Analysis Overview
Threat Level: Known bad
The file https://steamsunlocked.org/geometry-dash/ was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer, LummaC
Cobaltstrike
Contains code to disable Windows Defender
Cobalt Strike reflective loader
Drops file in Drivers directory
Possible privilege escalation attempt
Creates new service(s)
Downloads MZ/PE file
Manipulates Digital Signatures
Checks BIOS information in registry
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Reads user/profile data of web browsers
Modifies file permissions
Executes dropped EXE
Checks computer location settings
Checks installed software on the system
Enumerates connected drives
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Modifies powershell logging option
Suspicious use of SetThreadContext
AutoIT Executable
Drops file in System32 directory
Checks system information in the registry
Drops file in Program Files directory
Drops file in Windows directory
Launches sc.exe
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Modifies system certificate store
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Suspicious behavior: LoadsDriver
Modifies data under HKEY_USERS
Modifies Internet Explorer settings
Runs net.exe
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-10 01:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-10 01:27
Reported
2024-08-10 01:57
Platform
win10v2004-20240802-en
Max time kernel
1800s
Max time network
1785s
Command Line
Signatures
Cobalt Strike reflective loader
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Cobaltstrike
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Lumma Stealer, LummaC
Creates new service(s)
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\rsCamFilter020502.sys | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsKernelEngine.sys | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverCleanupPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustFinalPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.3\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\FuncName = "WVTAsn1SpcStatementTypeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.2\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2012\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation | C:\Program Files\McAfee\WebAdvisor\UIHost.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\rundll32.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Modifies powershell logging option
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_72BCADB7EE100ECA692C6EC1A866B75B | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_E3A0B2E345AA9F5A174687564C886046 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\439F613B3D55693954E1B080DE3085B4_C4927E03400A4F6EDB9D613E6354F864 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0E663C78920A8217B4CBE3D45E3E6236_A0860A3E34061BC810010D272A66BEF4 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1D627669EFC8CD4F21BCF387D97F9B5_61D1EDDE6329614DE52DDB7C8BCE0380 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\48B35517638A85CA46010B026C2B955A_0E2607AD9B9E618A16D313BC98EDE832 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D39788B13702052FB3F54D33DA23D999 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFEAE42B75BFF187FD82F1175ED61E4E_FBD4B93BAA2ADCDDAD1BF4FBA8787C37 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_FD0723D657636FF4074BCCACA38E92A5 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFEAE42B75BFF187FD82F1175ED61E4E_FBD4B93BAA2ADCDDAD1BF4FBA8787C37 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_C4753E70B0D639C80CB575487E8A02AC | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3D0AC26322348780E90E022EA217C58C | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FA | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFEAE42B75BFF187FD82F1175ED61E4E_081E0B09A14B1AFCE072B9E6A8B95754 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_72BCADB7EE100ECA692C6EC1A866B75B | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_C4753E70B0D639C80CB575487E8A02AC | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\439F613B3D55693954E1B080DE3085B4_C4927E03400A4F6EDB9D613E6354F864 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0E663C78920A8217B4CBE3D45E3E6236_A0860A3E34061BC810010D272A66BEF4 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_0A36A03C09DCEEA388C024E3D20B14B7 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0FD7C8CB35A5508C225BD37696B3744C | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5F26A2159BA21EA573A1C5E3DE2CF211_E3375A509D9058F6A8FFB74D3B4E6F77 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A3D5BF1283C2E63D8C8A8C72F0051F5A | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1D627669EFC8CD4F21BCF387D97F9B5_61D1EDDE6329614DE52DDB7C8BCE0380 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_0A36A03C09DCEEA388C024E3D20B14B7 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5F26A2159BA21EA573A1C5E3DE2CF211_E3375A509D9058F6A8FFB74D3B4E6F77 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_9040490E275779DE86373A998E4711FB | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_78D45C4E3E3526FF7881218652651E16 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D39788B13702052FB3F54D33DA23D999 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0972B7C417F696E06E186AEB26286F01_30B4D916E12169D9CB0BC7A11DE46EA6 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3D0AC26322348780E90E022EA217C58C | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0FD7C8CB35A5508C225BD37696B3744C | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_E3A0B2E345AA9F5A174687564C886046 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\206932163209AD483A44477E28192474 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_C4502B2ED7ABD16FF1FA41F55DB2B363 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_022B2B3B07D70EA5A73F2579070A87A5 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_686A447EF0220EBC1D36EF897F31F606 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0972B7C417F696E06E186AEB26286F01_30B4D916E12169D9CB0BC7A11DE46EA6 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_9040490E275779DE86373A998E4711FB | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 10844 set thread context of 6324 | N/A | C:\Users\Admin\AppData\Local\Temp\motw.exe | C:\Windows\SysWOW64\more.com |
| PID 9720 set thread context of 4988 | N/A | C:\Users\Admin\AppData\Local\Temp\motw.exe | C:\Windows\SysWOW64\more.com |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-it-IT.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\eventsupplied.luc | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Primitives.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor.json | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-risk.png | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-CA.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\facebook.png | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Threading.Overlapped.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\x64\rsYara-x64.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp420790338\jslang\wa-res-shared-fr-CA.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-zh-TW.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Net.NetworkInformation.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.Primitives.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-hu-HU.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pt-PT.pak | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\config_manager.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Text.Encoding.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SUPInstall.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstPDMAsyncCompletion.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\resource.dll | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ko-KR.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\te.pak | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sk-SK.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\platforms\qoffscreen.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\vccorlib140.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon.png | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\el.pak | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sr.pak | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.Writer.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Security.SecureString.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-sysinfo-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp420790338\jslang\wa-res-shared-fr-FR.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-tr-TR.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-en-US.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\settingmanager.dll | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File opened for modification | C:\Program Files\McAfee\Webadvisor\Analytics\aviary_client.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\transport_ga.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.FastSerialization.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Runtime.InteropServices.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-toasts.html | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-de-DE.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-FR.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ko.pak | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\arm64\lz4_arm64.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-mwb-checklist.html | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\samrecoverable.luc | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpstrial.luc | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-el-GR.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\simplewmiquery.luc | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp420790338\jslang\wa-res-shared-sr-Latn-CS.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-tr-TR.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.html | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.ComponentModel.Primitives.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-zh-TW.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fi-FI.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\mr.pak | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hu-HU.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File opened for modification | C:\Program Files\McAfee\Webadvisor\Analytics\rest_transport.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File opened for modification | C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sk-SK.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-TW.js | C:\Program Files\McAfee\Temp420790338\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Xml.XmlSerializer.dll | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\motw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\motw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\more.