9cf556c0d1e6f37c2ab3363be5cd3cf0a8a6422626a0643507aa851fddf3a2ea3d42a05b084badf509b35ec50cb2e0bb5ce |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-handle-l1-1-0.dll
| MD5 | cedbeae3cb51098d908ef3a81dc8d95c |
| SHA1 | c43e0bf58f4f8ea903ea142b36e1cb486f64b782 |
| SHA256 | 3cb281c38fa9420daedb84bc4cd0aaa958809cc0b3efe5f19842cc330a7805a0 |
| SHA512 | 72e7bdf4737131046e5ef6953754be66fb7761a85e864d3f3799d510bf891093a2da45b684520e2dbce3819f2e7a6f3d6cf4f34998c28a8a8e53f86c60f3b78a |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l2-1-0.dll
| MD5 | 8fd05f79565c563a50f23b960f4d77a6 |
| SHA1 | 98e5e665ef4a3dd6f149733b180c970c60932538 |
| SHA256 | 3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73 |
| SHA512 | 587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-2-0.dll
| MD5 | 7041205ea1a1d9ba68c70333086e6b48 |
| SHA1 | 5034155f7ec4f91e882eae61fd3481b5a1c62eb0 |
| SHA256 | eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d |
| SHA512 | aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-1-0.dll
| MD5 | e87192a43630eb1f6bdf764e57532b8b |
| SHA1 | f9dda76d7e1acdbb3874183a9f1013b6489bd32c |
| SHA256 | d9cd7767d160d3b548ca57a7a4d09fe29e1a2b5589f58fbcf6cb6e992f5334cf |
| SHA512 | 30e29f2ffdc47c4085ca42f438384c6826b8e70adf617ac53f6f52e2906d3a276d99efcc01bf528c27eca93276151b143e6103b974c20d801da76f291d297c4c |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | e46bc300bf7be7b17e16ff12d014e522 |
| SHA1 | ba16bc615c0dad61ef6efe5fd5c81cec5cfbad44 |
| SHA256 | 002f6818c99efbd6aee20a1208344b87af7b61030d2a6d54b119130d60e7f51e |
| SHA512 | f92c1055a8adabb68da533fe157f22c076da3c31d7cf645f15c019ce4c105b99933d860a80e22315377585ae5847147c48cd28c9473a184c9a2149b1d75ee1b1 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-debug-l1-1-0.dll
| MD5 | c1fdd419184ef1f0895e4f7282d04dc5 |
| SHA1 | 42c00eee48c72bfde66bc22404cd9d2b425a800b |
| SHA256 | e8cf51a77e7720bd8f566db0a544e3db1c96edc9a59d4f82af78b370de5891f7 |
| SHA512 | 21aa4d299d4c2eab267a114644c3f99f9f51964fd89b5c17769a8f61a2b08c237e5252b77ca38f993a74cc721b1b18e702c99bdfa39e0d43d375c56f126be62c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2XD3LA2IUAR239431QX1.temp
| MD5 | c4b408f42b30cc47b84750bdb8134506 |
| SHA1 | 69ee8cd83f9c7b49e59339b7d2c1d3ace73148ca |
| SHA256 | 7b3eb80cb708d7a9614fed8bd5e5e44a253c1b34af204f023e940d30a11c7261 |
| SHA512 | 79ecdee9bca3e3669332b6c37be76cc76a3841c46ed3fc97aa0339120da5d1315fbb64415de4e60e07dd492a3a83647ff0382f7d3adfff6d7943b2bd187263a4 |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | 2061141f3c490b5b441eff06e816a6c2 |
| SHA1 | d24166db06398c6e897ff662730d3d83391fdaaa |
| SHA256 | 2f1e555c3cb142b77bd72209637f9d5c068d960cad52100506ace6431d5e4bb0 |
| SHA512 | 6b6e791d615a644af9e3d8b31a750c4679e18ef094fea8cd1434473af895b67f8c45a7658bfedfa30cc54377b02f7ee8715e11ee376ed7b95ded9d82ddbd3ccc |
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 330013a714c5dc0c561301adcccd8bc8 |
| SHA1 | 030b1d6ac68e64dec5cbb82a75938c6ce5588466 |
| SHA256 | c22a57cd1b0bdba47652f5457c53a975b2e27daa3955f5ef4e3eaee9cf8d127a |
| SHA512 | 6afb7e55a09c9aac370dff52755b117ad16b4fc6973665fce266ea3a7934edfb65f821f4f27f01f4059adb0cf54cc3a97d5ff4038dc005f51ecee626fd5fadd1 |
C:\Users\Admin\AppData\Roaming\XuanZhi\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1b080a94742c9eb1edec0cbfec6b785 |
| SHA1 | c983a590d49ad80a89ababa57752d822f4900d36 |
| SHA256 | 4b63f97bbcaf97b87b8f8c5d3499bb29292d40073748cf995181620b857296e3 |
| SHA512 | 6b49f1e4638c65b864055a5259a1c77963a1f25d1e980f15c817c5215c4a9459633192b32956666ba40a4a9afc26bcd73629c8e27d473a5ae69878324f28b5a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0001d765591a7adb681f4450c7ce121a |
| SHA1 | 5038ad1c0aa8a12b4054ea5515c8322fcc2adaa4 |
| SHA256 | 16a765982ae4cc967b73447dce6a0a821899eed45ad99935bbf8cdedfd5001bb |
| SHA512 | 50a5efe69a22b2fa2c8c5a7dd5fa71263597af140251d06141fa080c73536c9a1f5356dfd4a1797698a1bc6118484cffe1e14e1ac47aa9ef3dc367369c4e68df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15507f5cd4a6a209f8f554ebf2745783 |
| SHA1 | 6f4d0961ccf0026580e426e5891abe3ac2866f5c |
| SHA256 | fe07502961fbd87d48512118d5a36afd00c8737284ebf89bf45300e42a7aac69 |
| SHA512 | d3f4c252c24ed1c4908647f3dcf05e289a20a3bd47b6ca0f885ab295b41a1c8502b745642fc8690fc2a23ea09d74450b321ec32fdb522b47d4e829ff69d8f472 |
memory/836-893-0x0000000035920000-0x0000000035930000-memory.dmp
memory/2584-910-0x0000000000250000-0x0000000000260000-memory.dmp
memory/2584-911-0x0000000000260000-0x0000000000270000-memory.dmp
memory/836-913-0x0000000005340000-0x0000000005342000-memory.dmp
memory/836-912-0x0000000005330000-0x0000000005332000-memory.dmp
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
memory/2992-926-0x0000000074270000-0x000000007495E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\favicon[2].ico
| MD5 | ec2c34cadd4b5f4594415127380a85e6 |
| SHA1 | e7e129270da0153510ef04a148d08702b980b679 |
| SHA256 | 128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7 |
| SHA512 | c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d204c245084fa3a85deae26d193d0570 |
| SHA1 | 671f9623de00c3f82bc7243cdaf90d6119c13987 |
| SHA256 | b447bc10a617e1bfd655febac94060a3fe1eb963b3770b1a4dfcfb4cc8ef2372 |
| SHA512 | acef2625540af61fc6b575168044ece9e8e3a290326963b26fa527fe47f9841874a23ec6cced2bdecb2e8af5f9e00e3a05a4d269a51bc90e7a23f2ed1f171f5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87bb1f21cdb02c7d457564f63db71cba |
| SHA1 | 063e1102b215bfd1769334156b879ad24137ad60 |
| SHA256 | 85dab5d6bf1a20fcbbe00cd3ba6071bec62baf752c6939ba538fa7bb9ba48602 |
| SHA512 | 96dc48ac89bafec1b086e4b30cb826a5bfabe3a5243f7340d481204f89b1912b6151b73404b29af1d886c1c26b837e9f8186f2fc7545427d376735198ae9f8cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24b7c844cff28116572012d9d0712ff6 |
| SHA1 | c1528dbf9941e2d6e5ca7b0e01cb4f9baf23315a |
| SHA256 | b8a8e68d134889c6f88b202c38325b8296dfda0d14b276da86637e0aad74217e |
| SHA512 | 724378710d5a5da54995be3f7527e2963b0f58af4ac8af9b90323caf938007aba28debdfd96bd9740b3563533b83fefce00f379cc02eba89f7e3c0de346b1ccb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12273013c0aac9c71c7dd8c4ab1b3dbc |
| SHA1 | 19c2b7d79d5b9bbb59ce7445485eba4e3bde4a2f |
| SHA256 | 5ae6054c3b2e491b8b7839bc61d56d7197fc4286e6c1b73a64b87640dac248ae |
| SHA512 | 844cded04b1e7d134afc32c3e9e7e4e84c1d4791d5852ed39af0d02906adcde8a6faa7e67168d16de6a635598e5e7b44c0d5dc29a982be1f8b5abc7d7811c70a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d33cae530f00a61c1fb5542507f896a |
| SHA1 | 258de6f3abbf98abbb4360ec964f1848b05f0b96 |
| SHA256 | 6b800f45a6cda6718032c137ff7054652cc0f5faf7fb2dd4f02af50858fd2a3a |
| SHA512 | c5a7b2c7785533d9746c2f13f62a58e250b5c57991997751b9a4f97b86c5934ab54d6d4064dbe58753e513d5874f31ff54785e965082bf1c6fc1a64c09eaa78d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77c738210a805d93c8375f8b2172ecaa |
| SHA1 | 29ed9f60eb8512ed1bf4a0be481c802802299545 |
| SHA256 | fc2b6c8d1612bd65c9141cf35f001b117a54c786443ac5568d1e4fc86aa3022e |
| SHA512 | 1142dbec3b7257ee1eee39d54fb2a82c07d10b28854b9ccb58d7c825ded3dc7f198dd46aceae73eb17286689586b191fca3bcad21bdd3816f99211c774af5c56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdc8ac60a23c80576e89741a72f9c62b |
| SHA1 | 4cbe70eac3a1533cece897da2e382f4e362fc5a9 |
| SHA256 | ab6ed33d71a8ec72c6576596050e14201d557b84ba75056c2c0b8450daf41861 |
| SHA512 | 010b3fcfd4a2451eac4b174e132dd9a52331d7ac09a6dcd8cff2d8cde2dfd7793a4860864fb5c1ba5e934e443b9ee13b933000b11b1a810f6fc1e7b8836d5f51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 81d32e1fb575dede7ff1d03dca5a1e00 |
| SHA1 | 497f3e17b0873fbe83abf86459ea33b594fbedb9 |
| SHA256 | 744b0743ca0d05ccfafcf22dbd3786aab37e34874c01dff130293bafa407d62f |
| SHA512 | 093aeed00f25548b8f5d3b138003bd69f0ca95ccbd265dc1e0564084db4c6592d42f663eee27ccd203ac96e778f4ca9242746ee8cf6e4e92ec967a6f19dcda63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18106e4c79a496f9ab0220c8b7e2bb76 |
| SHA1 | 9a84db832e269e6084bd66c9d4604c1563649669 |
| SHA256 | f65b09e016e08e58696f998ee3a5ea7d6c00e3eddcf6e4d033c4bbcc83d9132f |
| SHA512 | 7fbd9ec66c13293df8fc9342422cc69077666eee80af73b5515b11a840134aa6f4866ae076635b736331521dfb37a59394f4fcb9099db56b13d554d418a239b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02bdd1261f3ad0db83c6fec893e631cc |
| SHA1 | df06dfb220f4c715fe3a7f7653ef8ebdc773c9d6 |
| SHA256 | c31776b6145c26d5d3ecf6d2e7fbb310a9da9c82baf12244b284e8117e2f73d3 |
| SHA512 | e98f17dce4ff7b9e293d4c2bea5961e358c97cf49b44e572f464552da6f98769d97fd0d4e9b1292dd5b5b8490ca77e9990121efe8d37097bca772ae84f407f05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b1f3a236ad39bb2924f546429f5a9fc |
| SHA1 | dd5f34bc95a18d7d5b4e760d6c8650fadd146fae |
| SHA256 | c3d81dc5a34ff425c1a5ac2539207ac54ed7f7af3a8d9921471a8a8529c5ab38 |
| SHA512 | 62645841c5468eff23e55058ffa5d3bd4bdead8f7943b0c47b7992d802fe8bdd265cf2d375ca999aa8258b9fe090f1bdfdf20c173561b7f6e64a73bf16544636 |
memory/836-1434-0x000000006B610000-0x000000006B68E000-memory.dmp
memory/836-1436-0x000000006AFE0000-0x000000006B05A000-memory.dmp
memory/836-1435-0x000000006B060000-0x000000006B606000-memory.dmp
memory/836-1433-0x000000006B690000-0x000000006D08B000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37b43c7513b1c45e9eae09e1be76d11d |
| SHA1 | c61e3bc348116d007057327014807760905abd9b |
| SHA256 | 84199daefecf887b0b9415f24c5c65140d7502a78381e7e9e982ab713fc9e6c5 |
| SHA512 | 78915ebb9b8c7b2f86e6510fc187d5c35f7efccf106c7c010bf8ddfaa6273922bfd65cd8a9fa3186ef5696db5241fb3d13bad0c6145b865ea649a9a7209b58a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed25620c49efc45a88eb6fa9113422ff |
| SHA1 | ad7c128f0999c470390c2572b3716f77beaf8c2e |
| SHA256 | 49a276f19319a3095d9fbe52eda916e9c3c2610bbab5b5aff83ec104d9c15043 |
| SHA512 | 025f7f77d7558801c2837697416d8710ed891a9b93eaa0db74c9836c5e535ae0d7ec11d52404f88c837728c5e5cfc1df8927587d78239ebf0c82e87703a5b2b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3f42257b1cbe17c26f079f429bfb74d |
| SHA1 | 9d6db78ac4e1d031b3c555a2b21ed34e80192937 |
| SHA256 | fc1aceafaa20ae97ba4c0faf3fd76448ef53632a7dd04eb428ce18613b64fee4 |
| SHA512 | e93be229be977cf0fcce5eebdcc9901ee7d23ab4b42f0f781f09fe2462f4189ea57cbdc123303d96ea82368fb6977fd1a248aa3c2e374db71ff64008a97128c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e03d50c459dda451a1bf64f453f4705 |
| SHA1 | d6b862cefcd397abb8dc9bc0614132589cc473f8 |
| SHA256 | 92728960906b4bf79746619c5ffa7feb976231f4256760d37f8b320a37083602 |
| SHA512 | 419d63e11dc72115286d745866f5e8464772ca6a6a3494623c1991ee0bbaa0e3c90ec74c3eceff450a617614875aa54d679f188312476b8aa81aec3994d86b22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0cffae765c466eeea78756b3102e971 |
| SHA1 | 68906f1b70ccba664a46e83293cbfa0bc4449f3b |
| SHA256 | e1b6bc999da7c56955eb284858bcbcb50a05b8b93e908d1c893a07ed8815f1a5 |
| SHA512 | 5e241dd97fd915992a5dd1ba41ec71a20c0aaf4ea371afa975d1ab444e8d31650e1e0753bee7a476c155489fed5770a11984c204b576e6999de3e846b16a26f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7753de93ddf69c19a043fa01dbd010c1 |
| SHA1 | aeec40593f94cbffc6e57ac6d24a720943ffd9e9 |
| SHA256 | e3edb1723436fb0711196b53c2fa70cf6a6cccad8c2b1c33ed6073a4f3a3d0f6 |
| SHA512 | e9e8201b207a792861b587ef218efa0df1f851109ecffe12147eff265e5fd0090fdf1ca97b766050edb99ef9fbd654b72c96442ade1830c7b6ba347bc93766d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edb85581b07966a4a42fba75c518f260 |
| SHA1 | c484030320802d639463b2055c98075a5df175a7 |
| SHA256 | eda728bf7f01cb388bbe7cdf41784587f865014530689c4cd3b3181fd2e73c41 |
| SHA512 | 80e6e84060b3e4895f971761f0a6a803041d16411e02ed561a1cc6b8d0ca7184f124e8d431089f616e7dbf5d4e9ae3f90f084410f4795f999263d026c2b08229 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecc0ee2c3c7623f665034e1a370aae3c |
| SHA1 | fe6a39c3d67e3930d8d3db8053dc69dde4ac634a |
| SHA256 | 6b8a0db5a941ba518950214049e2aac9a3bd9796437f7add5ac56de56380c29b |
| SHA512 | 7bc2b2971471c5acfc487827d8b2fc1f36a5ec628e66a45168739a868ff567f1f36d49277bc42b429517f2e5483f1eefa1e2d6b14f913e19a430444734df0c9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd4723e674c4f609ae1734a0d09a6d50 |
| SHA1 | b3513f7ef99ff981878bd0e0806b3341ef2456d3 |
| SHA256 | f2e83eb80aac977cc442591620acdffe1dab3234f4c5106419fac47c7f05c390 |
| SHA512 | fc2ffd920cdb2c693fe7a73dd68ff59ca8bd23d1e1ac439ad799e71741460fbc3c99db6e18dba4a10d30dbf56759279f66e01570c9fc36d2b071454d64c40981 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61e5ef0d4cf53f0e5daca96666ed1493 |
| SHA1 | 3644a5f623e08358daf1e43b6d640eb07fe8d152 |
| SHA256 | 552174540ba9b0f171dc54cdf8c33cc64f61c848502e269eee9c4887a8d303a7 |
| SHA512 | 9dd6a267e1d58713c800c8d6956eb42639f610ae1a05e786cc99cd1d734bc4ab8f070708d58cea63255d4568eb5cb7459019869e96555b2b14813ce1a3c6d1bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78ef3133db0256b6b55f261854d85f09 |
| SHA1 | c25e83ebfe6684454c01cd3739985e409efae699 |
| SHA256 | 522cd7fc50851dd4dab31d11e5d6b69df33a616f7e092f10a47dc0fb37cf2815 |
| SHA512 | 242555db85aea07ed352587e8d37a63ba10347b4f1da34135e61ebcb6b4ca6d14fe092044b42efed33f94e8d7f32774297cb21919a4527fb86ed816409842892 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f7021c47f9f760e9ed5a80eace9cd86 |
| SHA1 | 1fec0af592d76d8d157ab25b0c96908444580033 |
| SHA256 | 932ab82ee6f3efc308b182ee3afee6d32a9a34e2497c057d1968555e6535d501 |
| SHA512 | e924a688698c5aa52038396e38acf3d5ce8b8cf06c809a3e8f23c70517ddadd564e0062f2ad3b5878760b7dbed2e4b8aeb0cfd7a3da2c25ab808e9878f5e9a23 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KG47FLAQ\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KG47FLAQ\www.youtube[1].xml