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dism.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\more.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\Control | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\LogConf | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \Registry\Machine\Hardware\Description\System\CentralProcessor | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CF37-453B-9289-3B0F521CAF27}\ = "IStateChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8690-11E9-B83D-5719E53CF1DE} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\NumMethods\ = "30" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-800A-40F8-87A6-170D02249A55}\NumMethods\ = "21" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7006-40D4-B339-472EE3801844}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6}\ = "IAppliance" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CC7B-431B-98B2-951FDA8EAB89}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\ = "IFormValue" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-b4a4-44ce-85a8-127ac5eb59dc} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7997-4595-A731-3A509DB604E5} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}\NumMethods\ = "18" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-659C-488B-835C-4ECA7AE71C6C}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AEDF-461C-BE2C-99E91BDAD8A1}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-04D0-4DB6-8D66-DC2F033120E1}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08a7-4c8f-910d-47aabd67253a} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\NumMethods\ = "13" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44A0-A470-BA20-27890B96DBA9}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\VersionIndependentProgID\ = "VirtualBox.VirtualBox" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\ = "IExtPackManager" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ = "IVBoxSVCRegistration" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F} | C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F} | C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\NumMethods\ = "31" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-800A-40F8-87A6-170D02249A55} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\ = "VirtualBox Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9641-4397-854A-040439D0114B}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\ = "IDHCPIndividualConfig" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\NumMethods\ = "17" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CurVer | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1A29-4A19-92CF-02285773F3B5}\NumMethods\ = "13" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\VERSION\ = "2.1" | C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-a161-41f1-b583-4892f4a9d5d5} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\ = "IExtPackBase" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 1900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d9820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f1030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 5c0000000100000004000000000800001900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d98040000000100000010000000ebf59d290d61f9421f7cc2ba6de3150920000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 040000000100000010000000ebf59d290d61f9421f7cc2ba6de315090f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e81900000001000000100000004fca18b530ab2d3765b8830436884be620000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 0f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\fltmc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\motw.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\motw.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamsunlocked.org/geometry-dash/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4820,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4064,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5392,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5548,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5560,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6020,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6200,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6116,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6956,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6868,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=7156,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=7212,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6960,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=7028,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=6588,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=7388,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7840,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --field-trial-handle=7112,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6772,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=7012,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8176 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a4 0x418
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=8416,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=8404,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=8772,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=9044,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9016 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap15583:134:7zEvent29951
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7828,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=6800,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --field-trial-handle=5928,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=8920,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --field-trial-handle=8460,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --field-trial-handle=8604,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --field-trial-handle=9224,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --field-trial-handle=5664,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --field-trial-handle=9460,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --field-trial-handle=9480,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --field-trial-handle=9512,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --field-trial-handle=8784,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --field-trial-handle=8852,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --field-trial-handle=9408,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --field-trial-handle=5916,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --field-trial-handle=5712,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --field-trial-handle=7848,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --field-trial-handle=5724,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --field-trial-handle=5640,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --field-trial-handle=8548,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --field-trial-handle=10000,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --field-trial-handle=10068,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --field-trial-handle=10300,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --field-trial-handle=10448,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --field-trial-handle=10664,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --field-trial-handle=10900,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --field-trial-handle=10660,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --field-trial-handle=11172,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --field-trial-handle=11296,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --field-trial-handle=11160,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --field-trial-handle=10124,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --field-trial-handle=10128,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --field-trial-handle=10672,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --field-trial-handle=11096,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --field-trial-handle=11712,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --field-trial-handle=9564,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --field-trial-handle=9288,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --field-trial-handle=11308,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --field-trial-handle=10272,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --field-trial-handle=10976,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --field-trial-handle=10988,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --field-trial-handle=10720,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --field-trial-handle=10652,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --field-trial-handle=10052,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --field-trial-handle=11728,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --field-trial-handle=11952,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --field-trial-handle=12020,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --field-trial-handle=12112,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --field-trial-handle=5748,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=11548,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=11548,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --field-trial-handle=10960,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --field-trial-handle=9924,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --field-trial-handle=11348,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --field-trial-handle=11220,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --field-trial-handle=9788,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --field-trial-handle=9492,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --field-trial-handle=5692,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --field-trial-handle=9544,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --field-trial-handle=5652,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --field-trial-handle=9636,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --field-trial-handle=10328,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --field-trial-handle=10776,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --field-trial-handle=10288,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --field-trial-handle=11476,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --field-trial-handle=11748,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --field-trial-handle=11936,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --field-trial-handle=11288,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --field-trial-handle=8368,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=12908,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --field-trial-handle=12872,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --field-trial-handle=12612,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --field-trial-handle=8612,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --field-trial-handle=12548,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --field-trial-handle=13300,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --field-trial-handle=13520,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=13760,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=13760,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13732 /prefetch:8
C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --field-trial-handle=12740,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=13792,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=12752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --field-trial-handle=13400,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=13504,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=119 --field-trial-handle=12856,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=12708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=120 --field-trial-handle=12712,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=14040,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=122 --field-trial-handle=12696,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=123 --field-trial-handle=14076,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=124 --field-trial-handle=14072,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10340 /prefetch:1
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=0589f1d54215f45872e7673c79088a61078a4756&dit=20240810013132391&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
F:\LDPlayer\LDPlayer9\LDPlayer.exe
"F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="F:\LDPlayer\LDPlayer9\"
C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe
"C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe" /silent
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe
.\UnifiedStub-installer.exe /silent
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Program Files\McAfee\Temp420790338\installer.exe
"C:\Program Files\McAfee\Temp420790338\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
F:\LDPlayer\LDPlayer9\dnrepairer.exe
"F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=459512
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe {E825BD28-D9B6-4747-98EE-BA8D66822299}
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=125 --field-trial-handle=7096,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=126 --field-trial-handle=12900,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10196 /prefetch:1
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\elam\evntdrv.xml
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"
F:\LDPlayer\LDPlayer9\driverconfig.exe
"F:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x23c,0x240,0x244,0x238,0x2b0,0x7ff850dfd198,0x7ff850dfd1a4,0x7ff850dfd1b0
\??\c:\program files\reasonlabs\epp\rsHelper.exe
"c:\program files\reasonlabs\epp\rsHelper.exe"
\??\c:\program files\reasonlabs\EPP\ui\EPP.exe
"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2756,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=2752 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1852,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=2844 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2168,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=2960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4364,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=4704,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=4736,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4772 /prefetch:8
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1668 --field-trial-handle=1672,i,8694624105957429801,7709914417783673692,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2096 --field-trial-handle=1672,i,8694624105957429801,7709914417783673692,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1672,i,8694624105957429801,7709914417783673692,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5112,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5100,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5156,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:1
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\program files\reasonlabs\epp\rsLitmus.A.exe
"C:\program files\reasonlabs\epp\rsLitmus.A.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5596,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:1
F:\LDPlayer\LDPlayer9\dnplayer.exe
"F:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.robtopx.geometryjump|package=com.robtopx.geometryjump
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5880,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --field-trial-handle=6172,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6180,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=564,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6368,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:8
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6344,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3372 --field-trial-handle=1672,i,8694624105957429801,7709914417783673692,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6780,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6804 /prefetch:8
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6780,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6804 /prefetch:8
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6928,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=7124,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6488,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7180,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5432,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7264,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5812,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7444,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7336,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7600,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --field-trial-handle=7360,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --field-trial-handle=8060,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8092,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=1220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=7304,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5244,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6964,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7324,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=8656,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7224,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7540,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --field-trial-handle=8084,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=7216,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:8
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2916 --field-trial-handle=1672,i,8694624105957429801,7709914417783673692,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8896,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8904,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8952,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8468,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4792,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=8856,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7188,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8392,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=5104,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8940,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=4296,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=7756,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7516,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=8960,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=4972,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:1
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_SetapFiles1_enX64+instructions.zip\Read me before you start.txt
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\" -ad -an -ai#7zMap17105:122:7zEvent27093
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4768,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4768,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --field-trial-handle=7284,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4756 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\" -an -ai#7zMap28873:152:7zEvent25919
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=2632,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7804,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4220 /prefetch:1
C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe
"C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\motw.exe
"C:\Users\Admin\AppData\Local\Temp\motw.exe"
C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe
C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe
"C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\motw.exe
"C:\Users\Admin\AppData\Local\Temp\motw.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\" -ad -an -ai#7zMap26211:152:7zEvent31114
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a4 0x418
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=8668,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=5448,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=7144,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=4752,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=4832,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=7428,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=8832,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=9088,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=4196,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=7728,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4032,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=4908,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4948,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=3788,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=9072,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=4824,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=8204,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=8736,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=9028,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=9120,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=8500,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=9256,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=9564,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=3748,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=8956,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=9764,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=9444,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=6080,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=4236,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8244 /prefetch:1