| MD5 | 455bee7cda5300d9e8cc85e06f95cbe0 |
| SHA1 | 3ec6074fff4ecb02a2832b3d3a8f66ce5cebb865 |
| SHA256 | 2937b97b1a5bcb0465d62981d45af1220caaa79f61b2fff1cb47a115b4969bfb |
| SHA512 | d3b6b89706db7ff09ee24af326ff765b86413dce3fb8ddcca17ae71c743b4c18cef52e2ffec4b8b7181f357ae1e07754eb7228e82535d6f7173b3584cac3827c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KG47FLAQ\www.youtube[1].xml
| MD5 | 4f3478451b135c09f675f478d030aa88 |
| SHA1 | d0f1117205f6d2be391ac2fe57030caa29699aa2 |
| SHA256 | bff18af703b5ab7c9ca0287eff850bc1a11c26dbf4e6474295276deffecb8b4b |
| SHA512 | 579a6438decbb82e687888464abe6079f11abdfbfd0e52c086a07392e42b8321b96c7087a65f51d7de110ad3fb389e2b1c24df443ec09b612f2512c8db2bcb89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb4efae1060924abf1369d2398b070e3 |
| SHA1 | 6e6fad1c4c603c064b6e47dbffc7790761d83068 |
| SHA256 | 51ae67c68056e4b3ab8adf78164fb04deab1261868e8b5bc292692c5c489c4ee |
| SHA512 | 6af580d4f5ff589fe582abd25598ec5f3929331460fa71ad8c6c2a0eaa1d1a6e49ee2bbc95f8697f2202ecc83a815074e21f08d109d9af719163c426a6ab88e3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\favicon[3].ico
| MD5 | a0c760136e1b6f7633a3582f734c53eb |
| SHA1 | 00176cd4ab6423fb4673ad856e79447b93dd05fe |
| SHA256 | c7eb5447c806948853f817df7f8a1871a8707987d5606e39b145d69f7dc29cd1 |
| SHA512 | b5f9d0e6fc9346ac34a87fc5cb42bf375a0e2d58eff5fb53dfae4a1e576940cb2f57f921be390bb66b5ebc7b174b9d88d8519a27773624f1dabc960e077ecf65 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\6y0a2v0\imagestore.dat
| MD5 | 9976b6958679cd0ac980608204ed62aa |
| SHA1 | 979552d64102902dfc28f442a374620f57edbdce |
| SHA256 | 9b86fa49dccb589cdc8b57d64e443ff178db354fe307c536f52e327dfdb25d85 |
| SHA512 | fa93e36943be1fe87610948acf012b766ec956072bfd3f97b3008fdf1acadce05d606c3ab6e02cca47364488457c5e0a5c4c0eb4b2b1cbc5fb2a0069dca3d02f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-01 15:23
Reported
2024-07-01 15:28
Platform
win10v2004-20240611-en
Max time kernel
182s
Max time network
279s
Command Line
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe"
Signatures
Cobalt Strike reflective loader
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Cobaltstrike
Creates new service(s)
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\rsCamFilter020502.sys | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsKernelEngine.sys | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLVERIFYINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2005\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2012\FuncName = "WVTAsn1SealingTimestampAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.3\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.1.1\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3\FuncName = "WVTAsn1CatMemberInfo2Encode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETCAPS\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\rundll32.exe | N/A |
Downloads MZ/PE file
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Modifies powershell logging option
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Program Files\McAfee\WebAdvisor\UIHost.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_C4502B2ED7ABD16FF1FA41F55DB2B363 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07A7CCFBD28A674D95D3BF853C9007C6 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0FD7C8CB35A5508C225BD37696B3744C | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D97B1EC1F43DD6ED4FE7AB95E144BC_A5AD7E4AE4E586C46612CF24EF48A9B8 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7850C7BAFAC9456B4B92328A61976502_617BA9B1A20C7A7A9F013422932F5C48 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0FD7C8CB35A5508C225BD37696B3744C | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0972B7C417F696E06E186AEB26286F01_30B4D916E12169D9CB0BC7A11DE46EA6 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_686A447EF0220EBC1D36EF897F31F606 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_C33468BC5883F8C26A2F912726D45EFA | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0E663C78920A8217B4CBE3D45E3E6236_FAC429BFCC14A89D4D351DF26B2C8FD0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A3D5BF1283C2E63D8C8A8C72F0051F5A | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_686A447EF0220EBC1D36EF897F31F606 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\206932163209AD483A44477E28192474 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0972B7C417F696E06E186AEB26286F01_30B4D916E12169D9CB0BC7A11DE46EA6 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07A7CCFBD28A674D95D3BF853C9007C6 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7850C7BAFAC9456B4B92328A61976502_617BA9B1A20C7A7A9F013422932F5C48 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A3D5BF1283C2E63D8C8A8C72F0051F5A | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\206932163209AD483A44477E28192474 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\McAfee\Temp4043534815\jslang\eula-ko-KR.txt | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-nl-NL.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sr-Latn-CS.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\updater.exe | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxExtPackHelperApp.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-multibyte-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\TraceReloggerLib.dll | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-da-DK.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsEngine.Features.dll | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Xml.ReaderWriter.dll | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo2.png | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-CN.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fi-FI.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-da-DK.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\dayssincesettingsdblookup.luc | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchsuggestcounter.luc | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources.pak | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Reflection.Primitives.dll | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp4043534815\jslang\wa-res-shared-pt-PT.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\checklisthandler.luc | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hr-HR.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_on.png | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ja-JP.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\chrome_100_percent.pak | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\ARM64\rsYara-ARM64.dll | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pl-PL.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File opened for modification | C:\Program Files\McAfee\Webadvisor\Analytics\dataset_da.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\event_handler.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf-PreW10.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\vcruntime140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ja-JP.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\pscore_mcafee_logo.png | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsJSON.dll | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_yellow.png | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\x64\downloadscan.dll | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\sendonping.luc | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-CN.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ja-JP.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-es-MX.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-main.css | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File opened for modification | C:\Program Files\McAfee\Webadvisor\Analytics\transport_ga.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.IO.UnmanagedMemoryStream.dll | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-BR.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-cs-CZ.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ja-JP.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\hi.pak | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sk-SK.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-el-GR.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsseuladate.luc | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\hr.pak | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Reflection.Extensions.dll | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\es-419.pak | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-nl-NL.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstVBoxDbg.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\Signatures.dat | C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp4043534815\wataskmanager.cab | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-CN.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-zh-CN.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sv-SE.js | C:\Program Files\McAfee\Temp4043534815\installer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\7CE35146-9DB7-4526-A0D6-70CE8A415085\dismhost.exe | N/A |
Executes dropped EXE
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\LogConf | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Control | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key opened | \Registry\Machine\Hardware\Description\System\CentralProcessor | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2D12-4D7C-BA6D-CE51D0D5B265}\ = "IBandwidthGroup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046} | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7E72-4F34-B8F6-682785620C57} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BF98-47FB-AB2F-B5177533F493}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\NumMethods\ = "14" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\ProgId\ = "VirtualBox.VirtualBox.1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5409-414B-BD16-77DF7BA3451E}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DAD4-4496-85CF-3F76BCB3B5FA}\ = "ISnapshot" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC}\ = "IGuestMultiTouchEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FF5A-4795-B57A-ECD5FFFA18A4}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AE84-4B8E-B0F3-5C20C35CAAC9}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8384-11E9-921D-8B984E28A686}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80F6-4266-8E20-16371F68FA25}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C60-11EA-A0EA-07EB0D1C4EAD}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CF37-453B-9289-3B0F521CAF27} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D612-47D3-89D4-DB3992533948} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\NumMethods\ = "15" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{20191216-9CEE-493C-B6FC-64FFE759B3C9} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-929C-40E8-BF16-FEA557CD8E7E}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CurVer | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\ = "ISnapshotChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\NumMethods\ = "15" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E191-400B-840E-970F3DAD7296}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0c65-11ea-ad23-0ff257c71a7f} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}\NumMethods\ = "19" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1F04-4191-AA2F-1FAC9646AE4C}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FD1C-411A-95C5-E9BB1414E632}\ = "IPerformanceMetric" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-659C-488B-835C-4ECA7AE71C6C} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\AppID | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3CF5-4C0A-BC90-9B8D4CC94D89}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0547-448E-BC7C-94E9E173BF57}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-08A2-41AF-A05F-D7C661ABAEBE}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}\NumMethods\ = "18" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ = "IMediumRegisteredEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-787b-44ab-b343-a082a3f2dfb1} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ldmnq.ldbk | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-34B8-42D3-ACFB-7E96DAF77C22}\ = "ISnapshotEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\ = "IGuestFileRegisteredEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9070-4F9C-B0D5-53054496DBE0}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\ = "IStorageControllerChangedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 0f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e2000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 19000000010000001000000063664b080559a094d10f0a3c5f4f62900300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e3620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae409000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877620000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 0f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070301620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee420000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\fltmc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1111_ld.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1111 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=c4a4c680cf2705891d7f2e8748260d9d4829be61&dit=20240701152326239&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i