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=9300,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=9116,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=5008,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=9952,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=9864,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=9040,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8872 /prefetch:8
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | steamsunlocked.org | udp |
| US | 8.8.8.8:53 | steamsunlocked.org | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | steamsunlocked.org | udp |
| US | 104.21.75.164:443 | steamsunlocked.org | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.46.73.244:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 92.123.140.42:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.75.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.73.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| GB | 92.123.142.130:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | steamsunlocked.org | udp |
| US | 8.8.8.8:53 | steamsunlocked.org | udp |
| US | 8.8.8.8:53 | 42.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | steamsunlocked.org | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.site | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.site | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.site | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.site | udp |
| NL | 37.48.90.246:443 | wq24-1.g-site.site | tcp |
| NL | 37.48.90.246:443 | wq24-1.g-site.site | tcp |
| US | 8.8.8.8:53 | 246.90.48.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.store | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.store | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.store | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.site | udp |
| NL | 37.48.90.246:443 | wq24-1.g-site.site | tcp |
| NL | 37.48.90.246:443 | wq24-1.g-site.site | tcp |
| US | 8.8.8.8:53 | safesystemfile3.site | udp |
| US | 8.8.8.8:53 | safesystemfile3.site | udp |
| US | 8.8.8.8:53 | safesystemfile3.site | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.store | udp |
| US | 8.8.8.8:53 | safesystemfile3.site | udp |
| US | 8.8.8.8:53 | safesystemfile3.site | udp |
| US | 8.8.8.8:53 | safesystemfile3.site | udp |
| NL | 37.48.90.246:443 | safesystemfile3.site | tcp |
| NL | 37.48.90.246:443 | safesystemfile3.site | tcp |
| US | 8.8.8.8:53 | download-rarfree.com | udp |
| US | 8.8.8.8:53 | download-rarfree.com | udp |
| US | 8.8.8.8:53 | download-rarfree.com | udp |
| US | 104.21.62.229:443 | download-rarfree.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | mtmoweb.website | udp |
| US | 8.8.8.8:53 | mtmoweb.website | udp |
| NL | 212.162.153.43:443 | mtmoweb.website | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 229.62.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.site | udp |
| NL | 37.48.90.246:443 | safesystemfile3.site | tcp |
| US | 8.8.8.8:53 | 43.153.162.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.site | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.store | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.site | udp |
| NL | 37.48.90.246:443 | wq24-1.g-site.site | tcp |
| US | 8.8.8.8:53 | safesystemfile3.site | udp |
| US | 8.8.8.8:53 | wq24-1.g-site.store | udp |
| NL | 37.48.90.246:443 | wq24-1.g-site.store | tcp |
| US | 8.8.8.8:53 | download-rarfree.com | udp |
| US | 8.8.8.8:53 | nleditor.osi.office.net | udp |
| US | 8.8.8.8:53 | nleditor.osi.office.net | udp |
| GB | 52.109.32.46:443 | nleditor.osi.office.net | tcp |
| US | 8.8.8.8:53 | 46.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 37.124.203.66.in-addr.arpa | udp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 11.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | postnav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | postnav-edge.smartscreen.microsoft.com | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| GB | 51.11.108.188:443 | postnav-edge.smartscreen.microsoft.com | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | xpaycdn.azureedge.net | udp |
| US | 8.8.8.8:53 | xpaycdn.azureedge.net | udp |
| US | 13.107.246.64:443 | xpaycdn.azureedge.net | tcp |
| US | 13.107.246.64:443 | xpaycdn.azureedge.net | tcp |
| US | 13.107.246.64:443 | xpaycdn.azureedge.net | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 13.107.246.64:443 | xpaycdn.azureedge.net | tcp |
| US | 8.8.8.8:53 | gfs214n104.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n104.userstorage.mega.co.nz | udp |
| ES | 185.206.27.14:443 | gfs214n104.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.14:443 | gfs214n104.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.14:443 | gfs214n104.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.14:443 | gfs214n104.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.14:443 | gfs214n104.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 14.27.206.185.in-addr.arpa | udp |
| ES | 185.206.27.14:443 | gfs214n104.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| GB | 92.123.142.161:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 161.142.123.92.in-addr.arpa | udp |
| US | 104.21.75.164:443 | steamsunlocked.org | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| GB | 92.123.142.161:443 | www.bing.com | tcp |
| GB | 92.123.142.161:443 | www.bing.com | tcp |
| GB | 92.123.142.161:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 92.123.142.130:443 | r.bing.com | tcp |
| GB | 92.123.142.130:443 | r.bing.com | tcp |
| GB | 92.123.142.112:443 | th.bing.com | tcp |
| GB | 92.123.142.112:443 | th.bing.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 204.79.197.200:443 | bing.com | tcp |
| GB | 92.123.142.130:443 | r.bing.com | udp |
| GB | 92.123.142.112:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.74:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 41.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.64.8.51.in-addr.arpa | udp |
| GB | 92.123.142.112:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.appcracy.com | udp |
| US | 8.8.8.8:53 | www.appcracy.com | udp |
| US | 8.8.8.8:53 | www.appcracy.com | udp |
| US | 172.66.42.235:443 | www.appcracy.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 235.42.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| NL | 142.251.39.97:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| NL | 172.217.168.195:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.appcracy.com | udp |
| US | 8.8.8.8:53 | 2b911d3e30aa659b73fe3791d7078b23.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 2b911d3e30aa659b73fe3791d7078b23.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.appcracy.com | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| NL | 142.250.179.193:443 | 2b911d3e30aa659b73fe3791d7078b23.safeframe.googlesyndication.com | tcp |
| NL | 142.250.179.193:443 | 2b911d3e30aa659b73fe3791d7078b23.safeframe.googlesyndication.com | tcp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 193.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.appcracy.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.appcracy.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 129.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 151.101.193.91:443 | geometry-dash.en.softonic.com | tcp |
| US | 151.101.193.91:443 | geometry-dash.en.softonic.com | tcp |
| US | 151.101.193.91:443 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | 91.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| GB | 13.224.222.58:443 | sdk.privacy-center.org | tcp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | udp |
| US | 151.101.129.91:443 | images.sftcdn.net | udp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| GB | 13.224.222.58:443 | sdk.privacy-center.org | tcp |
| GB | 13.224.222.58:443 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| GB | 18.172.148.233:443 | www.datadoghq-browser-agent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | 91.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.209.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | di-images.sftcdn.net | udp |
| US | 8.8.8.8:53 | di-images.sftcdn.net | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| NL | 142.250.179.187:443 | storage.googleapis.com | tcp |
| GB | 52.84.90.40:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | cdn.btmessage.com | udp |
| US | 8.8.8.8:53 | cdn.btmessage.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.6.141:443 | cdn.btmessage.com | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 199.232.209.91:443 | softonic.com | udp |
| US | 104.26.6.141:443 | cdn.btmessage.com | tcp |
| US | 8.8.8.8:53 | api.btmessage.com | udp |
| US | 8.8.8.8:53 | api.btmessage.com | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.148.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | 576de34f021acda79e9b89fffcbfdd62.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 576de34f021acda79e9b89fffcbfdd62.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 576de34f021acda79e9b89fffcbfdd62.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | wct.softonic.com | udp |
| US | 8.8.8.8:53 | wct.softonic.com | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| NL | 142.250.179.193:443 | bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com | tcp |
| NL | 142.250.179.193:443 | bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 104.26.3.63:443 | wct.softonic.com | tcp |
| IE | 54.154.253.231:443 | ap.lijit.com | tcp |
| GB | 108.138.233.123:443 | api.privacy-center.org | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| IE | 54.171.44.102:443 | ad.360yield.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| IE | 54.77.158.234:443 | id.crwdcntrl.net | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| GB | 18.245.143.118:443 | tags.crwdcntrl.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| GB | 108.138.233.123:443 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| US | 104.26.3.63:443 | wct.softonic.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | udp |
| NL | 142.250.179.174:443 | ampcid.google.com | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| NL | 142.250.179.193:443 | bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 576de34f021acda79e9b89fffcbfdd62.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| NL | 185.235.87.89:443 | ag.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| FR | 185.235.86.165:443 | gem.gbc.criteo.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 63.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.253.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.44.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.203.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.154.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.139.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.158.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| NL | 185.235.87.89:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.165:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 576de34f021acda79e9b89fffcbfdd62.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 151.101.129.91:443 | en.softonic.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 151.101.193.108:443 | acdn.adnxs.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| GB | 184.26.56.245:443 | ads.pubmatic.com | tcp |