C:\Users\Admin\AppData\Local\Temp\spylvdjz.exe
"C:\Users\Admin\AppData\Local\Temp\spylvdjz.exe" /silent
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe
.\UnifiedStub-installer.exe /silent
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=655422
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Program Files\McAfee\Temp4043534815\installer.exe
"C:\Program Files\McAfee\Temp4043534815\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Users\Admin\AppData\Local\Temp\7CE35146-9DB7-4526-A0D6-70CE8A415085\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\7CE35146-9DB7-4526-A0D6-70CE8A415085\dismhost.exe {58B71E8C-8948-4168-925A-F6E158C27017}
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xb4,0xe0,0x104,0x40,0x108,0x7ffe615046f8,0x7ffe61504708,0x7ffe61504718
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe"
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x378
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5048 /prefetch:8
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffe615046f8,0x7ffe61504708,0x7ffe61504718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
\??\c:\program files\reasonlabs\epp\rsHelper.exe
"c:\program files\reasonlabs\epp\rsHelper.exe"
\??\c:\program files\reasonlabs\EPP\ui\EPP.exe
"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2248 --field-trial-handle=2252,i,1243121927237869536,288991909151070793,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2612 --field-trial-handle=2252,i,1243121927237869536,288991909151070793,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2824 --field-trial-handle=2252,i,1243121927237869536,288991909151070793,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3776 --field-trial-handle=2252,i,1243121927237869536,288991909151070793,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4268 --field-trial-handle=2252,i,1243121927237869536,288991909151070793,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,3138192081492614719,4284893759952321085,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7780 /prefetch:8
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\program files\reasonlabs\epp\rsLitmus.A.exe
"C:\program files\reasonlabs\epp\rsLitmus.A.exe"
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4376 --field-trial-handle=2252,i,1243121927237869536,288991909151070793,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4512 --field-trial-handle=2252,i,1243121927237869536,288991909151070793,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4364 --field-trial-handle=2252,i,1243121927237869536,288991909151070793,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4768 --field-trial-handle=2252,i,1243121927237869536,288991909151070793,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4928 --field-trial-handle=2252,i,1243121927237869536,288991909151070793,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default https://onlinesecurityext.com/scan?utm_source=epp_main_window&utm_medium=scans_tab&utm_campaign=epp_scans_tab_ose_scan&aflt=103&ruserid=1f33ff30-37be-11ef-a4a7-ad7989bd0e74
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe615046f8,0x7ffe61504708,0x7ffe61504718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,6197548750382033701,9950434732980179137,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,6197548750382033701,9950434732980179137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,6197548750382033701,9950434732980179137,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6197548750382033701,9950434732980179137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6197548750382033701,9950434732980179137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,6197548750382033701,9950434732980179137,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,6197548750382033701,9950434732980179137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,6197548750382033701,9950434732980179137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6197548750382033701,9950434732980179137,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4224 --field-trial-handle=2252,i,1243121927237869536,288991909151070793,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | d19mtdoi3rn3ox.cloudfront.net | udp |
| ES | 108.157.108.73:443 | d19mtdoi3rn3ox.cloudfront.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.108.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| BE | 2.17.107.98:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| GB | 216.137.34.105:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 98.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| GB | 216.137.34.105:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 105.34.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.172.153.10:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 145.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 49.4.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shield.reasonsecurity.com | udp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| GB | 18.244.140.124:443 | shield.reasonsecurity.com | tcp |
| GB | 216.137.34.105:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 35.167.146.185:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 124.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| NL | 2.18.121.35:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 185.146.167.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.121.18.2.in-addr.arpa | udp |
| GB | 18.244.140.124:443 | shield.reasonsecurity.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 161.21.208.18.in-addr.arpa | udp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.reasonsecurity.com | udp |
| GB | 18.154.84.54:443 | update.reasonsecurity.com | tcp |
| NL | 2.18.121.35:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | home.mcafee.com | udp |
| BE | 104.68.84.174:443 | home.mcafee.com | tcp |
| BE | 104.68.84.174:443 | home.mcafee.com | tcp |
| US | 8.8.8.8:53 | 54.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.84.68.104.in-addr.arpa | udp |
| US | 35.167.146.185:443 | analytics.apis.mcafee.com | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | electron-shell.reasonsecurity.com | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| GB | 108.156.46.124:443 | electron-shell.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 124.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 52.41.80.112:443 | analytics.apis.mcafee.com | tcp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 52.41.80.112:443 | analytics.apis.mcafee.com | tcp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| NL | 2.18.121.21:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 112.80.41.52.in-addr.arpa | udp |
| US | 52.41.80.112:443 | analytics.apis.mcafee.com | tcp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| GB | 52.84.90.21:443 | cdn.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 21.90.84.52.in-addr.arpa | udp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.200.189.225:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 225.189.200.23.in-addr.arpa | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| GB | 79.133.176.219:443 | en.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.130.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | 219.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.153.172.18.in-addr.arpa | udp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 18.208.21.161:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 234.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 34.238.47.185:443 | track.analytics-data.io | tcp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 185.47.238.34.in-addr.arpa | udp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | advertise.ldplayer.net | udp |
| GB | 163.181.154.182:443 | advertise.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 182.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 180.154.181.163.in-addr.arpa | udp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 13.224.132.98:80 | apien.ldmnq.com | tcp |
| GB | 13.224.132.98:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| ES | 108.157.125.17:443 | encdn.ldmnq.com | tcp |
| GB | 163.181.154.182:443 | advertise.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 98.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.125.157.108.in-addr.arpa | udp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | tcp |
| GB | 13.224.132.98:443 | apien.ldmnq.com | tcp |
| ES | 108.157.125.17:443 | encdn.ldmnq.com | tcp |
| NL | 23.200.189.225:80 | www.microsoft.com | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | config.reasonsecurity.com | udp |
| GB | 99.86.114.49:443 | config.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| GB | 79.133.176.213:443 | www.ldplayer.net | tcp |
| GB | 79.133.176.213:443 | www.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | sw.symcd.com | udp |
| DE | 152.199.19.74:80 | sw.symcd.com | tcp |
| US | 8.8.8.8:53 | 49.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.176.133.79.in-addr.arpa | udp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ocsp.thawte.com | udp |
| DE | 152.199.19.74:80 | ocsp.thawte.com | tcp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 8.8.8.8:53 | crl.thawte.com | udp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| US | 8.8.8.8:53 | 36.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.153.172.18.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.172.153.36:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.36:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.36:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.36:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.36:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.36:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.31.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| GB | 99.86.114.121:443 | apien.ldplayer.net | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 22.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.223.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 34.238.47.185:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | mc6.reasonsecurity.com | udp |
| US | 52.43.110.0:443 | mc6.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 142.250.200.34:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.137.44.72:443 | tagan.adlightning.com | tcp |
| US | 8.8.8.8:53 | 0.110.43.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| GB | 18.154.87.148:443 | aax.amazon-adsystem.com | tcp |
| FR | 52.84.174.75:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| GB | 18.245.143.83:443 | tags.crwdcntrl.net | tcp |
| DE | 184.30.211.26:443 | secure.cdn.fastclick.net | tcp |
| DE | 184.30.211.26:443 | secure.cdn.fastclick.net | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| GB | 52.84.90.21:443 | cdn.reasonsecurity.com | tcp |
| IE | 52.16.78.59:443 | bcp.crwdcntrl.net | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 64.158.223.146:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.87.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.211.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.78.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.223.158.64.in-addr.arpa | udp |
| GB | 52.84.90.87:443 | cdn.reasonsecurity.com | tcp |
| GB | 52.84.90.87:443 | cdn.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 79.133.176.219:443 | ldcdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | rtb.adxpremium.services | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| DK | 37.157.4.28:443 | adx.adform.net | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| FR | 51.178.195.209:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| FR | 149.202.238.101:443 | ssbsync-global.smartadserver.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 178.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.140.106.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| DK | 37.157.2.229:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | adx2.adform.net | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 185.167.164.42:443 | adx2.adform.net | tcp |
| US | 8.8.8.8:53 | 229.2.157.37.in-addr.arpa | udp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | ab35eb9605d8b7f3a6d75e199a4062b6.safeframe.googlesyndication.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 172.217.169.65:443 | ab35eb9605d8b7f3a6d75e199a4062b6.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 6d1f0efb31d96729ddd8902d291a9f11.safeframe.googlesyndication.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | 42.164.167.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | node.setupad.com | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.25.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93c9fa0bde8b3f03782a5633677f4e03.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | setupad-d.openx.net | udp |
| US | 8.8.8.8:53 | adxbid.info | udp |
| US | 172.67.138.13:443 | adxbid.info | tcp |
| US | 8.8.8.8:53 | 13.138.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.200.189.225:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com | udp |
| NL | 2.18.121.16:80 | msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.reasonsecurity.com | udp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 235.1.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | as.ck-ie.com | udp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| US | 8.8.8.8:53 | 113.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 135.141.209.44.in-addr.arpa | udp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 44.209.141.135:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | edr-api.reasonlabsapi.com | udp |
| ES | 3.160.231.128:443 | edr-api.reasonlabsapi.com | tcp |
| US | 34.238.47.185:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 128.231.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 18.244.114.45:443 | tcp | |
| US | 8.8.8.8:53 | 45.114.244.18.in-addr.arpa | udp |
| US | 76.76.21.61:443 | tcp | |
| US | 8.8.8.8:53 | 61.21.76.76.in-addr.arpa | udp |
| US | 34.120.195.249:443 | tcp | |
| GB | 18.244.155.105:443 | tcp | |
| US | 34.238.47.185:443 | track.analytics-data.io | tcp |
| GB | 13.224.132.35:443 | tcp | |
| GB | 13.224.132.35:443 | tcp | |
| GB | 13.224.245.27:443 | tcp | |
| GB | 163.70.147.23:443 | tcp | |
| GB | 163.70.147.23:443 | udp | |
| GB | 18.245.253.48:443 | tcp | |
| IE | 74.125.193.92:443 | tcp | |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.155.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.245.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.253.245.18.in-addr.arpa | udp |
| GB | 157.240.214.35:443 | tcp | |
| GB | 18.244.155.105:443 | tcp | |
| GB | 99.84.9.107:443 | tcp | |
| US | 54.186.23.98:443 | tcp | |
| US | 54.186.23.98:443 | tcp | |
| IE | 74.125.193.92:443 | udp | |
| US | 198.202.176.81:443 | tcp | |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 92.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.214.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.9.84.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.176.202.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.23.186.54.in-addr.arpa | udp |
| US | 151.101.128.176:443 | tcp | |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 176.128.101.151.in-addr.arpa | udp |
| US | 44.237.241.146:443 | tcp | |
| US | 8.8.8.8:53 | 146.241.237.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| US | 54.186.23.98:443 | tcp | |
| US | 34.120.195.249:443 | udp | |
| N/A | 127.0.0.1:6467 | tcp | |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| N/A | 127.0.0.1:6471 | tcp | |
| US | 8.8.8.8:53 | onlinesecurityext.com | udp |
| US | 76.76.21.21:443 | onlinesecurityext.com | tcp |
| US | 8.8.8.8:53 | 21.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o1271931.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o1271931.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | pa.rlpaservices.com | udp |
| GB | 54.192.137.80:443 | pa.rlpaservices.com | tcp |
| GB | 54.192.137.80:443 | pa.rlpaservices.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 13.224.245.61:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 34.120.195.249:443 | o1271931.ingest.sentry.io | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | extservices.rlbronz.com | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| ES | 54.192.95.12:443 | extservices.rlbronz.com | tcp |
| US | 8.8.8.8:53 | 80.137.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.245.224.13.in-addr.arpa | udp |
| ES | 3.160.231.15:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | surveystats.hotjar.io | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.95.192.54.in-addr.arpa | udp |
| GB | 18.165.227.89:443 | surveystats.hotjar.io | tcp |
| US | 8.8.8.8:53 | 15.231.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.227.165.18.in-addr.arpa | udp |
| GB | 163.70.147.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | 239.21.107.13.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | microsoftedge.microsoft.com | udp |
| US | 13.107.6.203:443 | microsoftedge.microsoft.com | tcp |
| US | 13.107.6.203:443 | microsoftedge.microsoft.com | tcp |
| N/A | 127.0.0.1:6472 | tcp | |
| US | 8.8.8.8:53 | edgestorewebpme.azureedge.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 13.107.253.64:443 | edgestorewebpme.azureedge.net | tcp |
| US | 8.8.8.8:53 | extensions-loader.azurewebsites.net | udp |
| NL | 23.200.189.225:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | statics-marketingsites-eas-ms-com.akamaized.net | udp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| NL | 23.200.189.225:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 203.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.138.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | ratingsedge.rnr.microsoft.com | udp |
| IE | 40.69.87.105:443 | ratingsedge.rnr.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.87.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.189.200.23.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | d9cb0b4a66458d85470ccf9b3575c0e7 |
| SHA1 | 1572092be5489725cffbabe2f59eba094ee1d8a1 |
| SHA256 | 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05 |
| SHA512 | 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6 |
memory/4004-12-0x00000000058B0000-0x00000000058C0000-memory.dmp
memory/4004-13-0x0000000072BDE000-0x0000000072BDF000-memory.dmp
memory/4004-17-0x0000000003DF0000-0x0000000003E06000-memory.dmp
memory/4004-18-0x0000000073480000-0x0000000073496000-memory.dmp
memory/4004-20-0x0000000008610000-0x0000000008BB4000-memory.dmp
memory/4004-21-0x0000000004080000-0x0000000004112000-memory.dmp
memory/4004-22-0x0000000008260000-0x00000000082A4000-memory.dmp
memory/4004-23-0x00000000093A0000-0x000000000943C000-memory.dmp
memory/4004-24-0x0000000009440000-0x00000000094A6000-memory.dmp
memory/4004-25-0x00000000099E0000-0x0000000009F0C000-memory.dmp
memory/4004-26-0x0000000009940000-0x000000000994A000-memory.dmp
memory/4004-27-0x0000000072BD0000-0x0000000073380000-memory.dmp
memory/4004-28-0x0000000072BD0000-0x0000000073380000-memory.dmp
memory/4004-38-0x00000000058B0000-0x00000000058C0000-memory.dmp
memory/4004-39-0x0000000072BDE000-0x0000000072BDF000-memory.dmp
memory/4004-40-0x0000000072BD0000-0x0000000073380000-memory.dmp
memory/4004-41-0x0000000072BD0000-0x0000000073380000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
| MD5 | 143255618462a577de27286a272584e1 |
| SHA1 | efc032a6822bc57bcd0c9662a6a062be45f11acb |
| SHA256 | f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4 |
| SHA512 | c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9 |
memory/456-55-0x000001C5CBBB0000-0x000001C5CBBB8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
| MD5 | d12419f5b371b56ada11a68709329419 |
| SHA1 | e37e531b3e305f13e0abd15aa5089d88e3965509 |
| SHA256 | 06dd0b4486e11bfc3798e18b0f5810df85d9867bd2c67e545f44220c242365bf |
| SHA512 | a78671a8b360474859778bb28bd3ce9157dea03a963422e272e715a77c038f950094351b9070abe0fea945ad115fe9f6e606c00d1c475ce2276c128e6c4cff00 |
memory/456-56-0x000001C5E6580000-0x000001C5E6AA8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\spylvdjz.exe
| MD5 | 83c01c73a9dbb6874854c1ee19d2759b |
| SHA1 | fdcf007c7342f5adbe7b1c5c11c50ff4add8b46d |
| SHA256 | 2ff72728e11eaa921aee613a2d0c87b877f54189d11d07d065aef1d8960f270d |
| SHA512 | 4a96fca63bb4b42c568ccf7f3a7e80dbef1691bf3de01890358c9c941cf30a8e64fee46f18cadee6eff8668ea896747e307485bdd5f6bdd51f9a2f389aa55976 |
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\UnifiedStub-installer.exe
| MD5 | c7fe1eb6a82b9ffaaf8dca0d86def7ca |
| SHA1 | 3cd3d6592bbe9c06d51589e483cce814bab095ee |
| SHA256 | 61d225eefb7d7af3519a7e251217a7f803a07a6ddf42c278417c140b15d04b0b |
| SHA512 | 348a48b41c2978e48ddbeb8b46ad63ef7dde805a5998f1730594899792462762a9eee6e4fe474389923d6b995eca6518c58563f9d1765087b7ac05ce2d91c096 |
memory/760-244-0x000001B10ED40000-0x000001B10EE50000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\rsStubLib.dll
| MD5 | fa4e3d9b299da1abc5f33f1fb00bfa4f |
| SHA1 | 9919b46034b9eff849af8b34bc48aa39fb5b6386 |
| SHA256 | 9631939542e366730a9284a63f1d0d5459c77ec0b3d94de41196f719fc642a96 |
| SHA512 | d21cf55d6b537ef9882eacd737e153812c0990e6bdea44f5352dfe0b1320e530f89f150662e88db63bedf7f691a11d89f432a3c32c8a14d1eb5fc99387420680 |
memory/760-246-0x000001B10F270000-0x000001B10F2B2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\rsLogger.dll
| MD5 | f55948a2538a1ab3f6edfeefba1a68ad |
| SHA1 | a0f4827983f1bf05da9825007b922c9f4d0b2920 |
| SHA256 | de487eda80e7f3bce9cd553bc2a766985e169c3a2cae9e31730644b8a2a4ad26 |
| SHA512 | e9b52a9f90baecb922c23df9c6925b231827b8a953479e13f098d5e2c0dabd67263eeeced9a304a80b597010b863055f16196e0923922fef2a63eb000cff04c9 |
memory/760-249-0x000001B110A90000-0x000001B110AC0000-memory.dmp
memory/760-255-0x000001B110B00000-0x000001B110B3A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\rsJSON.dll
| MD5 | 927934736c03a05209cb3dcc575daf6a |
| SHA1 | a95562897311122bb451791d6e4749bf49d8275f |
| SHA256 | 589c228e22dab9b848a9bd91292394e3bef327d16b4c8fdd1cc37133eb7d2da7 |
| SHA512 | 12d4a116aee39eb53a6be1078d4f56f0ebd9d88b8777c7bd5c0a549ab5cff1db7f963914552ef0a68ff1096b1e1dc0f378f2d7e03ff97d2850ca6b766c4d6683 |
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\rsAtom.dll
| MD5 | f5cf4f3e8deddc2bf3967b6bff3e4499 |
| SHA1 | 0b236042602a645c5068f44f8fcbcc000c673bfe |
| SHA256 | 9d31024a76dcad5e2b39810dff530450ee5a1b3ecbc08c72523e6e7ea7365a0b |
| SHA512 | 48905a9ff4a2ec31a605030485925a8048e7b79ad3319391bc248f8f022813801d82eb2ff9900ebcb82812f16d89fdff767efa3d087303df07c6c66d2dcb2473 |
memory/760-257-0x000001B129D90000-0x000001B129DBA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\uninstall-epp.exe
| MD5 | 8157d03d4cd74d7df9f49555a04f4272 |
| SHA1 | eae3dad1a3794c884fae0d92b101f55393153f4e |
| SHA256 | cdf775b4d83864b071dbcfeed6d5da930a9f065919d195bb801b6ffaf9645b74 |
| SHA512 | 64a764068810a49a8d3191bc534cd6d7031e636ae306d2204af478b35d102012d8c7e502ed31af88280689012dc8e6afd3f7b2a1fe1e25da6142388713b67fa7 |
memory/760-274-0x000001B12A020000-0x000001B12A078000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\Microsoft.Win32.TaskScheduler.dll
| MD5 | 87d7fb0770406bc9b4dc292fa9e1e116 |
| SHA1 | 6c2d9d5e290df29cf4d95a4564da541489a92511 |
| SHA256 | aaeb1eacbdaeb5425fd4b5c28ce2fd3714f065756664fa9f812afdc367fbbb46 |
| SHA512 | 25f7c875899c1f0b67f1ecee82fe436b54c9a615f3e26a6bec6233eb37f27ca09ae5ce7cf3df9c3902207e1d5ddd394be21a7b20608adb0f730128be978bec9b |
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\rsSyncSvc.exe
| MD5 | cc7167823d2d6d25e121fc437ae6a596 |
| SHA1 | 559c334cd3986879947653b7b37e139e0c3c6262 |
| SHA256 | 6138d9ea038014b293dac1c8fde8c0d051c0435c72cd6e7df08b2f095b27d916 |
| SHA512 | d4945c528e4687af03b40c27f29b3cbf1a8d1daf0ee7de10cd0cb19288b7bc47fae979e1462b3fa03692bf67da51ab6fa562eb0e30b73e55828f3735bbfffa48 |
C:\LDPlayer\LDPlayer9\dnrepairer.exe
| MD5 | 4def56a3500d5a4dec3ff797a88c5751 |
| SHA1 | 1a53c9c6f3d1e27ac8532e09f87990505c8090de |
| SHA256 | c09b51bdc9039b976a55eb8dc7c517d65d8d5f6eadda92d2de27ceee7845b0e4 |
| SHA512 | a96322ca61f45875bfdb7b514ce1a95bbc1faba3fc0b7bc7c0af3f05d68c14e47fddff64e595f6bf053df7e1efad3e5f9e33f3bc2e09501c3c20de62864ae1d8 |
C:\LDPlayer\LDPlayer9\MSVCR120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\LDPlayer\LDPlayer9\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\crashreport.dll
| MD5 | 19dae6362eb73913f7947f719be52516 |
| SHA1 | e157307ae8e87c9a6f31bc62ecdf32d70f8648d9 |
| SHA256 | ae0eba69019294d03e11d68fea0ee72e77bfe156803f1b83bc8566a0a4d3584d |
| SHA512 | f5eb5771eb03f7f2067e32573397814ff3ef54dc7fae0abadad6bfdcafef6a4a5bf6f3ab9874c0530cb70cb995f6716ca8fa1cba175ed5a1d298c700f6e59ad2 |
C:\LDPlayer\LDPlayer9\dnresource.rcc
| MD5 | d4d2fd2ce9c5017b32fc054857227592 |
| SHA1 | 7ee3b1127c892118cc98fb67b1d8a01748ca52d5 |
| SHA256 | c4b7144dd50f68ca531568cafb6bb37bf54c5b078fbac6847afa9c3b34b5f185 |
| SHA512 | d2f983dde93099f617dd63b37b8a1039166aaf852819df052a9d82a8407eb299dac22b4ffe8cab48331e695bf01b545eb728bec5d793aeb0045b70ea9ceab918 |
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
| MD5 | 8d6d7d2b4b15a56c187288485d57f2a3 |
| SHA1 | 06980d9bb48deb03fcc34734d45a12a7e73a174e |
| SHA256 | eeed21499b9903b7d8d09392db96475c432ada134afc8ac68099bcf4238dae05 |
| SHA512 | e6c3a2d2e956ff8cba77b824e1e9daeb25bce8350c85bd26f5184d5ce9d08e0c76bbdb3772e671a87eb50daeaa45966064cce09374bd6b68985bac90dfefd41a |
C:\Program Files\McAfee\Temp4043534815\installer.exe
| MD5 | 3e8dd9eaa2e5ec6f19232526ab93f678 |
| SHA1 | dc34c67784b5173d8e3c6eb33512b06fa886f5bb |
| SHA256 | 78a11faf56148e1cdf2e28d18eed54675daa39edae3b8dcc20e539e231a7760e |
| SHA512 | 242ebe5da1877c07ac377f7b4e2cbc0ebdc882c735a362a573ba8886b003eeb1a0c5aa7f186997e06e7c9b5bc3b51f82ccf49386e0f7b1f7017ea5d767995847 |
C:\Users\Admin\AppData\Local\Temp\mwa91BC.tmp
| MD5 | 662de59677aecac08c7f75f978c399da |
| SHA1 | 1f85d6be1fa846e4bc90f7a29540466cf3422d24 |
| SHA256 | 1f5a798dde9e1b02979767e35f120d0c669064b9460c267fb5f007c290e3dceb |
| SHA512 | e1186c3b3862d897d9b368da1b2964dba24a3a8c41de8bb5f86c503a0717df75a1c89651c5157252c94e2ab47ce1841183f5dde4c3a1e5f96cb471bf20b3fdd0 |
C:\Program Files\McAfee\Temp4043534815\browserhost.cab
| MD5 | 00f2d550a714ad541e1a11f99e066011 |
| SHA1 | 7596fc563482c60d3c640cd7a94b9802548efc19 |
| SHA256 | 31c4a80c292d28dd2712d11819b4c9b525774ca1900b1e1ae698e17a8afb33e8 |
| SHA512 | 7959e8dd3992b98a95600f22ab93169c9f31093418e07502804a30f116347c6af16988733d1f53eae0f3f2b4f152f15158b1603923a2103f4de2003095057bba |
C:\Program Files\McAfee\Temp4043534815\eventmanager.cab
| MD5 | 13a4bada2aa7a4778cb5b4850a1dc721 |
| SHA1 | 49a9ea7e78fab850845d19c1809c0877a0266c33 |
| SHA256 | fed072050720a71ae72629d0a0344880e57e39d283a10f9888d6b048e4109acd |