| DE | 168.119.146.39:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| GB | 184.25.192.27:443 | contextual.media.net | tcp |
| GB | 184.26.56.245:443 | ads.pubmatic.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 151.101.193.108:443 | acdn.adnxs.com | tcp |
| DE | 168.119.146.39:443 | sync.richaudience.com | tcp |
| GB | 184.25.192.27:443 | contextual.media.net | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 151.101.193.91:443 | en.softonic.com | tcp |
| US | 8.8.8.8:53 | 74.122.95.52.in-addr.arpa | udp |
| DE | 168.119.146.39:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| DE | 37.252.171.53:443 | secure.adnxs.com | tcp |
| DE | 37.252.171.53:443 | secure.adnxs.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | bc-sync.com | udp |
| US | 8.8.8.8:53 | bc-sync.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| GB | 92.123.140.19:443 | player.aniview.com | tcp |
| GB | 92.123.140.19:443 | player.aniview.com | tcp |
| US | 54.205.9.1:443 | api-2-0.spot.im | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| IE | 52.215.113.33:443 | match.prod.bidr.io | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 52.202.30.230:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 52.202.30.230:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | 108.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.56.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.192.25.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.146.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.131.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.113.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.9.205.54.in-addr.arpa | udp |
| US | 52.54.28.112:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 172.111.38.54:443 | tracker.open-adsyield.com | tcp |
| IE | 54.154.36.42:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| IE | 52.48.205.230:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| NL | 89.149.192.76:443 | ssbsync.smartadserver.com | tcp |
| NL | 89.149.192.76:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 172.67.40.173:443 | spl.zeotap.com | tcp |
| FR | 178.32.210.230:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 142.250.179.162:443 | cm.g.doubleclick.net | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 142.250.179.162:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| NL | 142.250.179.162:443 | cm.g.doubleclick.net | udp |
| FR | 164.132.25.185:443 | rtb-csync.smartadserver.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| FR | 164.132.25.185:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| DE | 37.252.171.53:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| DE | 3.71.91.116:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| GB | 23.214.129.249:443 | secure-assets.rubiconproject.com | tcp |
| GB | 23.214.129.249:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 172.240.45.78:443 | sync.aniview.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.30.202.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.28.54.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.38.111.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.205.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.40.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.210.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.25.132.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| GB | 184.25.193.73:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 116.91.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.129.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.193.25.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| GB | 163.181.57.237:443 | leap.ldplayer.gg | tcp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| GB | 163.181.57.237:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 142.250.179.142:443 | syndicatedsearch.goog | tcp |
| ES | 157.240.5.10:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 142.250.179.142:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | 326e72a70eba6ddd52af7bda682c3faa.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 326e72a70eba6ddd52af7bda682c3faa.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 326e72a70eba6ddd52af7bda682c3faa.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| NL | 142.250.179.142:443 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | 237.57.181.163.in-addr.arpa | udp |
| NL | 142.250.179.193:443 | 326e72a70eba6ddd52af7bda682c3faa.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| GB | 18.245.143.108:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| NL | 172.217.168.194:443 | partner.googleadservices.com | udp |
| GB | 18.245.143.108:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| DE | 35.158.227.25:443 | tcp | |
| DE | 35.158.227.25:443 | tcp | |
| NL | 185.235.87.89:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.165:443 | gem.gbc.criteo.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| ES | 157.240.5.10:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 326e72a70eba6ddd52af7bda682c3faa.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | 108.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 25.227.158.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | prs.sftcdn.net | udp |
| US | 8.8.8.8:53 | prs.sftcdn.net | udp |
| US | 8.8.8.8:53 | articles-img.sftcdn.net | udp |
| US | 8.8.8.8:53 | articles-img.sftcdn.net | udp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| NL | 142.251.36.54:443 | play-lh.googleusercontent.com | tcp |
| NL | 142.251.36.54:443 | play-lh.googleusercontent.com | tcp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | tcp |
| NL | 142.251.36.54:443 | play-lh.googleusercontent.com | udp |
| DE | 178.63.248.56:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| DE | 23.88.8.123:443 | uidsync.net | tcp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | tcp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.248.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.8.88.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.31.18.104.in-addr.arpa | udp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| DE | 23.88.8.123:443 | uidsync.net | tcp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 326e72a70eba6ddd52af7bda682c3faa.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| NL | 142.251.36.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | invite.ldplayer.net | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| US | 8.8.8.8:53 | api.ldshop.gg | udp |
| US | 8.8.8.8:53 | api.ldshop.gg | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| NL | 142.251.36.14:443 | apis.google.com | udp |
| GB | 52.84.90.3:443 | apien.ldplayer.net | tcp |
| SG | 8.219.66.74:443 | invite.ldplayer.net | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| US | 8.8.8.8:53 | api.ldshop.gg | udp |
| US | 8.8.8.8:53 | api.ldshop.gg | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| NL | 172.217.168.226:443 | www.googletagservices.com | tcp |
| SG | 8.222.160.10:443 | api.ldshop.gg | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 52.84.90.3:443 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| GB | 216.137.44.59:443 | tagan.adlightning.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| GB | 52.84.90.106:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 74.66.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.4.236.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.160.222.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 18.245.143.100:443 | tags.crwdcntrl.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| GB | 184.25.192.27:443 | contextual.media.net | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| GB | 184.25.192.27:443 | contextual.media.net | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| GB | 92.123.140.19:443 | player.aniview.com | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 52.215.113.33:443 | match.prod.bidr.io | tcp |
| US | 52.54.28.112:443 | sync.srv.stackadapt.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | 106.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| DE | 3.71.91.116:443 | match.sharethrough.com | tcp |
| GB | 108.156.39.69:443 | s.ad.smaato.net | tcp |
| DK | 37.157.3.26:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 26.3.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.39.156.108.in-addr.arpa | udp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | client.wns.windows.com | udp |
| GB | 20.90.156.32:443 | client.wns.windows.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.156.90.20.in-addr.arpa | udp |
| NL | 185.235.87.105:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.149:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.149:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.105:443 | ag.gbc.criteo.com | tcp |
| GB | 184.28.176.56:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 56.176.28.184.in-addr.arpa | udp |
| NL | 185.235.87.105:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.149:443 | gem.gbc.criteo.com | tcp |
| US | 199.232.209.91:443 | softonic.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 172.217.2.35:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | rr1---sn-4g5e6nzl.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1---sn-4g5e6nzl.googlevideo.com | udp |
| US | 172.217.2.35:443 | csi.gstatic.com | tcp |
| US | 172.217.2.35:443 | csi.gstatic.com | tcp |
| US | 172.217.2.35:443 | csi.gstatic.com | tcp |
| US | 172.217.2.35:443 | csi.gstatic.com | tcp |
| US | 172.217.2.35:443 | csi.gstatic.com | tcp |
| DE | 74.125.11.102:443 | rr1---sn-4g5e6nzl.googlevideo.com | udp |
| US | 8.8.8.8:53 | 102.11.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.2.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 151.101.193.91:443 | en.softonic.com | udp |
| GB | 13.224.222.58:443 | sdk.privacy-center.org | udp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| NL | 185.89.210.122:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | b-code.liadm.com | udp |
| US | 8.8.8.8:53 | b-code.liadm.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| GB | 18.165.227.55:443 | b-code.liadm.com | tcp |
| US | 8.8.8.8:53 | 68ffc8be5e93938198beddffd438956c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 172.217.2.35:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| NL | 142.250.179.193:443 | 68ffc8be5e93938198beddffd438956c.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 55.227.165.18.in-addr.arpa | udp |
| NL | 142.250.179.193:443 | 68ffc8be5e93938198beddffd438956c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 68ffc8be5e93938198beddffd438956c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | cd.connatix.com | udp |
| US | 8.8.8.8:53 | cd.connatix.com | udp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 104.18.6.198:443 | cd.connatix.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cds.connatix.com | udp |
| US | 8.8.8.8:53 | cds.connatix.com | udp |
| US | 8.8.8.8:53 | 198.6.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| GB | 184.25.192.27:443 | contextual.media.net | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| GB | 184.26.56.245:443 | ads.pubmatic.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| GB | 184.25.192.27:443 | contextual.media.net | udp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | ins.connatix.com | udp |
| US | 8.8.8.8:53 | ins.connatix.com | udp |
| US | 8.8.8.8:53 | vid.connatix.com | udp |
| US | 8.8.8.8:53 | vid.connatix.com | udp |
| US | 8.8.8.8:53 | lit.connatix.com | udp |
| US | 8.8.8.8:53 | lit.connatix.com | udp |
| US | 8.8.8.8:53 | ins.connatix.com | udp |
| US | 8.8.8.8:53 | ins.connatix.com | udp |
| US | 8.8.8.8:53 | vid.connatix.com | udp |
| US | 8.8.8.8:53 | vid.connatix.com | udp |
| US | 8.8.8.8:53 | lit.connatix.com | udp |
| US | 8.8.8.8:53 | lit.connatix.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| DE | 37.252.171.53:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| GB | 92.123.140.19:443 | player.aniview.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| DE | 37.252.171.53:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | img.connatix.com | udp |
| US | 8.8.8.8:53 | img.connatix.com | udp |
| NL | 172.217.23.202:443 | imasdk.googleapis.com | tcp |
| NL | 89.149.192.76:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| NL | 89.149.192.76:443 | ssbsync.smartadserver.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| IE | 52.215.113.33:443 | match.prod.bidr.io | tcp |
| US | 52.54.28.112:443 | sync.srv.stackadapt.com | tcp |
| NL | 185.89.211.116:443 | secure.adnxs.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| FR | 178.32.210.230:443 | ssbsync.smartadserver.com | tcp |
| FR | 164.132.25.185:443 | rtb-csync.smartadserver.com | tcp |
| DE | 3.71.91.116:443 | match.sharethrough.com | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| FR | 164.132.25.185:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| NL | 172.217.23.202:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| NL | 142.251.39.102:443 | s0.2mdn.net | tcp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.182.54.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| NL | 216.58.208.98:443 | pubads.g.doubleclick.net | tcp |
| NL | 216.58.208.98:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 98.208.58.216.in-addr.arpa | udp |
| NL | 185.235.87.85:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.155:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.155:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.85:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | bid.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bid.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bid.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bid.g.doubleclick.net | udp |
| NL | 142.250.102.156:443 | bid.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 156.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| NL | 172.217.23.202:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | gcdn.2mdn.net | udp |
| US | 8.8.8.8:53 | gcdn.2mdn.net | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| IT | 142.251.143.131:443 | csi.gstatic.com | tcp |
| NL | 142.250.179.162:443 | www.googletagservices.com | tcp |
| NL | 172.217.168.238:443 | gcdn.2mdn.net | tcp |
| US | 8.8.8.8:53 | assets.connatix.com | udp |
| US | 8.8.8.8:53 | assets.connatix.com | udp |
| IT | 142.251.143.131:443 | csi.gstatic.com | tcp |
| NL | 142.250.179.162:443 | www.googletagservices.com | tcp |
| NL | 172.217.168.238:443 | gcdn.2mdn.net | tcp |
| US | 104.18.6.198:443 | assets.connatix.com | udp |
| US | 8.8.8.8:53 | r1---sn-4g5edndd.c.2mdn.net | udp |
| DE | 172.217.133.166:443 | r1---sn-4g5edndd.c.2mdn.net | udp |
| US | 8.8.8.8:53 | 238.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.143.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.133.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| NL | 172.217.23.194:443 | ade.googlesyndication.com | tcp |
| NL | 172.217.23.194:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 185.235.87.85:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.155:443 | gem.gbc.criteo.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | geometry-dash.en.softonic.com | udp |
| IT | 142.251.143.131:443 | csi.gstatic.com | udp |
| NL | 172.217.23.194:443 | ade.googlesyndication.com | udp |
| NL | 142.250.179.162:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | udp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| GB | 52.84.90.3:443 | apien.ldplayer.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| IE | 54.194.254.146:443 | bcp.crwdcntrl.net | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 63.215.202.146:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| NL | 142.251.36.54:443 | play-lh.googleusercontent.com | udp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| GB | 163.181.57.236:443 | ldcdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| GB | 163.181.57.236:443 | leap.ldplayer.gg | tcp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.254.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.57.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | rtb.adxpremium.services | udp |
| US | 8.8.8.8:53 | rtb.adxpremium.services | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| NL | 142.250.179.193:443 | bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com | tcp |
| NL | 142.250.179.193:443 | bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 147.75.80.51:443 | prebid.a-mo.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| FR | 51.178.195.208:443 | prg.smartadserver.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| US | 104.18.10.176:443 | mp.4dex.io | tcp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| DK | 37.157.4.29:443 | adx.adform.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| FR | 51.178.195.208:443 | prg.smartadserver.com | tcp |
| US | 104.18.10.176:443 | mp.4dex.io | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 18.140.106.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.80.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| GB | 23.214.129.249:443 | secure-assets.rubiconproject.com | tcp |
| GB | 23.214.129.249:443 | secure-assets.rubiconproject.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| GB | 184.25.193.73:443 | eus.rubiconproject.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.193:443 | bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| GB | 216.137.44.76:443 | tagan.adlightning.com | tcp |
| GB | 216.137.44.76:443 | tagan.adlightning.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 176.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.68.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| FR | 5.196.111.69:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 05bffea29eb2c58d37478da120efa06d.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 05bffea29eb2c58d37478da120efa06d.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 05bffea29eb2c58d37478da120efa06d.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| NL | 142.250.179.193:443 | 05bffea29eb2c58d37478da120efa06d.safeframe.googlesyndication.com | tcp |
| NL | 185.235.87.104:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 185.235.86.153:443 | gem.gbc.criteo.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| DK | 37.157.5.133:443 | cm.adform.net | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| FR | 185.235.86.153:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.104:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | node.setupad.com | udp |
| US | 8.8.8.8:53 | node.setupad.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 69.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.5.157.37.in-addr.arpa | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| US | 3.222.57.22:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 8.8.8.8:53 | 223.25.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| NL | 142.251.36.54:443 | play-lh.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | ads.us.e-planning.net | udp |
| US | 8.8.8.8:53 | ads.us.e-planning.net | udp |
| US | 8.8.8.8:53 | ads.us.e-planning.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | 2d24581203ed00fba66e6b70a008a4c8.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 2d24581203ed00fba66e6b70a008a4c8.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 2d24581203ed00fba66e6b70a008a4c8.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| NL | 142.250.179.193:443 | 2d24581203ed00fba66e6b70a008a4c8.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 1x1.a-mo.net | udp |
| US | 8.8.8.8:53 | 1x1.a-mo.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 3.124.135.75:443 | 1x1.a-mo.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 22.57.222.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| FR | 5.135.209.101:443 | ssbsync.smartadserver.com | tcp |
| FR | 5.135.209.101:443 | ssbsync.smartadserver.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | u.4dex.io | udp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| DE | 35.156.61.253:443 | match.sharethrough.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 101.209.135.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.135.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.40.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.61.156.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| GB | 13.87.96.169:443 | app-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 34.254.214.108:443 | ice.360yield.com | tcp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.214.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | adxbid.info | udp |
| US | 8.8.8.8:53 | adxbid.info | udp |
| US | 8.8.8.8:53 | adxbid.info | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | setupad-d.openx.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | ms-cookie-sync.presage.io | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| NL | 145.40.97.77:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.77:443 | sync.a-mo.net | tcp |
| US | 172.67.138.13:443 | adxbid.info | udp |
| US | 35.244.159.8:443 | setupad-d.openx.net | tcp |
| IE | 52.211.93.114:443 | match.prod.bidr.io | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 34.1.224.11:443 | csync.loopme.me | tcp |