| SHA512 | 44a2ea95bdbb1d930c23728e9c0042304051a469c90ec0a424bcdc55e2b230935b8382ba4f175f2190ae4fbd8fb7834f6aaf197fe77852c888d26ae5c70b224a |
C:\Program Files\McAfee\Temp4043534815\downloadscan.cab
| MD5 | e43c59a9951624d52be8403c660798fb |
| SHA1 | 56d267b5c385e3b7ba2d7018087c99bb8996ab28 |
| SHA256 | 90d4e915b2e173efbacca232b1706bf06adf71c6d4019d75e80dc31917a8cf1b |
| SHA512 | efaf271e5655e0941bc8ca04fd28695126ca53de02778f0b6bd9c27b81bc49921de6f096dd8722259ef2ba011d6f327f13486ce62462c4388da47ac88e36a874 |
C:\Program Files\McAfee\Temp4043534815\browserplugin.cab
| MD5 | a69c0bf266c2f9e29847a0a4083eb959 |
| SHA1 | 3088c3121b40132f46400a556ef10cdbc2bc4e20 |
| SHA256 | 29feab1275621175f8647f4d3a6cf8f57b6166b50f22ca120dd26c10595dad36 |
| SHA512 | 6f869407a57fa3a704f7938412fa262884c5592f7aebcf96bfae768c837780e1a45a8a359a2b6c8067f451c4c8d48a13d5017219618ec4b4581df140a08b6829 |
memory/2220-583-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-582-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-581-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-580-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
C:\Program Files\McAfee\Temp4043534815\analyticstelemetry.cab
| MD5 | a4e9c8ea60c8dc5ddd031684e2fa2b0f |
| SHA1 | e96f54fbe1ba93f8dee5c9c762707d6062e40250 |
| SHA256 | ab7bbd9538e10bc38de331b72d4255e17b0076d2c7ea1a08a3083355477f92b6 |
| SHA512 | a3f2e92b3e46e40042e0b581612a32a97cdfe47214db916695fa3fb2f33f2450e683d5d945bcbae00107e615698c50e58d58afba9de33f9f369f4f9a4cb20b86 |
C:\Program Files\McAfee\Temp4043534815\analyticsmanager.cab
| MD5 | e57aed2c3515e4200f7e126f8c4da270 |
| SHA1 | ca85de1ff2209e960898e5522b5ceb9c93fecbd1 |
| SHA256 | 1bd7b17a6d78812b991b44abd82aff0d1b789a29b63b9b1fc20947e7c86bc8d9 |
| SHA512 | 94d134daa06a4470906d9ca31489c542b468f19341df714278ecdf6fe6a022229944550a78580b0d8b6d7bdee65a4b631ed690de8647fdea76382db66f6f8e91 |
C:\Program Files\McAfee\Temp4043534815\l10n.cab
| MD5 | 02500487a40a5ff6a8eb5e4a30e3c93b |
| SHA1 | 2c82524477e9b58d73bca3b02e71376b0aad4f17 |
| SHA256 | 0f5003de34bd67569cca10ee9de83a0a75bdc3d64e79ddc399b3e84d4ec6b7d9 |
| SHA512 | 2b7903cc4d5de4e28a30446fe4bd1ad3b4d29f96b6defc6483830e085480152c029b3f8455db132e3ae29f7b0034df87c768bc83b4efb1bdb740c3c066319d16 |
C:\Program Files\McAfee\Temp4043534815\logicmodule.cab
| MD5 | 3d790f82b0a9ba96750ba3f2eed588f1 |
| SHA1 | efc833a1fc2ba48890da31271321989fbf2e4956 |
| SHA256 | d9edad64dbf02aa76140014e48247bba79f8e5542b245ede3885d3c59de27a52 |
| SHA512 | 01784bc0f4ec96cadbfda09a9773242b0cf1fea533dc04c038ebf15a74ff12f1e63675b469c32879c0ca48e5b49590bfc42a884b15540c019802450d0ab515ca |
C:\Program Files\McAfee\Temp4043534815\mfw-mwb.cab
| MD5 | 6d7a663d317a09a4905264b4c4b2ef6e |
| SHA1 | 18d8baab317f9ff011d738883e7e8a75c8b53b06 |
| SHA256 | 4afc1510fba158b3ff52c9a81dc47f9874decac328edd1ac9e319044e6ddb56c |
| SHA512 | 52a191c5f4a8f940b1f586745a098ff92a1a53d7aa3bd11223da1ed1415444b89dcccb648a34392eb19664389ab538229025af78eb9c51eb6b991c42a14816f9 |
C:\Program Files\McAfee\Temp4043534815\mfw.cab
| MD5 | 927a125fff98e88ecc0bbc0b5f10dba5 |
| SHA1 | 9c7840d27cd6d8b456f53c58ae52a14aff5317b0 |
| SHA256 | 8946eb981db9d9b91ff12b1d0338288a8c48f6ec8ca6040935fa1e566f93a007 |
| SHA512 | 7e247bcb23e413e7fb6e8efed4a1c191b33f526707b4f031fd3326acf27245f02141039be3dd1fd5ed9c8bd86273dbf13c46254ee2a595358b8a6c8930185b14 |
C:\Program Files\McAfee\Temp4043534815\settingmanager.cab
| MD5 | ca69ea788eaefdac784d91c04b8d8c9d |
| SHA1 | 1830cecbaea9e558753540b0cfac78a4f323e619 |
| SHA256 | 9858761d099cca8faae725d6ec509a165240c904f7f0800a23e0e7567ebc3910 |
| SHA512 | 5fe4973f3627bce4cc1d323a8dc3cda81419a406650abe40830bd5fad0c0c5fae32a22e4c226e8c6df56bc3f12301459783e162da28c1fdb463c8ac03bd01339 |
C:\Program Files\McAfee\Temp4043534815\taskmanager.cab
| MD5 | 849e19fee07adec045d9ed321c50ccb8 |
| SHA1 | 72ad513a60b29213ed35470c3a92ddc0f950efd1 |
| SHA256 | 32df02ca872cbb2b641bd96e71d3c3ee90a45133f1ac100407bb7bf694d3d6bf |
| SHA512 | a603dffce8c73277bf63002cde674a4d16c3726e191c80e04961209f3c91f0c75b55701b95749a15e283c345dc8f62968a2c311227e0a89a9fa01f23b89edd48 |
memory/2220-608-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
C:\Program Files\McAfee\Temp4043534815\servicehost.cab
| MD5 | 7730bdc3643a3741cbfe531834a80e7f |
| SHA1 | b0014e646504b028cd12ec2cfdbb984b9fdb85f6 |
| SHA256 | ef553b4dc2dbb0f858a0b5ba3cfa799b2c0f920d9a9cfbdb262feafa31b7a068 |
| SHA512 | c7154ffd5b6cc1250dedb5ad14a4cfc12eb6154a23fdf3d2f075c17512c96c7c61317427b6f54137aeeb2d27f594c5f0fded565c3a1260a2416826e9cd39d48a |
memory/2220-606-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
C:\Program Files\McAfee\Temp4043534815\resourcedll.cab
| MD5 | 1d167e4ddd9bad8d638d8972c607cbaf |
| SHA1 | b49e42f45a3af3807e32409a6a3ef0603aa70e6e |
| SHA256 | d20994576a1ca9c8508f3176289e24a143c913193b5d5616dd0d46e320965e9c |
| SHA512 | c19f30cacb16872c15f7104bc2df155e79b86431473be983a13f6d72fee7d43c4a95b1bcd08c394f6ff098c53a7455a7c8277efcbd7749a7397acd6e68eda15b |
memory/2220-603-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
C:\Program Files\McAfee\Temp4043534815\uimanager.cab
| MD5 | b0c0fbf6381bc6401c66fdfef10ed839 |
| SHA1 | 009155f5a5495c8b259224e133398ed8e13b81de |
| SHA256 | 698c9e4c1811c4e00d325608c60154a74b069681aa8a7fa03be5f3dcbd545651 |
| SHA512 | c3d30f8709ce5be5156de20c3e4cb41089bbdb0a3889fc23df2e33325834f4f41256e269cd2eb174bb7b8cc469a482e04334932ca45d4bc8d1a9332dca93bc81 |
C:\Program Files\McAfee\Temp4043534815\uninstaller.cab
| MD5 | b62c9a02390c127fab856d6840349431 |
| SHA1 | 995f256696dd9af997570461c7a3eb03fe7130f0 |
| SHA256 | 644e25efd1a863ebb5c5eba9370d1d3c1f7818ddc3b08e83436aa9d5c0ef3cc6 |
| SHA512 | 4dae113507e87237513722259fb267bbfd640fe7d0bb59d38137a4541e82f265edccb8b6853976d0588cb3ad2bb39ac92acc443db62d52d4f10854a210382e62 |
C:\Program Files\McAfee\Temp4043534815\wataskmanager.cab
| MD5 | 5bbe21ff2e236e600aa4c255fd9c3340 |
| SHA1 | 9f776eb6840bba720f0d1ef5fa21a8f17b7e7e84 |
| SHA256 | a2f6a9775170118a97f4f4c276bf465d31b901d570aa6200f5bad8a0c8527971 |
| SHA512 | 227d47946273b057eb3bb9ca11c70d50a96e7ebcef7b57d51fd786054761cbe0d3820448f4d5642b7c0becc0d64b5b301c1f9d3f466a17f48eb5cb610d5e3d18 |
C:\Program Files\McAfee\Temp4043534815\updater.cab
| MD5 | 8a98fe616623525eeea2e900bdcc059a |
| SHA1 | 6ace688d538a5c1441d9733c81dfb09590010d93 |
| SHA256 | 7eeff73f46e9528de0399f44d6f97a7aaca54081f04be353dae44e2a0e0ff518 |
| SHA512 | 887fefd667205e2258f3c41374b6ba2bf0435b01a04430e36360b6ece2fc2f188c0bde0bb7b1632b1d5a5bdfb7a151ce7f2942d566eae07693d8a0e350a2291b |
memory/2220-617-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-615-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
C:\Program Files\McAfee\Temp4043534815\uihost.cab
| MD5 | 3459c4ae57c1a0787469724659c4f799 |
| SHA1 | eaf34468ef6ec06bd36947337ea3e2a248be3205 |
| SHA256 | 92e24c4aa7f6dc777a08fa33be02e8ffe2212de80a7f395dfe43b4004d1664f4 |
| SHA512 | bf2b4b3509fe6b74f2e28e308b9325960696aa5d738bb37a44cc63de7d6690b775cc657e4f60852997d66256817b2b7009bbcb7f681f09f6e929365a71a4db8f |
C:\Program Files\McAfee\Temp4043534815\telemetry.cab
| MD5 | cd605472692533e9cd0a0c0762828f7b |
| SHA1 | 3273dcb4f4f8723d2ac92b1e06898cc75f41b538 |
| SHA256 | f507a042d55627f9bbd40b9a7703ad00cfd8daa551db16cbce8d82c9e7972706 |
| SHA512 | 4685e05a9bd8aaaa38b477f4caa37aee3d4d5710e5b8da42ac6920530befc2694c33ef1ca9bdb468374d681dc529b4b6f2f9c388752719911a49310b664fcd0b |
memory/2220-611-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
C:\Program Files\McAfee\Temp4043534815\mfw-webadvisor.cab
| MD5 | 2e6ab957aa1df44639ed2017eb53a765 |
| SHA1 | 361722b1874e25515e353fa761795028a0c7442e |
| SHA256 | 9d6970c23cb265991327171b524c43ea064b0758e196e5789a8c04a3f2f77b64 |
| SHA512 | 333a7d49a579fd923d20565b8bb0de16cfd5bb257e3e471fe66294f5950eeaa3945e2da115aca7809ac92215d8080aa7a200db20e63517803eaed80f0fc1f1a7 |
memory/2220-601-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-600-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-599-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
C:\Program Files\McAfee\Temp4043534815\mfw-nps.cab
| MD5 | 81b5d7c448a71161f7d38779a0218d56 |
| SHA1 | 2ad39c5872799aab2e13d9362cae3d4f9b44874b |
| SHA256 | 25c3fc24abc851396de0ff45c373dad3717d739138dc190c54b70d0212b49592 |
| SHA512 | d80ae883cfcafcbfac18a06bde160d8f4539c829a18b768d99ed004d065ae314363cf6cc895b2fbf9abc6532e2c0b00cf05ef80cda779a733ec6046a08f5d437 |
memory/2220-597-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-595-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-594-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
C:\Program Files\McAfee\Temp4043534815\lookupmanager.cab
| MD5 | 1815b59997e12005efef2bbebbac4711 |
| SHA1 | c1696256a2f31e0e6412257cecc9fd4f9661eef9 |
| SHA256 | 02b2f4b30255f43eea3b850908e95c9d03055e7c5908cf0b4aa23668fa72c217 |
| SHA512 | 8a37d87947ae595dfa7938d9c9c82e8f62a280ac067e6cdda027064016acc26ec0ca6f6c17f952450e320790692102dc8329827ba454daf9f26711df71b3e114 |
memory/2220-592-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-591-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
C:\Program Files\McAfee\Temp4043534815\logicscripts.cab
| MD5 | f8dfc0755ad1b107bec5867afa3c8516 |
| SHA1 | 2cc056e90415d5e5a7a77c3af2db13fb97a4e964 |
| SHA256 | a2665c0828dad9ca5b3bed154dd0992b2b563bd03e0b033babb8fd151bd20293 |
| SHA512 | 803b9de1ebf8801f9ede1b846604d8f588dd12c2aa849b3371087e4fc9da3bea763174f1f929084db9a15892959e3be1bc10f3082ddf798aab2d5f63d7381772 |
memory/2220-631-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-630-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-629-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-628-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-627-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-626-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-625-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-624-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-623-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-622-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
C:\Program Files\McAfee\Temp4043534815\wssdep.cab
| MD5 | 3a0c760c08eaa901c6266d803dc0f5e8 |
| SHA1 | 44c141f5f88161609b64ecda3b9001431f1a807f |
| SHA256 | c6c829c6a7d47e7d595b3775160c3c0f144104d397e141f3f58b40b79b9c9989 |
| SHA512 | 469fa37999e427bbd3ea9011069c08172f763ea7fdc7775b52861ac0e8acb2836618a2f3fd3c13983feb6a1cb5cadb097ee86dc4b8d8bf58b281c8233713d17b |
C:\Program Files\McAfee\Temp4043534815\webadvisor.cab
| MD5 | 790a6db4ba45374e2642b628bf0641ad |
| SHA1 | 63a88cba16b1dd52f457b685d03c3f9013ec8502 |
| SHA256 | 264db0041d449f6b6ea576342a6add2a1d9fa83f10f2dda379ff7f62bd59b31a |
| SHA512 | d180facd77529a0720519941476d905b72992a072c289bca661c92015040bedaa2bc8381b10e18ce794d3f7144441c64c90180398f655a6a0c78066f6d7136e9 |
memory/2220-639-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-810-0x00007FF625160000-0x00007FF625170000-memory.dmp
memory/2220-808-0x00007FF600480000-0x00007FF600490000-memory.dmp
memory/2220-807-0x00007FF600480000-0x00007FF600490000-memory.dmp
memory/2220-730-0x00007FF5FB680000-0x00007FF5FB690000-memory.dmp
memory/2220-728-0x00007FF5FB680000-0x00007FF5FB690000-memory.dmp
memory/2220-638-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-637-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-636-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-635-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-634-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-633-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-632-0x00007FF6087D0000-0x00007FF6087E0000-memory.dmp
memory/2220-796-0x00007FF64AC50000-0x00007FF64AC60000-memory.dmp
memory/2220-844-0x00007FF603F10000-0x00007FF603F20000-memory.dmp
memory/2220-822-0x00007FF603F10000-0x00007FF603F20000-memory.dmp
memory/2220-790-0x00007FF64AC50000-0x00007FF64AC60000-memory.dmp
memory/2220-788-0x00007FF64AC50000-0x00007FF64AC60000-memory.dmp
memory/2220-786-0x00007FF64AC50000-0x00007FF64AC60000-memory.dmp
memory/2220-782-0x00007FF64AC50000-0x00007FF64AC60000-memory.dmp
memory/2220-780-0x00007FF64AC50000-0x00007FF64AC60000-memory.dmp
memory/2220-770-0x00007FF64AC50000-0x00007FF64AC60000-memory.dmp
memory/2220-769-0x00007FF64AC50000-0x00007FF64AC60000-memory.dmp
memory/2220-743-0x00007FF5FB680000-0x00007FF5FB690000-memory.dmp
memory/2220-739-0x00007FF64AC50000-0x00007FF64AC60000-memory.dmp
memory/2220-738-0x00007FF5FB680000-0x00007FF5FB690000-memory.dmp
memory/2220-736-0x00007FF5FB680000-0x00007FF5FB690000-memory.dmp
memory/2220-725-0x00007FF5FB680000-0x00007FF5FB690000-memory.dmp
memory/2220-850-0x00007FF64B0F0000-0x00007FF64B100000-memory.dmp
memory/2220-846-0x00007FF603F10000-0x00007FF603F20000-memory.dmp
memory/2220-709-0x00007FF5FB680000-0x00007FF5FB690000-memory.dmp
memory/2220-699-0x00007FF5FB680000-0x00007FF5FB690000-memory.dmp
memory/2220-680-0x00007FF5FB680000-0x00007FF5FB690000-memory.dmp
memory/2220-668-0x00007FF606C40000-0x00007FF606C50000-memory.dmp
memory/2220-664-0x00007FF5EF390000-0x00007FF5EF3A0000-memory.dmp
memory/2220-647-0x00007FF606C40000-0x00007FF606C50000-memory.dmp
C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll
| MD5 | 141328a56946a190d7e9e522c1d40b66 |
| SHA1 | 49d9ff35fc943183eefe3e5be4128d8a13c170fc |
| SHA256 | 9c04ccd4667e319eca6909b3da718a321a38eba911378af9e620becb2c71d03e |
| SHA512 | 04a0e60ef29d6c755e80adc68f27334d064e44f83017bb8b45d3d2bb8ad095464d202a73e3ef521611fb4cc917c522c340bbb7d02f8c3dcd3bcb0396e33d6035 |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 32b58586602bc3c1329837c0ae40345c |