| IE | 34.250.74.30:443 | ms-cookie-sync.presage.io | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.138.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.97.40.145.in-addr.arpa | udp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| FR | 185.235.86.179:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.99:443 | gem.gbc.criteo.com | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| FR | 185.235.86.179:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | as.ck-ie.com | udp |
| US | 8.8.8.8:53 | as.ck-ie.com | udp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| NL | 185.235.87.99:443 | gem.gbc.criteo.com | tcp |
| NL | 147.75.85.97:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| US | 8.8.8.8:53 | adxbid.info | udp |
| US | 8.8.8.8:53 | 11.224.1.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.93.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.74.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.85.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.110.2.8.in-addr.arpa | udp |
| GB | 89.187.167.39:443 | vid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | vpaid.vidoomy.com | udp |
| US | 8.8.8.8:53 | vpaid.vidoomy.com | udp |
| GB | 89.187.167.38:443 | vpaid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | a.vidoomy.com | udp |
| US | 8.8.8.8:53 | a.vidoomy.com | udp |
| US | 8.8.8.8:53 | 39.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.167.187.89.in-addr.arpa | udp |
| ES | 212.36.83.246:443 | a.vidoomy.com | tcp |
| FR | 185.235.86.153:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.104:443 | gem.gbc.criteo.com | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | user-sync.adxpremium.services | udp |
| US | 8.8.8.8:53 | user-sync.adxpremium.services | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| US | 8.8.8.8:53 | 246.83.36.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | adxbid.info | udp |
| GB | 184.26.56.245:443 | ads.pubmatic.com | tcp |
| GB | 184.26.56.245:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| IE | 52.50.103.254:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | rtb.adxpremium.services | udp |
| US | 8.8.8.8:53 | rtb.adxpremium.services | udp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| US | 8.8.8.8:53 | user-sync.adxpremium.services | udp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | 180.201.192.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.103.50.52.in-addr.arpa | udp |
| DK | 37.157.3.26:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| FR | 185.235.86.159:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.106:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.106:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.159:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | sub.got-to-be.net | udp |
| US | 8.8.8.8:53 | sub.got-to-be.net | udp |
| DE | 157.90.33.68:443 | sub.got-to-be.net | tcp |
| DE | 157.90.33.68:443 | sub.got-to-be.net | tcp |
| US | 8.8.8.8:53 | 68.33.90.157.in-addr.arpa | udp |
| GB | 184.28.176.104:443 | www.bing.com | udp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 104.176.28.184.in-addr.arpa | udp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| NL | 142.251.36.54:443 | play-lh.googleusercontent.com | udp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 234.178.182.217.in-addr.arpa | udp |
| NL | 185.235.87.105:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.188:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.188:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.105:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.106:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.159:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | d19mtdoi3rn3ox.cloudfront.net | udp |
| GB | 18.245.158.163:443 | d19mtdoi3rn3ox.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 76.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.158.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| GB | 216.137.34.195:443 | d1arl2thrafelv.cloudfront.net | tcp |
| GB | 216.137.34.195:443 | d1arl2thrafelv.cloudfront.net | tcp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 195.34.137.216.in-addr.arpa | udp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.172.153.36:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | s.richaudience.com | udp |
| US | 8.8.8.8:53 | s.richaudience.com | udp |
| DE | 157.90.0.38:443 | s.richaudience.com | tcp |
| DE | 157.90.0.38:443 | s.richaudience.com | tcp |
| US | 8.8.8.8:53 | 36.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.0.90.157.in-addr.arpa | udp |
| NL | 185.235.87.87:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.163:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.87:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.163:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.85:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.178:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.178:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.85:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.163:443 | gem.gbc.criteo.com | tcp |
| GB | 184.28.176.104:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| NL | 185.235.87.87:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 49.4.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| FR | 185.235.86.145:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.145:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.90:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.90:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.98:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.181:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.181:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.98:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.90:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.145:443 | gem.gbc.criteo.com | tcp |
| US | 104.18.7.198:443 | assets.connatix.com | udp |
| US | 104.18.7.198:443 | assets.connatix.com | tcp |
| US | 8.8.8.8:53 | 198.7.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| FR | 185.235.86.161:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.161:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.94:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.94:443 | gem.gbc.criteo.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | 170.253.116.51.in-addr.arpa | udp |
| FR | 185.235.86.169:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.93:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.93:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.169:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.94:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.161:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.144:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.144:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.107:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.107:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | gamingbeasts.com | udp |
| US | 8.8.8.8:53 | gamingbeasts.com | udp |
| US | 8.8.8.8:53 | gamingbeasts.com | udp |
| US | 172.67.68.207:443 | gamingbeasts.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 207.68.67.172.in-addr.arpa | udp |
| FR | 185.235.86.182:443 | ag.gbc.criteo.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| FR | 185.235.86.182:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.107:443 | gem.gbc.criteo.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | udp |
| US | 8.8.8.8:53 | https-gamingbeasts-com.disqus.com | udp |
| US | 8.8.8.8:53 | https-gamingbeasts-com.disqus.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | https-gamingbeasts-com.disqus.com | udp |
| US | 199.232.196.134:443 | https-gamingbeasts-com.disqus.com | tcp |
| US | 199.232.196.134:443 | https-gamingbeasts-com.disqus.com | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 151.101.0.134:443 | disqus.com | tcp |
| GB | 13.224.132.61:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | gamingbeasts.com | udp |
| US | 8.8.8.8:53 | tempest.services.disqus.com | udp |
| US | 8.8.8.8:53 | tempest.services.disqus.com | udp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 151.101.64.134:443 | disqus.com | tcp |
| US | 199.232.192.64:443 | tempest.services.disqus.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.196.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | gamingbeasts.com | udp |
| US | 151.101.64.134:443 | disqus.com | tcp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | gamingbeasts.com | udp |
| GB | 13.224.132.61:443 | c.disquscdn.com | tcp |
| GB | 13.224.132.61:443 | c.disquscdn.com | tcp |
| GB | 13.224.132.61:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | cdn.tsyndicate.com | udp |
| US | 8.8.8.8:53 | cdn.tsyndicate.com | udp |
| NL | 45.133.44.70:443 | cdn.tsyndicate.com | tcp |
| US | 151.101.64.134:443 | disqus.com | tcp |
| US | 8.8.8.8:53 | 134.64.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.44.133.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.viglink.com | udp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| GB | 18.164.68.102:443 | cdn.viglink.com | tcp |
| GB | 18.164.68.102:443 | cdn.viglink.com | tcp |
| US | 199.232.196.134:443 | referrer.disqus.com | tcp |
| US | 8.8.8.8:53 | tsyndicate.com | udp |
| US | 8.8.8.8:53 | tsyndicate.com | udp |
| US | 8.8.8.8:53 | tsyndicate.com | udp |
| NL | 185.235.87.107:443 | gem.gbc.criteo.com | tcp |
| DE | 116.202.244.171:443 | tsyndicate.com | tcp |
| US | 8.8.8.8:53 | links.services.disqus.com | udp |
| US | 199.232.196.64:443 | links.services.disqus.com | tcp |
| US | 8.8.8.8:53 | uvi-9125.agenteimmobiliare.info | udp |
| US | 8.8.8.8:53 | uvi-9125.agenteimmobiliare.info | udp |
| US | 8.8.8.8:53 | pxl.tsyndicate.com | udp |
| US | 8.8.8.8:53 | pxl.tsyndicate.com | udp |
| DE | 213.239.193.198:443 | pxl.tsyndicate.com | tcp |
| US | 172.67.180.218:443 | uvi-9125.agenteimmobiliare.info | udp |
| US | 172.67.180.218:443 | uvi-9125.agenteimmobiliare.info | udp |
| US | 8.8.8.8:53 | 102.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.244.202.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.196.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.180.67.172.in-addr.arpa | udp |
| NL | 185.235.87.107:443 | gem.gbc.criteo.com | tcp |
| US | 172.67.180.218:443 | uvi-9125.agenteimmobiliare.info | tcp |
| US | 172.67.180.218:443 | uvi-9125.agenteimmobiliare.info | tcp |
| US | 8.8.8.8:53 | s.optnx.com | udp |
| US | 8.8.8.8:53 | s.optnx.com | udp |
| US | 8.8.8.8:53 | s3t3d2y8.afcdn.net | udp |
| US | 8.8.8.8:53 | s3t3d2y8.afcdn.net | udp |
| NL | 95.211.229.246:443 | s.optnx.com | tcp |
| GB | 89.187.167.39:443 | s3t3d2y8.afcdn.net | tcp |
| FR | 185.235.86.144:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 198.193.239.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.229.211.95.in-addr.arpa | udp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| US | 8.8.8.8:53 | shield.reasonsecurity.com | udp |
| GB | 216.137.34.195:443 | d1arl2thrafelv.cloudfront.net | tcp |