| SHA1 | 1c20183a3732417f32e3060e575f6220368b370f |
| SHA256 | 36882e7096c4f03b570fe86ab29b70460c3e9690288e184fb82fb32105426be6 |
| SHA512 | c7eb4899848b31efdc67533114d7c1aec876d5aae9c8f55377fc08c2ccb1429f5bfc210799979777a178001d355a4f878316f4f442491bfaeda446770a78e77c |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 90fe8871639598af3419d0483f942a5c |
| SHA1 | dc779a89679fe7d236b098edcc5e736c5ddefc32 |
| SHA256 | f5f35c9943845dbbd0e360225cf1fea149e101ee8a35d5026238607e6a5036af |
| SHA512 | 1f58f7ac110a825341efabfc55fc155e3a9905619156dedb0571880bca80b2a3c52d29566bda4072c8258cf726988973979af203c35eaab2df619548d8059ac9 |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 510870ebf77e27a537a8e582a464df1f |
| SHA1 | 8a51db81a6526439d55f86c44905410fc8a0f557 |
| SHA256 | 4d80a71cd09ca0137df2a0fea2dfd690efac48d4aef1ebce5cfc97b5083ee307 |
| SHA512 | 6146937de2990717c345d45cb325d821ec5a5b01850467b94fe7faa7b7bb55945d1d17da7977a6dc9a2e73928224bb83f486c1d2d843aa66725be1dd6fc682f7 |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | 582cb55f1d5488c19de8a02e5c22e1b1 |
| SHA1 | 107898c4b33c797fbdeaccf0d4c73c18e30fe81a |
| SHA256 | 7740054020dd617171342f29863839b1ab9e7666ea5e5467039f30306bd409b1 |
| SHA512 | ca3abfb0ba9b34bd006dc9576b1d56294ccf2b3086483277a15e6b96ed7ed206a858acfa618d6188f76214d86b2f2f40b43f2f10b3026dc3e5bcbe223186357c |
C:\Windows\Logs\DISM\dism.log
| MD5 | 189b215cc529af851bf960c7da975cc3 |
| SHA1 | 637289459b5861b572702237bdefe8a03ec8cdf7 |
| SHA256 | 080f93f3ce65a915ba87c05bde8c9ddd377a90ea43bcdf4ae008b1a1879746ec |
| SHA512 | 0aac40ff201a782ff3e4b196e696fb979c6cdd50127141d8b39c260587550dd232a6e68c9648415d121e174903f5c0bdcc403c3fe03218d8f1295c76a47857d5 |
memory/2240-2641-0x0000000002500000-0x0000000002536000-memory.dmp
memory/2240-2642-0x0000000005130000-0x0000000005758000-memory.dmp
memory/2240-2643-0x0000000004D80000-0x0000000004DA2000-memory.dmp
memory/2240-2644-0x0000000004E20000-0x0000000004E86000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_r3ihxtq0.lvu.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2240-2666-0x0000000005860000-0x0000000005BB4000-memory.dmp
memory/2240-2699-0x0000000005E20000-0x0000000005E3E000-memory.dmp
memory/2240-2700-0x0000000006350000-0x000000000639C000-memory.dmp
memory/2240-2780-0x00000000063E0000-0x00000000063FE000-memory.dmp
memory/2240-2765-0x000000006DD80000-0x000000006DDCC000-memory.dmp
memory/2240-2784-0x0000000006E30000-0x0000000006ED3000-memory.dmp
memory/2240-2761-0x0000000006450000-0x0000000006482000-memory.dmp
memory/2240-2798-0x0000000007160000-0x000000000717A000-memory.dmp
memory/2240-2797-0x00000000077A0000-0x0000000007E1A000-memory.dmp
memory/2240-2801-0x00000000071D0000-0x00000000071DA000-memory.dmp
memory/2240-2802-0x00000000073E0000-0x0000000007476000-memory.dmp
memory/2240-2803-0x0000000007360000-0x0000000007371000-memory.dmp
memory/2240-2879-0x00000000073A0000-0x00000000073AE000-memory.dmp
memory/2240-2880-0x0000000007480000-0x000000000749A000-memory.dmp
memory/5176-2905-0x000000006DD80000-0x000000006DDCC000-memory.dmp
memory/4536-2918-0x00000000059F0000-0x0000000005D44000-memory.dmp
memory/4536-2926-0x000000006DD80000-0x000000006DDCC000-memory.dmp
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf
| MD5 | 93b877811441a5ae311762a7cb6fb1e1 |
| SHA1 | 339e033fd4fbb131c2d9b964354c68cd2cf18bd1 |
| SHA256 | b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b |
| SHA512 | 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4 |
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 330013a714c5dc0c561301adcccd8bc8 |
| SHA1 | 030b1d6ac68e64dec5cbb82a75938c6ce5588466 |
| SHA256 | c22a57cd1b0bdba47652f5457c53a975b2e27daa3955f5ef4e3eaee9cf8d127a |
| SHA512 | 6afb7e55a09c9aac370dff52755b117ad16b4fc6973665fce266ea3a7934edfb65f821f4f27f01f4059adb0cf54cc3a97d5ff4038dc005f51ecee626fd5fadd1 |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | 2061141f3c490b5b441eff06e816a6c2 |
| SHA1 | d24166db06398c6e897ff662730d3d83391fdaaa |
| SHA256 | 2f1e555c3cb142b77bd72209637f9d5c068d960cad52100506ace6431d5e4bb0 |
| SHA512 | 6b6e791d615a644af9e3d8b31a750c4679e18ef094fea8cd1434473af895b67f8c45a7658bfedfa30cc54377b02f7ee8715e11ee376ed7b95ded9d82ddbd3ccc |
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
| MD5 | 5e2b4c627d4afac7b138fb229f3ba8cf |
| SHA1 | 7b8b27bfcbc2603f7e10474d3895e6dc821992c0 |
| SHA256 | b3df61de305444755aa5c79b4a88f10d5474980db8da0d674856ba158eb1c3b6 |
| SHA512 | 325d151197bce5ba7a9ba76cdaaf5f9f5a3fc546542e78dc2b3b35337654a65ee2d19d20112d82b496104f148acb6b25e8c3d27a567b5eb6f0b2aa38aa4093ed |
C:\Program Files\ReasonLabs\EPP\mc.dll
| MD5 | 5761d96590d91fa336c068269a7dbd93 |
| SHA1 | 5a1b0a8b4f255680a7549b2b27c28dd65a5a3e47 |
| SHA256 | 7dc02294611987dcffef0d1ce99ff316926901fc872099cbea2fb76997e29f65 |
| SHA512 | f8f5743547c96aeb579b7786fc9af64102bef3cf46a6df270cccf5d51a48467d9547732ff49f8d5258e7f28a5bf2d234d3344c2862a5a67f5054de81ec6f4ea2 |
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
| MD5 | b3b1147d7bcff3698ed64b9ca31dd75d |
| SHA1 | cfcfecdfef6103e606e6559920b0164e6ddec856 |
| SHA256 | 1f260a7cf65d80332a58a16b713570054e83d2d842b17ca76262dedef69922f8 |
| SHA512 | 8638c0c96ed95c6ce5b00444b7287b0017b2ad1c1aab874b9caa9210fcaf4f7e7a3aac6b261e6e2686b66bbb02d6a68827541bf7a78a922d057a0c0846884614 |
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
| MD5 | 09e2401f12f54289c04af17d90f0798f |
| SHA1 | 2f95c7a2684338f5fc66b0c20e148b2a9938b154 |
| SHA256 | 3efd3ea030a60cf4c5e0c6b93fdd24f1743e56cecd3a30329375ff80ef47091d |
| SHA512 | 8337b3f7bb29f546eaefe9adb8b7674007176c0f6d429d9b51df7eacf41b09042359d028ded0c934f71ce11e308252b86846027e10e07529327a451cfe7c2206 |
memory/760-3369-0x000001B12A260000-0x000001B12A2B6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\c860c114-86e2-4d4a-bedb-b4c3cd06b970\UnifiedStub-installer.exe\assembly\dl3\fcdf3cd7\1b468ef9_cacbda01\rsJSON.DLL
| MD5 | 8740daedb5e9ab8a48389ee3088a9c16 |
| SHA1 | 4d821d8523ee72ebe2cd3e74e3c0cdcea7038d92 |
| SHA256 | 8c0123b38ef50dc9aa0cb7c56028ae9c031425ab812ee0b56ff396c35b7af95a |
| SHA512 | e847f7bd7c02662196b1bdbbd1073e21bb185c4a2d19c351b643de80c3efca661c126f9ebd834373d1baf56e8a67d03ce9624132d35f4a8deeec00d4a3236b26 |
memory/760-4997-0x000001B12A2C0000-0x000001B12A2FA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\c860c114-86e2-4d4a-bedb-b4c3cd06b970\UnifiedStub-installer.exe\assembly\dl3\ef3f1451\57319af9_cacbda01\rsLogger.DLL
| MD5 | 683e19faf979c5ab2ae5919f0b3d1485 |
| SHA1 | 8453dbc5029e96e4c42cf96b327aef987b15b9e8 |
| SHA256 | 60834a138a215289237b1f99c05489e7bda8e8c4357ef8e96d7914ef270e5ca8 |
| SHA512 | 0b3764b1fe3b7fe10f7b78243f5a91c8563816eb19dad8d06e31dcaf6898ecfce667fe2585cff4dacc2a2650cd09428b5e4f2ff58baa54855e9749dc4f5d44f4 |
memory/760-5008-0x000001B12A2D0000-0x000001B12A300000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\c860c114-86e2-4d4a-bedb-b4c3cd06b970\UnifiedStub-installer.exe\assembly\dl3\e695a8d6\aa8089f9_cacbda01\rsAtom.DLL
| MD5 | f2c6d0704191203c591b7257beff2d57 |
| SHA1 | 0f8e468f8c26b71c5162b33caa812fa48bac8dd6 |
| SHA256 | ea791c403f402fbe8763d1adbb3a317463562a42757aa74d96505f2a4997585e |
| SHA512 | 2637921c04e98b14085778f85716e92efb76f9a50a0a9c1793b0310043ad60413642199e49f72eccdb4d2cbdbaeccf87ed83bd49976e6409b10916ef0218be08 |
memory/760-5020-0x000001B12A2D0000-0x000001B12A2FA000-memory.dmp
memory/760-5033-0x000001B12A480000-0x000001B12A4AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSCBD17268\c860c114-86e2-4d4a-bedb-b4c3cd06b970\UnifiedStub-installer.exe\assembly\dl3\3ed65b4c\57319af9_cacbda01\rsServiceController.DLL
| MD5 | 3c11f1f4ab1b51e92af5210a25cb1a98 |
| SHA1 | f34e01f036d6279cb99ad36b7ad4f93875055ef1 |
| SHA256 | aadf52eefbc4330a9af62a2554635bc4f6d9503e0689ba86ee56c194b34d6382 |
| SHA512 | f872d8ec41c38e2c6527e4dd5285f7f877fe0714e94fde304f62b37b6f300d5bae38943df0c62dfa829886b0adbed01f6af14bdb8353ff6fdf73acedeb5ffcb4 |
C:\Program Files\ReasonLabs\EPP\rsEngine.config
| MD5 | 3149ca79d09c362307bed37960f0fd04 |
| SHA1 | f5f43f511ef581dc7b88ed194bb8e86e42f45bd3 |
| SHA256 | 5481ccc72cad44173cdfbf746a701bb79e2b75927ef71aee1226e07e1265d31b |
| SHA512 | d7c519a58bdefd24bcc26ec681b27a72a0aabbf4135d8e47a493abe1e4affd7cb5740b132d445aa9ecf66247de7406d5974557ae671d5977e40d877167b94a70 |
C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys
| MD5 | 8129c96d6ebdaebbe771ee034555bf8f |
| SHA1 | 9b41fb541a273086d3eef0ba4149f88022efbaff |
| SHA256 | 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51 |
| SHA512 | ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18 |
memory/6012-5059-0x000001805D960000-0x000001805D98E000-memory.dmp
memory/6012-5060-0x000001805D960000-0x000001805D98E000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 1264314190d1e81276dde796c5a3537c |
| SHA1 | ab1c69efd9358b161ec31d7701d26c39ee708d57 |
| SHA256 | 8341a3cae0acb500b9f494bdec870cb8eb8e915174370d41c57dcdae622342c5 |
| SHA512 | a3f36574dce70997943d93a8d5bebe1b44be7b4aae05ed5a791aee8c3aab908c2eca3275f7ce636a230a585d40896dc637be1fb597b10380d0c258afe4e720e9 |
memory/6012-5073-0x000001805DE90000-0x000001805DEA2000-memory.dmp
memory/6012-5074-0x000001805F6A0000-0x000001805F6DC000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 43fbbd79c6a85b1dfb782c199ff1f0e7 |
| SHA1 | cad46a3de56cd064e32b79c07ced5abec6bc1543 |
| SHA256 | 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0 |
| SHA512 | 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea |
memory/7228-5094-0x0000017D19910000-0x0000017D19C76000-memory.dmp
memory/7228-5095-0x0000017D19C80000-0x0000017D19DFC000-memory.dmp
memory/7228-5097-0x0000017D00D50000-0x0000017D00D72000-memory.dmp
memory/7228-5096-0x0000017D00CE0000-0x0000017D00CFA000-memory.dmp
memory/6280-5099-0x000001F0D1370000-0x000001F0D13CC000-memory.dmp
memory/6280-5100-0x000001F0EB830000-0x000001F0EB88A000-memory.dmp
memory/6280-5101-0x000001F0D30B0000-0x000001F0D30D8000-memory.dmp
memory/6280-5102-0x000001F0D1370000-0x000001F0D13CC000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
| MD5 | 2afb72ff4eb694325bc55e2b0b2d5592 |
| SHA1 | ba1d4f70eaa44ce0e1856b9b43487279286f76c9 |
| SHA256 | 41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e |
| SHA512 | 5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e |
memory/6280-5112-0x000001F0D30E0000-0x000001F0D3112000-memory.dmp
memory/6280-5113-0x000001F0EC8B0000-0x000001F0ECEC8000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
| MD5 | 705ace5df076489bde34bd8f44c09901 |
| SHA1 | b867f35786f09405c324b6bf692e479ffecdfa9c |
| SHA256 | f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950 |
| SHA512 | 1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7 |
memory/6280-5141-0x000001F0ECED0000-0x000001F0ED12E000-memory.dmp
memory/1620-5164-0x000001503D950000-0x000001503D980000-memory.dmp
memory/1620-5165-0x000001503D9E0000-0x000001503DA40000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
memory/7552-5291-0x0000014544D40000-0x0000014544D68000-memory.dmp
memory/7552-5292-0x000001455F3B0000-0x000001455F544000-memory.dmp
memory/1620-5295-0x000001503D980000-0x000001503D9A6000-memory.dmp
memory/1620-5300-0x000001503D9B0000-0x000001503D9D8000-memory.dmp
memory/7552-5299-0x0000014544D40000-0x0000014544D68000-memory.dmp
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
| MD5 | 1068bade1997666697dc1bd5b3481755 |
| SHA1 | 4e530b9b09d01240d6800714640f45f8ec87a343 |
| SHA256 | 3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51 |
| SHA512 | 35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329 |
memory/1620-5313-0x000001503DA80000-0x000001503DAB8000-memory.dmp
memory/1620-5315-0x000001503DBA0000-0x000001503DC26000-memory.dmp
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
| MD5 | 6895e7ce1a11e92604b53b2f6503564e |
| SHA1 | 6a69c00679d2afdaf56fe50d50d6036ccb1e570f |
| SHA256 | 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177 |
| SHA512 | 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2 |
C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog
| MD5 | 789f18acca221d7c91dcb6b0fb1f145f |
| SHA1 | 204cc55cd64b6b630746f0d71218ecd8d6ff84ce |
| SHA256 | a5ff0b9a9832b3f5957c9290f83552174b201aeb636964e061273f3a2d502b63 |
| SHA512 | eae74f326f7d71a228cae02e4455557ad5ca81e1e28a186bbc4797075d5c79bcb91b5e605ad1d82f3d27e16d0cf172835112ffced2dc84d15281c0185fa4fa62 |
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState
| MD5 | 362ce475f5d1e84641bad999c16727a0 |
| SHA1 | 6b613c73acb58d259c6379bd820cca6f785cc812 |
| SHA256 | 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899 |
| SHA512 | 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b |
memory/1620-5314-0x000001503DAD0000-0x000001503DB02000-memory.dmp
memory/1620-5334-0x000001503DB10000-0x000001503DB36000-memory.dmp
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | b001f88504c8c9973e9a3b4dc03e6d1a |
| SHA1 | a54b3046a70a4f2c792ad6a382b637b599f1dc48 |
| SHA256 | 8ee4cbed114a588e934b5043f95c9c06f40468c2300fa0d1d938d16c1d46a8fd |
| SHA512 | 390e53be657fc35fb2e9f41b76b3b07c161a860d72445a4b1425ca973a6d8c0f32f6de6844719c6e9813e8d949ab65263642dea01c800a00285bd45595bed4d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | e34b8708fa781f61ef1d92d5ee915620 |
| SHA1 | 644421d6bd5ba7b0793ca7a12df6c573ecff3bae |
| SHA256 | 5061b72f33c015bd13d3ed8d98af1c234db61865a801b41a9ca6ca5f851b1896 |
| SHA512 | f1c16bc2d8394d92db5e6ae67b51935572773aba0204a745e1e9ae4965d6ce0081b1e0516b154f8ea8f3b5db824e6bf64951d0609c58cf887d2883de9efa94ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 745b3a4872ab510b8255f55c73df232e |
| SHA1 | f086d4a4d0109a58aeb4ab437f1c00e156a213fe |
| SHA256 | 5601952c7480bb1a8ca8113116d48651bbc0d0aa5c47492354d9d825248a3b40 |
| SHA512 | 0679e45330c14ff06a072651c828e8c5eb7f860ec73e11769308a7fecf1c58dad4459d255753d63736d5222b4087d5278270555218a2bba625ee1bb6239154a2 |
memory/1620-5377-0x000001503E120000-0x000001503E14E000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | efabdd294d340726b19359da3e294ce6 |
| SHA1 | 1be544c7d6b9da03277dad3a7bb3df4629c269c8 |
| SHA256 | 6f0730a0ee7a6eb1738ef30ce39b3a0646c07d2828ba4b8891a55b43af34654e |
| SHA512 | 819d6fba9c1c623b69de0d2cfbbf70e13872a31ead8d8b71e99feaae759a275f9442973b637d740290d9035c40d3002b05ae0828dc3b391930dfdb0e94d8cdc1 |
memory/7604-5392-0x0000019B02770000-0x0000019B0279E000-memory.dmp
memory/7604-5391-0x0000019B1B590000-0x0000019B1B880000-memory.dmp
memory/1620-5393-0x000001503E1B0000-0x000001503E20E000-memory.dmp
memory/1620-5395-0x000001503E5E0000-0x000001503E949000-memory.dmp
memory/1620-5406-0x000001503E150000-0x000001503E19F000-memory.dmp
memory/7604-5431-0x0000019B1AFB0000-0x0000019B1AFE8000-memory.dmp
memory/1620-5432-0x000001503EBE0000-0x000001503EE66000-memory.dmp
memory/1620-5435-0x000001503E2C0000-0x000001503E326000-memory.dmp
memory/1620-5438-0x000001503E330000-0x000001503E36A000-memory.dmp
memory/1620-5439-0x000001503E250000-0x000001503E276000-memory.dmp
memory/1620-5441-0x000001503E950000-0x000001503E978000-memory.dmp
memory/4004-5442-0x0000000072BD0000-0x0000000073380000-memory.dmp
memory/1620-5498-0x000001503E9C0000-0x000001503E9F4000-memory.dmp
memory/1620-5502-0x000001503EA00000-0x000001503EA2A000-memory.dmp
memory/1620-5503-0x000001503EAA0000-0x000001503EB06000-memory.dmp
memory/1620-5506-0x0000015040680000-0x0000015040C24000-memory.dmp
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
memory/7604-5553-0x0000019B1B3E0000-0x0000019B1B43E000-memory.dmp
memory/7604-5558-0x0000019B1B4C0000-0x0000019B1B4D6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3ab64aac802f6fc31f01a8bb2bbc7de6 |
| SHA1 | fc586292f8e809a3fcec18809e17dff43fea5c40 |
| SHA256 | 2d671c377d7896a8854ce183a5ab32881077b7d2a7fbb464c177a3dbe78d375b |
| SHA512 | 3ed8b94f02eb4a726233db34f9714093b993a69344aafc43ff49f45c1b6ba26ac5e4b51d527e2eac5e0f4c4abe8d13963b602d7d677fb302d7e2a847e22cf84c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d8ce6e80eeb918b59204abf73f19418b |
| SHA1 | 0f5954cbd5ff26a64e6ef38417f6f578609e919a |
| SHA256 | f4899501b1709c8d040e04cbe064ef8494f478b4ad2cf59f5f62a185d5756ff5 |
| SHA512 | d7e4805ef8f86c38b2dd88ea7ec26a140926001a46eae75272c48b8301261c3c4b18486501c97a40a77b1b8dca885cf3688ea8261b7f238d1a9cdc229dc981b6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp
| MD5 | d13bddae18c3ee69e044ccf845e92116 |
| SHA1 | 31129f1e8074a4259f38641d4f74f02ca980ec60 |
| SHA256 | 1fac07374505f68520aa60852e3a3a656449fceacb7476df7414c73f394ad9e0 |
| SHA512 | 70b2b752c2a61dcf52f0aadcd0ab0fdf4d06dc140aee6520a8c9d428379deb9fdcc101140c37029d2bac65a6cfcf5ed4216db45e4a162acbc7c8c8b666cd15dd |
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp
| MD5 | 10a8f2f82452e5aaf2484d7230ec5758 |
| SHA1 | 1bf814ddace7c3915547c2085f14e361bbd91959 |
| SHA256 | 97bffb5fc024494f5b4ad1e50fdb8fad37559c05e5d177107895de0a1741b50b |
| SHA512 | 6df8953699e8f5ccff900074fd302d5eb7cad9a55d257ac1ef2cb3b60ba1c54afe74aee62dc4b06b3f6edf14617c2d236749357c5e80c5a13d4f9afcb4efa097 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp
| MD5 | afb68bc4ae0b7040878a0b0c2a5177de |
| SHA1 | ed4cac2f19b504a8fe27ad05805dd03aa552654e |
| SHA256 | 76e6f11076cc48eb453abbdbd616c1c46f280d2b4c521c906adf12bb3129067b |
| SHA512 | ebc4c1f2da977d359791859495f9e37b05491e47d39e88a001cb6f2b7b1836b1470b6904c026142c2b1b4fe835560017641d6810a7e8a5c89766e55dd26e8c43 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp
| MD5 | f371cf8dbadd17e03393aa21f3963401 |
| SHA1 | 8b7a906b5d6ab57a3bf7b32401a286e812327813 |
| SHA256 | 287e1aed9f449999e9852477960f8b67b2b77869463e1baabe63bec75142130a |
| SHA512 | d910f4d48f4f34c0d9a68a89fc846e9c776081975c8d0bb14478c7978d8be43e4e2666f957deca1ea411032d08b9b2bed19849fe284e4a2ef91806c730cc570a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a5e3a9ead66a0839a8ca883a76f763cc |
| SHA1 | 240535075415f386623539ed0748c04967c4b761 |
| SHA256 | ce838cfc0861ce646ee7b3519ca4e972ab064a901492d597ab21c049bc4ef2be |
| SHA512 | 8b0a227795aa30c07382bd98d82468d53e006c82030b3601d11a87aa501f3ce393b9d3ef2b291cfb2e2ce9e0b93a8832f889dc44623f08c9b2d7afe2195cccec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | acd9d0265653f689b6ecffb83d3380ae |
| SHA1 | 5d75ce027cc2461323f22f17ea5b7531582dbbb9 |
| SHA256 | 711fcd98492245e278ad8bfef7e566bbca0897a3cb5738db99674351be0b2cab |
| SHA512 | 9758f767256212ab29fd6acd4f0a8d7a1f5df724a72221655fb78142410f40dfef94dbffed27de3b5c3f843375f998ce2903f6460c870b4cd3a758772fcb71d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59988d.TMP
| MD5 | 8ee81387f821689bc5a10aaafe1edc7e |
| SHA1 | da4000ebb2ddb8968e4485b97ef617b7e8939831 |
| SHA256 | 14bdefc69b2bc2e8a1115ba611b7537540d6617d48074fbc878425ea70326183 |
| SHA512 | f74f2af83e6ab4c65cd4534fc4e06ea43275e69ca4df6f205a8017386084ff32fff1e60a3d1a55bbb99dd836adeb4251934ef16ff7dd0252c2b90f9a68f0754a |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\mc\Code Cache\js\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\mc\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\mc\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\mc\GPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\mc\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a86f8307952b66840af8b6c62a84bd5 |
| SHA1 | e8bfd672fa4bbecd685f49885970329ed8bcb796 |
| SHA256 | 84d127adb80aab83d56dfd1cb4118e60c916ea9673124ec71a9ba65f4e426222 |
| SHA512 | e1cde48960bdec0fdc02f1bad8ac2c2f4860ab9922f1f8b03c7c0bdb1e82c72d5f98d42ce6a4f6e8f751b8d42f1b7e2b57a87d41562a0bf43e62b79228677d7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d344de6ecc4e9a04b209b62ef8ba60a6 |
| SHA1 | 087d1b52b83ece296da47d68e60c85d035d8bc6e |
| SHA256 | c5d8879d69191e92b82a1d9f15824d9211df45eb2f11816864c51f0ca9d7bdae |
| SHA512 | 2db4f172de1dd164df3fa77880940d2bbceb5828b34f0ae03c5c53a06cce81768f89366c8b8c6339f5bc6426d9b7e01358ce28df4b5d6ae49415eaabd622de02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0b03f97a402399f7bb53267cbe772b84 |
| SHA1 | 796d858b14aa7f0cb924a9107d3cf43fe8328e31 |
| SHA256 | 7fd2c4a54322d0d314352cf7dd10e3d090d3d39794c3a71365aecd8d2cdda7ed |
| SHA512 | e98d7c91efb908cc90bb705d6ab62b0af6e1986f50194df81bf216dee51af417c94e786837a0d5eeb8400c93436a7f24f4f4c5a7b5ca94e889fa0c5ef283c943 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\index.html
| MD5 | 336fd61de62addda84cc9e5c283b7e67 |
| SHA1 | 6b5985b920c40c61fb320f70be5f89233754699c |
| SHA256 | 6476c7b35152cbbe4906e94dada4e68faf052744cb0da74589679b86d49edd15 |
| SHA512 | 2f641a563c6283ee3582c597c10be2336a18cf5e4a1e0c1a3c8b661e1ef49774145f15630b90cb5c1f9bd9439c6d64dc2bfc160763ae3d949eb0eca805bfbad6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\fonts\segoe-ui.woff
| MD5 | 9a2931180d6b1dc7b33052657eef554b |
| SHA1 | 77b8f3cb5410c779206782a310990c19af2b02ca |
| SHA256 | f424915a692bc5a458d6e7d9c99e4fe0cf5cb8883bd3516b01d4fef5da8d3663 |
| SHA512 | e839eb6fa727c6a604da142e7c823c5d8b7d8e33b3d19937da7bc1948c32893b08f0ace35c020e391ab0a9694b479b28282024c3518dac995eb87fd7aa18c631 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\fonts\segoe-ui-bold.woff
| MD5 | 52382539737f4e9913e4bf6b9966bee3 |
| SHA1 | d58d3dc5ff86fe8ff594134df53ea9b8074f6bc6 |
| SHA256 | d711a54cb4822ccf7926b1a95b7a43107fcfe8ef99a817e6906a1063657c7b28 |
| SHA512 | 55f1767cfb589eca775f2849b975d8311295951f8e457be58de34983531961ce4fada3a856daed8d7cd712bd8b5fad53ceecf438949deaafb7d5cb87114ecb4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\fonts\noto-sans-semibold.ttf
| MD5 | dfad8b708bc7b6911ed49a6f35680b10 |
| SHA1 | 44bd4f1602342642f6bbfc019cca65852d9f3ee0 |
| SHA256 | 6a27c11bf011fbe565c4d5be9ab49d8535c7cfefeb3aa44dad5d1339f68aad1b |
| SHA512 | 0ee222bb6dd7882ec802fb21193ec49e814014f0ece7303c16c2fe24f94735f8d420fba59c9cd689748e89519880b723dfcbd4bbc635d2b89261cc336498e1a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\fonts\noto-sans-regular.woff
| MD5 | 0a66f097fb9215e828bc0ada73d19e45 |
| SHA1 | f962197011fa900ec29b4bd14f624a3309854626 |
| SHA256 | 8e5f3060067847d71c398a897b8f8aecadbacadec3324b41d6eec5b3014fed89 |
| SHA512 | 060d79916429b617f950a86ef6783198ceb844f26e65b7d26fd667a37c577c5913ba4ef183d2ca0e7f46b3d6e13c128a5bf8c4ae7e0f543c53c051bf13a92fd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\fonts\noto-sans-medium.ttf
| MD5 | 09dc02dbe8133545806d275a2fec2ca7 |
| SHA1 | f85d0a08f987df19288a61f18a22519ce0551c3e |
| SHA256 | 9d0511ca54de389e3ef4e8a8accdd94e6fdf73eb144f7bba2017e55924092822 |
| SHA512 | afd4ad23eaee89cdf729c8645f3d51ead449d8f9fa943a0158270857141d40c8619e3da98163b17770c09c0409536cd60c367736938645e119e60a11ea93dd53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\fonts\noto-sans-bold.woff
| MD5 | a65fc7725f81daa832e2ac5d4820c2b1 |
| SHA1 | a5602a3cb911cdb6ed538c22f451763d884092f0 |
| SHA256 | 5adee3972bb1a6f74b582f79a5d3b4735e665c00b2e49938a4fb68755e56d9df |
| SHA512 | f8b07d9d46733c8820cf2466a14203710f10ceba789f80fb700b00ff950e5c1f30fb035939911e4d1a4e7ab92f37ce8f6fb47f5d9ab58f5eb5031804e4ad96a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\icons\icon-upgrade.png
| MD5 | 8f0dbfccb36007d663b552bb84db01d5 |
| SHA1 | 709b15810f26fe075d1037b7d90e196f4471d574 |
| SHA256 | 07b43077658e1bbc63ac5c7431fd1940f74e8231a532a055de9e2fa0ae79b0be |
| SHA512 | 064962f997821ab44b523dc6a7524b6ff21352d90fb9e13281a72ad4d09d3431173d96c71277c92cae023f91d435700169113f14171446d52e65e48b1a44f719 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\icons\icon-threat.png
| MD5 | 02e2204d82355dd71f3e9a493087ab40 |
| SHA1 | dd3e5c7ba4d4f7d4784bb040718ced43b0ec6d57 |
| SHA256 | d6c4b23336f9539c8dfb12a44282aebe1c052a8bd2a808587c08b01809a755cf |
| SHA512 | 035814b7e5ecee257c897e4ce0aee38839760eba0b745df3258e2544429e3ba0a351eed5596ac6125b2c3ab13aafb8d3b97383c2fadb56ed315d7a0b7dd92a54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\icons\icon-34.png
| MD5 | 15b14e66c46e0a83449fea81f4d0e59c |
| SHA1 | c3512dc47f25eb700e21a04f0925aa9d6996f08f |
| SHA256 | 10a9008f1b5e61a13f2fc225e9444f17a30036f76855826ff0f881de880db15e |
| SHA512 | c0296a9252e9ea8336a28a73fdeb6d90a3fbd13cb5699f9b90e8b2e3858f041509e8886d056b402c5444e9b36a5950fdb8dc93dd46c15a79d84e1e579b5cd887 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\icons\icon-128.png
| MD5 | a3c4a97b3abf5c40532df4c73b6a0aed |
| SHA1 | 487bcc26a31f4545cada98e13532510784f3d9e4 |
| SHA256 | dc9ab4985526d23074e9cf2ee176e68dd7a5cd282c147df32733da083b7ce8a6 |
| SHA512 | 71c82630413b7d9e8f2541bb036b1884c2e88ba5abee2e6abf79744951f1f2e65f7a3d82fb59c274ad7f02b3e49ee5fa2f20973410db3cc2ca92e6bb3dd42fbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\images\logo_with_name.svg
| MD5 | 7077be1629422619bbe5057dea2afcf6 |
| SHA1 | dccf730b9bd0ba9fb7c505f350aa2428457bc952 |
| SHA256 | 0d28843ed45447345a2437b02ac99a6426de73143015d70bf2eb43ccd4fc75fa |
| SHA512 | 48da879c4223098c02814106279abcd6e5cd4a4379baf4cfeffa2fa7a961c4d8791ce10bb79a6643c1fc63d9b57e969f4fa2e5a2dc47e2ac60a1970b2f67f24f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\images\logo-white.svg
| MD5 | 716872be17ae1eabffaafacfb8c0d518 |
| SHA1 | f2dd6d573d2fefe6ee189dafebc829098e6c973c |
| SHA256 | 824842f23358a42597e09fcc04efadd083e1bbfd6a75a863fabc413713013cf1 |
| SHA512 | a54c370a019f85be810337c5550392cd55c6c208b8ce71156c670cd6d5a62c6708f9c4a2d7370c76b0bff3c4dbdf2f99df3dca043084d3d1b552011f0688de40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\images\logo-blue.svg
| MD5 | 846cbae00ad12be63ce5319c6a260323 |
| SHA1 | aa840c643cc93e70f704b2d191d4686df04c11c9 |
| SHA256 | 26abe92c6ad8587e0a373ed74aba3c33f82eb2c8efefd5fba08ce66014417fa9 |
| SHA512 | 6f3688b8964a38ddd081dd9f431c413656b44de3d0cdbc14a536ce4a32a1ad5fcf7a4f3f5d75b2c986e8fa647fe75cdd32bbaef27bec39bd9c4d03b328a8eca3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\images\crown.svg
| MD5 | e2e93bf6f4365635d8d01a854caf31d5 |
| SHA1 | 33502919a2f609b8ef7c8a18f7722d3ce337360b |
| SHA256 | 7bf49e91bda1b6dd05b94288fbd86391500557f272b4f8e0ad3a69549e7a6104 |
| SHA512 | 5548d7fc0faff4ecae85888dbe938438390d478110c26db26e27f9764a3dfc3e5faf91789f84e9e76575b8f371a6cc0cd90feae6b8e3dbf317e59129b71cfeee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\images\close-white.svg
| MD5 | 1fe8bf19c860d2e13f6e9f1ebd2778cb |
| SHA1 | 3a47b23b93a3b89abaee6b57fdb597a742be1d23 |
| SHA256 | 39c46e8e2da43cc6f31ec85120a8879bee0eefdde9b20ce92d1f5e8733b6eb40 |
| SHA512 | a3b13146700e148dd855df06045b374ad0f887c3e7452daf480ce913e47d199425741553d9c56e01721739829a1f741d27bdb564882499b908d55af55f57ea71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\images\close-blue.svg
| MD5 | 8d8bf8908be87508c56d626e0a776978 |
| SHA1 | 3cad5703edacdadf1dc6fcb48fe921712b16fbf0 |
| SHA256 | 9c5c3329378a3bfba29911b873f1d94239f6ac54dffe6bab113b3d51d8dc0ae0 |
| SHA512 | fc0b25c71d69c3721c104afd9ce6af91d89a92a37bf47f97e7df96187e45ed25ac08651e564a09281906e678f7df25af11aeff44b80a3fc17bf2c25c78e1236b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\images\check.svg
| MD5 | 0b2e057ac7229a93f0c0815343c57ff9 |
| SHA1 | 4c99a278bb5dd30203fb4f33f8d3dcfc5aae5a8e |
| SHA256 | 98ce9f3ebf75b2ca71e096bd01988540667d9e9636d5512fe17d099d9eba91ea |
| SHA512 | daf1f0ac010b53f48a1769201bb48df13ef40531e55d3b0736925fdb81441af75f6d3f4e068090feaa6c8ece9f5168c8e44e1dc18c171aca6ef3596a596e067a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\images\attention-icon.svg
| MD5 | 5232d122e13560c86cf3ff0c84ecc3de |
| SHA1 | 7c0a78dd1c15e4b50943e1101f0caa8c0405f2c6 |
| SHA256 | 616cff0cab3ee3e3b69aff4423a541daba199172d2eb2b0f5e7d83e1d6e13f99 |
| SHA512 | 619222dcc939be36477504882d3a6689a58f9ede708c135fc621d1b8c9d3d9bb4bf6abbecfe7c13bbbbcd7ae2f0f150baa3ac5cd5358db0c057453042484d7a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\assets\images\arrow.svg
| MD5 | 8a4011cef8b4f6e1fe6dfd28c497ad69 |
| SHA1 | 395ce130677ff0b579f1f3c7f8b45b8489490094 |
| SHA256 | 31313b5ae51fffa0684dcd10537b9534413f105cfcfc3a8a39890bad5f3aa3f4 |
| SHA512 | e25314ee23995bc6d8cec92bd969b9b7e956d46e8bcf8d3ac209445c6f551d311468382f145f8017f6ab26d7cb8c9b6a0c4b3b41c5e7c3f03384116bf720ed85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\_metadata\generated_indexed_rulesets\_ruleset1
| MD5 | d7a63ccfe52eeb58faa0f0aa441ab878 |
| SHA1 | 050ad45533af7c85a5369c48e0ce49634ed62d65 |
| SHA256 | 3a68db4a7ef75fa420da4db273d62feadf29e863800b584f97460cc6584d1f56 |
| SHA512 | 583c464b95d9abe2ca9504f44bc3030c0698913470cf7a3890f1f9ae79b2477989b27b4f16cc9e61a991ca1af8b507eb9d4b812d766d6f1f0d2200a32d41c80e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\_metadata\verified_contents.json
| MD5 | 1b01ffc2bafd0a464913805b97e1dd6a |
| SHA1 | f64210c6b06215c5d288f26b3195c557951db428 |
| SHA256 | f14934357881f8c7340890752a4fdc0e5440c7ddeb29660ac642c9a972e5f551 |
| SHA512 | 0d26c87a86371b26bdee126c4ea37fa437538391f88cd263c058e3aa64edaca91efaab01bf93f5c81d4d8df92e73469fffccf403dfb4d49267653e851fc6da20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\rules.json
| MD5 | 5736d36e31b7bc0d59788d30260281ea |
| SHA1 | c2810c0335d1760d2ab337db349c362596df06be |
| SHA256 | 79ecc25acaf4d184958e339a9e48a1f0d187f82a676843dc6a40ff907e1853f3 |
| SHA512 | 046686a280f60d50791ff8bd13989ba4bf058f402bc3d45c3688bc60e8ea91e6e44ec3ae8bf66f1e47b66b336ea8b0f70f20ff1279f6dfb377d662d633296c7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\manifest.json
| MD5 | 36c7c3d8f8d37e17ee06d7a4ce3099d0 |
| SHA1 | ea7a3d54e78ddbb80a05888412b2f079a75e5b7f |
| SHA256 | 1b594fb15c701e51f960bbb9efdfa72198cb3b6c3aa122ad759524e2c82a2142 |
| SHA512 | 990a66fa225c7f63804a5c0ca9d4d1af87bff0c1ddf55cce2557d14ebfb17f8639dca12f544fc2c5b218723622fb1be6f7779d5ce8755a562957e5361d6fc9c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\index.bundle.js
| MD5 | 21a57bcfd8166f1a78e93ff075073dad |
| SHA1 | b222925084dcb825c56a1f4d061ce60d73b5e697 |
| SHA256 | 5fb95e4a8b1ee5fdf974bf4fa3e0890b3d973b98598ced1fd5f4cbfa27e7babb |
| SHA512 | 5de66932e9868b16eba364c24052131fa8bad2e097c72bc51f8493b91e8380df4b4717ff97536fb3789a6cffedf198c8b5bfba395572ceadf32fa1eeb130417a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\contentScript.bundle.js
| MD5 | b5420e42524ff930ce283a078768460e |
| SHA1 | 505dbcb230b71985e0b75e1e323ebffe3b15f295 |
| SHA256 | a5d2108a9097c9f3fa821b3b90d79c5e4824f74ca21a18c5ff7271b05fda83c5 |
| SHA512 | 3e8df8ad43c6dc59fa551719057f631d197402d7009b09be898454f28e56378c8539994a22c6141ea527f37549554dfe74e3169eb989d21e9ceb0637d22f61a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5176_631951730\CRX_INSTALL\background.bundle.js
| MD5 | a0f181524d2f89830b233309e578191b |
| SHA1 | 5112f2f12100b01f242b0690a3aaf5f7e729cd9f |
| SHA256 | 727de56a3efb2b77feda4ac895cd5ab0e7f24b28ebec029b0b3460ffd5912eaa |
| SHA512 | f4324039feb00e2109372a40927d69aa2f739d2dc8383f929689c510fc1a14bff653fe179810daa5d2a4c5518c846020ce8fdfdba403e400535a49f6976b8c59 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\mc\Network\df761713-b877-4c91-b4aa-4c3053df20a1.tmp
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 05367c0d722d695aef00cad2f796bfb9 |
| SHA1 | fcab7fa4e49bbfd4239127aad3da3e169e8db035 |
| SHA256 | 89d72f46bbcbe8e55ccc41ea75ac7444f5bcb89dadb822b832482c648d2404d3 |
| SHA512 | 1442d1c5f2847268caf5ea0f901c800d75bdb24856c75a2abf63a86a0389ae400bd3f9eb129773681b53c97ac433bb2d422a5662ae062c6c992bd37a1925e159 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ccc22d35ca56cab2448fde7d1984d7f |
| SHA1 | c1290c7eda89a270983752e1e0b984f8a7bbf22b |
| SHA256 | fc25db4cffc83aac54c7682a07a76e4ff393c1bebf3462eed1fe8f67d4891bfb |
| SHA512 | 7aa0ec653044c7d5bd6d6684460d55c6375f6599f2b1e9f1a7db483000f4a23d8d98d159d63111876c8325b3e311c76bcd42b092e626daf583d85a4e76dab03b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b7569248fc13bfbf72a6528ee29eedfa |
| SHA1 | 80c868e128f84a0889b3ee68dd456869c4e6127e |
| SHA256 | bab3f6c057e8673e8f2bbd62df751535e24518e57fb3d33189a6de63d29b4461 |
| SHA512 | e6c89671a076445a3dd9cda8f28c86e5905b2e75b809d98e085c1d44ffa24632ed053b97c7bc60cb1e6e0d0a46fe82e50fdad22c86bcb868ee75f1633c6b1a2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 9d3e86c71b29da4271d2713d4f3d81f5 |
| SHA1 | b218106b5c21e2a0882088fc19dbc81390e34e68 |
| SHA256 | a0879795838997c3eac62325dcb1fab6ebf5bc7af26b49b1f06039df49130fdc |
| SHA512 | 3314d8328d9575d18ee12762b9cf7f62b7e9ea23494874a37eb18820a4b4ce8ebb3984af52a999ec93b9a8ef2328222dbe327fab4fdd80ec9030ef1aa3ba8941 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4ee0da9187b19b2b597f5d26b6dcd0a6 |
| SHA1 | b0a3b9b348676f391fe10a949620d68e10702a0f |
| SHA256 | a5aa2f005315518a4bd5141f67f3bf5611dd86dd5516f01667920e13da1e1f46 |
| SHA512 | e6b5c94fcbda95ccfd4491aeb616df54ed9bc899025490431d73f5e5ee37993a3cfaff96f6cb23ae362bc4821fb67e5d1687b826b7794eeb91dae7d6e6914798 |
C:\ProgramData\ReasonLabs\EPP\com.reasonlabs.extension-chrome-manifest.json
| MD5 | f32eca6e96017ca82fdc13d3c1b5b0f4 |
| SHA1 | f3e1dca2b60a376a600c0b505c7dc64347ee74bd |
| SHA256 | 9f79e3b2668037ba1145f8c908b689c3d3b153a7e261aae4dbf9d359d39a788a |
| SHA512 | 6c0d3108408a410560e1aa492efdeffaec5402ec1e4c2f8dc0d0ce1a6fecac3492a17b4dd0ed3ae04988854e648cc8103c95df0eef89f3234db15b587961b68c |
C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat
| MD5 | 6c954a0c7d0d28beea1cac4c65632253 |
| SHA1 | 008957f6d1f4a65f21713eb84203825f1b82b789 |
| SHA256 | 68cbb1d6ee0dc57072e6d5c29a6f30ef2d2373a8fb6a5f17a1e860886267aad7 |
| SHA512 | 527dda878c68878e9570431d824c2a7bcb3bb56087576488e7a881012b6f5b1d5818779e5c5087aea4e262e57932c5bd9afec198fc7ce9a077a66c659c17cdf3 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat
| MD5 | f1ebaaed07561200badff25c9eea5010 |
| SHA1 | ed1a95703b6dc80668307e1efe3b93bf00dc55c6 |
| SHA256 | 70ca8aef3c32361a376e9687f2876cc166dbc5c429b70a1d01801c5a51e0ba78 |
| SHA512 | f8b71d8658ac74a6b1830f1cb74a07636b26055585d178df35a4b76926bafd16d2cbfc3ce96da3f8fd6bfd93daa053d867b9023c0ffebe9955e980ff5d224318 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat
| MD5 | 8de77a5ac1a0cb41f096b46ce93f86aa |
| SHA1 | 0f247215053bbe9799c18b5e2429d3e1f3f17c36 |
| SHA256 | b8a4ec881932f0387aee3b5fdb50bcef6c28c1952e99e06ca6136cb8bc978a72 |
| SHA512 | 644bc1ce3ac4431dbc1efb67de09ed370d0dba488181ca334077f422c9493b8f1dd5006bb6dcbd02d4712998f6777b15d41e62ca429d2e4ffc3b24376b106fc1 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat
| MD5 | 973a460ffffaa07b9591ce64f3301328 |
| SHA1 | e3427ccb5682afdbe67fa22a77886b2204031af6 |
| SHA256 | a2048698e2d32f61bf51b0b5c83d9bedb4013e2eccda047c6c249e0a82e70150 |
| SHA512 | 2ebb052fb0d18e06f422cd1e5e1d526aea77fb0f95bb2c9724210dc4ba6c79f6f156b2b5e5cc7e4934c072a83b20eed838de4324de3771915e5e0e690672a5cd |
C:\ProgramData\ReasonLabs\EPP\com.reasonlabs.extension-edge-manifest.json
| MD5 | 2ada9d57547296a2c4a7fd816f34d0f2 |
| SHA1 | 99d5a06a53d25c7d39b7e8d6649238e4fd5304d6 |
| SHA256 | 1abc30713226d0b63c3a9cd3e83e77b7f764855510aff5d2b5d86483942646ed |
| SHA512 | bd62c35003910884f4ca328e9acc7fa236479853bbedc99f2f191910436c88a47be4050c3ea35d1b42c14ed25ca1c0bc13b420b7ed7669ea67d10954367cf726 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAV Endpoint Protection.lnk
| MD5 | 8cba4d39c727308f2e0a2541a0f93e4f |
| SHA1 | 257a8a8dfc8f058d4802f8f8d7b84d74400e8793 |
| SHA256 | 10d5638214fbe3f3a7e3f69c4fd3ce63b5b8c2ed4da2697ec873725aea933058 |
| SHA512 | 01163552825cd019e29b8d7690c8ae66471987f86ea07e2855c0687735ac0909197f0fd71cef696564ab19159c9353d9a1388b7e6b8cc0c0fb56c5233a98b5d8 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\TransportSecurity
| MD5 | 594a6fb39946577987f3fd74140ddb37 |
| SHA1 | 16ebd39d58c2814f76bc7c928cd5af48120e4c26 |
| SHA256 | e4215f7bec6279ae905ff37afb19a9ef9a2b8e45f533acf209b8c2f940147278 |
| SHA512 | 2dfd6d834d3d50aa7ad90535722dfad43f65476361ce6929449c09dbde048a42a136565efec9518fad602115b37dc3dd4058c6b9f2871ed3f6dd01c265074bbe |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\mc\Network\Network Persistent State
| MD5 | 391c7f990a644e35d51e39752a718352 |
| SHA1 | 929e7a304b7e23e1f575ba53907520a1ef225ae0 |
| SHA256 | ca97db7c7698cdc84cfc451957c1fc4bfa13be296fb3dbb54a32aa4a1edc0e80 |
| SHA512 | 9cc0226d6021bc25a4ad4fa06320bd45f6776df5bc6c083c138fe68d970aed9e57e04a80854f40b9d50dc76903e49a6652e97c56ff030aa1238914ee44827d36 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Network\Network Persistent State
| MD5 | 7d7268f54f9a03b7586787cf360f723a |
| SHA1 | 16ee8037a4fba67cb636e8d8563549c7e067529e |
| SHA256 | 41153bf232a789da3ddbfc900691f469e3f967169840ee878f722312bdcefa8a |
| SHA512 | d630d305de1ef767348627fc05d3404d749be941866f5f89be1e70182e6968e5f1434497752c66f28ec542e8a3fcb10e2ab5790c066bb007d6d0ef2e6c875796 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State
| MD5 | 403703d070e5c3f4cce92673938f8a71 |
| SHA1 | 222c6c9994940970556cb818a08055f33b86ad73 |
| SHA256 | 285092376d294fbec94827287966534dcc36a3f565f74647bea3b598a4bad138 |
| SHA512 | 378f10069af8c9369e5bc1eeb1dae8ae9deee903f94d6e8206e4102375baab5933825f7a42d5627ac37972894831f06ce002dba7dd5b363aa55584ed7cdccb93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a081e3c0-1288-4cf0-8d04-72dd1e639367.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0c06e962a17ea9781ac079a042f72b95 |
| SHA1 | 36cd8ca236566e98078c39001f5ceacc67bd0f40 |
| SHA256 | 002bf011d831a52cd886997432a22ffee873a6931c5e342bb66d79169fce1548 |
| SHA512 | 5f9f0e58dde849615402af78150e754ad1f0641685ba8ac8f3cef473882f20ae5101e3d8a584fbd4ca91c4caa91d9a856fbedb9a912b358218c0292fe44df0f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21e3ba6af2967cf7672c6e36ea4e6cfc |
| SHA1 | c2aca52bbf70f64d715e35d693627dd608d0ed91 |
| SHA256 | 6a02683c3a166ab003163aca4aa10a9c164831ad6f1a39f92bca2bf1cbeb62b2 |
| SHA512 | 79da841e58f5c21f53ec069f03c117b4f107d4aedee23f290a32926f8346eb8c5f2e891c74f66634858b37b516c8e86f01eaf01fd5cabb2398b50899a8b9d1c8 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 6cc4fea8aaff02b26d220d9512f34f11 |
| SHA1 | ba64f0ba0f851a4124bc22d41ff4376653fe7a52 |
| SHA256 | 46d86f774b7adcb32f399fec15ee46965be2cdd484cd809f15607e8c8a5ec670 |
| SHA512 | b8d2d6b766eb0dfb4b3d612d9691c7a65c098f94a12cc72d7cec46646294ed553b639acac2b9d81bf0a841b7312d6bd0c86da46b56e9fb0cec18fc9a0f5dd62c |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 46ff025bb45ccb0afce266900e5e6fe2 |
| SHA1 | 1fd8e096f48864816ea377cdab5460ab17e76e8d |
| SHA256 | 9e502d731ca5ef6143da6b6acb618cce6a5472171bb0529549b54019c22073e9 |
| SHA512 | d5e8a7ffff834d69eff0064178dddd805694b8cabf0cab5941ada1af19fa7b0c437b66dd90f7aad0eda81ed2b2501555e2d062ae72e42532534802b2cf0166af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cee7ba69b97abe2f3080a2b2580dc32d |
| SHA1 | 095cf57486eef9df2687b0d067f84452761000a2 |
| SHA256 | c1e564e9f0c86904fe5f7b3133f474229d0258444f3464b80bdd00a5e4c273b5 |
| SHA512 | 1e47a454f8130d8b673bda93feae8a0d59fddfe50e3a32b20cdb0021948c5587e741e44e542e86867cf35c4a8e427875af6204207871969c552d8812b4c104c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 817243d32c4ca67148e6f921c535fefd |
| SHA1 | 4a12d4f94f1de858dadc7ecc301eb011c2b3f83e |
| SHA256 | 997bc27bcbdeb1a2f079669a3b14e48e91323e13c4217405e17e6195b13f4da3 |
| SHA512 | 75d9c4ea99e576a148e861af9a45c3ee95c10e4dd977a2e28871e2bfff69f0ca6448ae59ae8709b5d0380f1a19b4e799d0c37df89083d4d693e029722e9cd9e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aea207d3ceadabb28bca4a5b3b678bd6 |
| SHA1 | 5d41913c3515e32bd9c98c048931903c52cf878d |
| SHA256 | 68100e22031dd73f162b190a6963bdb0c600e80880976977375b0af2d6d46b00 |
| SHA512 | db16fc65e86187d0c50bf42cbeebb90547a6c92d1eb688fe5a9b7bfe86bd73e5d80197ffcc55bcacbbfd71486c271b46395d529ff766c1a24f0b691c9b30c9dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e24caf7a9cbc54d543e77f58d6cee80e |
| SHA1 | c4591ad72d27f8176558f9573f4b148555f51d34 |
| SHA256 | 026c01211ef83009785f78bdfcca4260d0f95361f39a423b9167bf55fa1abd3e |
| SHA512 | e7631d5dd86d146d97a75bf4c7604d31a9b462ea6b04bebbfeaad1905dc7d58a3b3bd68ffd0460ddec19b7daea2753c5843d9fded0d2291682ae9a6d0200a238 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 32ae91c1ea7a8139e0d7752fb518b10f |
| SHA1 | fc57cb51e9250b6dae1bb22312679bbb90bf485a |
| SHA256 | 47f03dc37fe01a5eca9da86ab129f85c730fdbbcfc83d8188ce9205b01efe015 |
| SHA512 | 51e0c839bc531409be28f65e3f0919dc236f65ec738f4f321146c6dd8c5f28d411ec2316bbe8f9ce93e36dc4c0f34f289157bba55980ad5ffaef2c11915f8bb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fbea71ce69ada542e00b9fe7669cf303 |
| SHA1 | 62eea53774927097779fa79d7e15a1a4abcf1da7 |
| SHA256 | 05e3f435f2ebaa9efed20496917ae34ddd73b0651667baba8f0c7a713e810e4f |
| SHA512 | 0b28596fe0934e473f4951a5bf9a0d12377684a6fb9b4e51f9f00fc8f87347a81397223b17601f33f03a53155dd31ac0f13b3d493d4ae7504e625db9ea733cee |