| GB | 18.244.140.87:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 87.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| GB | 18.244.140.87:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 35.80.172.133:443 | analytics.apis.mcafee.com | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 133.172.80.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.136.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 92.123.143.232:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | update.reasonsecurity.com | udp |
| GB | 18.154.84.81:443 | update.reasonsecurity.com | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 205.119.202.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.84.154.18.in-addr.arpa | udp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | electron-shell.reasonsecurity.com | udp |
| GB | 108.156.46.9:443 | electron-shell.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 9.46.156.108.in-addr.arpa | udp |
| FR | 185.235.86.162:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.162:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| GB | 13.224.132.104:443 | apien.ldmnq.com | tcp |
| NL | 185.235.87.101:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.101:443 | gem.gbc.criteo.com | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| FR | 185.235.86.177:443 | ag.gbc.criteo.com | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| NL | 185.235.87.103:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.177:443 | ag.gbc.criteo.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 92.123.143.232:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | home.mcafee.com | udp |
| GB | 23.214.142.196:443 | home.mcafee.com | tcp |
| GB | 23.214.142.196:443 | home.mcafee.com | tcp |
| US | 35.80.172.133:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 196.142.214.23.in-addr.arpa | udp |
| NL | 185.235.87.103:443 | gem.gbc.criteo.com | tcp |
| US | 104.18.7.198:443 | assets.connatix.com | udp |
| NL | 185.235.87.101:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.162:443 | gem.gbc.criteo.com | tcp |
| US | 35.80.172.133:443 | analytics.apis.mcafee.com | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| GB | 52.84.90.47:443 | cdn.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 47.90.84.52.in-addr.arpa | udp |
| GB | 184.28.176.56:443 | www.bing.com | udp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.56:443 | th.bing.com | udp |
| GB | 184.28.176.104:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.138:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| FR | 185.235.86.150:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.150:443 | gem.gbc.criteo.com | tcp |
| US | 35.80.172.133:443 | analytics.apis.mcafee.com | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 234.193.25.184.in-addr.arpa | udp |
| NL | 185.235.87.109:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.109:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| FR | 185.235.86.191:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.191:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.108:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 92.123.143.232:443 | sadownload.mcafee.com | tcp |
| NL | 185.235.87.108:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.109:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.150:443 | gem.gbc.criteo.com | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| FR | 185.235.86.152:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.152:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.103:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.103:443 | gem.gbc.criteo.com | tcp |
| GB | 184.28.176.56:443 | www.bing.com | udp |
| GB | 184.28.176.104:443 | www.bing.com | udp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| FR | 185.235.86.187:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 3.86.130.103:443 | track.analytics-data.io | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| FR | 185.235.86.187:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.100:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 103.130.86.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | config.reasonsecurity.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| GB | 99.86.114.64:443 | config.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 64.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sw.symcd.com | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| DE | 152.199.19.74:80 | sw.symcd.com | tcp |
| US | 8.8.8.8:53 | sw.symcb.com | udp |
| SE | 192.229.221.95:80 | sw.symcb.com | tcp |
| US | 8.8.8.8:53 | ocsp.thawte.com | udp |
| DE | 152.199.19.74:80 | ocsp.thawte.com | tcp |
| US | 8.8.8.8:53 | crl.thawte.com | udp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| GB | 184.28.176.104:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 3.86.130.103:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | api.reasonsecurity.com | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| GB | 184.28.176.104:443 | www.bing.com | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 235.0.22.104.in-addr.arpa | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| GB | 92.123.140.42:443 | bzib.nelreports.net | tcp |
| US | 162.159.136.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| GB | 18.245.218.123:443 | ad.ldplayer.net | tcp |
| GB | 163.181.57.237:443 | en.ldplayer.net | tcp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 123.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 183.67.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | advertise.ldplayer.net | udp |
| GB | 79.133.176.235:443 | advertise.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | alliance.ldplayer.net | udp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 18.244.114.68:443 | alliance.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 235.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.114.244.18.in-addr.arpa | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| GB | 13.224.132.104:80 | apien.ldmnq.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 13.224.132.104:443 | apien.ldmnq.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 13.224.132.104:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 23.153.172.18.in-addr.arpa | udp |
| GB | 18.245.218.123:443 | ad.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 3.86.130.103:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| NL | 142.251.36.54:443 | play-lh.googleusercontent.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | client.wns.windows.com | udp |
| GB | 20.90.156.32:443 | client.wns.windows.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| GB | 18.245.218.123:443 | ad.ldplayer.net | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | mc6.reasonsecurity.com | udp |
| US | 52.34.150.127:443 | mc6.reasonsecurity.com | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 127.150.34.52.in-addr.arpa | udp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| GB | 18.245.218.123:443 | ad.ldplayer.net | tcp |
| US | 34.202.119.205:443 | track.analytics-data.io | tcp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 184.28.176.104:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.56:443 | th.bing.com | udp |
| GB | 184.28.176.56:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse4.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse4.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse3.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse3.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse3.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse3.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse3.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse3.mm.bing.net | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 172.217.168.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| NL | 172.217.168.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 216.58.214.14:443 | www.youtube.com | tcp |
| NL | 172.217.168.238:443 | www.youtube.com | udp |
| NL | 216.58.214.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.251.36.54:443 | i.ytimg.com | tcp |
| GB | 92.123.140.42:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | udp |
| NL | 172.217.168.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.250.179.134:443 | static.doubleclick.net | tcp |
| NL | 172.217.168.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | www.youtube.com | tcp |
| NL | 216.58.214.14:443 | www.youtube.com | tcp |
| NL | 216.58.214.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 216.58.214.14:443 | www.youtube.com | udp |
| NL | 172.217.168.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 234.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 206.168.217.172.in-addr.arpa | udp |
| GB | 51.11.108.188:443 | dl-edge.smartscreen.microsoft.com | tcp |
| NL | 172.217.168.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 214.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-4g5lzne6.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5---sn-4g5lzne6.googlevideo.com | udp |
| DE | 74.125.160.234:443 | rr5---sn-4g5lzne6.googlevideo.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.160.125.74.in-addr.arpa | udp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| NL | 142.250.179.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | i9.ytimg.com | udp |
| US | 8.8.8.8:53 | i9.ytimg.com | udp |
| NL | 142.250.179.142:443 | i9.ytimg.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 142.250.179.142:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.250.179.134:443 | static.doubleclick.net | tcp |
| NL | 142.250.179.142:443 | www.youtube.com | udp |
| NL | 216.58.214.14:443 | www.youtube.com | udp |
| GB | 184.28.176.104:443 | www.bing.com | udp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| N/A | 127.0.0.1:6467 | tcp | |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| N/A | 127.0.0.1:6471 | tcp | |
| N/A | 127.0.0.1:6472 | tcp | |
| US | 8.8.8.8:53 | www.tumblr.com | udp |
| US | 8.8.8.8:53 | www.tumblr.com | udp |
| US | 8.8.8.8:53 | www.tumblr.com | udp |
| US | 192.0.77.40:443 | www.tumblr.com | tcp |
| US | 192.0.77.40:443 | www.tumblr.com | tcp |
| US | 8.8.8.8:53 | 64.media.tumblr.com | udp |
| US | 8.8.8.8:53 | 64.media.tumblr.com | udp |
| US | 8.8.8.8:53 | assets.tumblr.com | udp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 192.0.77.40:443 | www.tumblr.com | tcp |
| US | 192.0.77.40:443 | www.tumblr.com | tcp |
| US | 192.0.77.40:443 | www.tumblr.com | tcp |
| US | 8.8.8.8:53 | 40.77.0.192.in-addr.arpa | udp |
| US | 192.0.77.40:443 | www.tumblr.com | udp |
| US | 192.0.77.40:443 | www.tumblr.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | cdn.parsely.com | udp |
| US | 8.8.8.8:53 | cdn.parsely.com | udp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| GB | 13.224.243.39:443 | cdn.parsely.com | tcp |
| US | 8.8.8.8:53 | p1.parsely.com | udp |
| US | 8.8.8.8:53 | p1.parsely.com | udp |
| IE | 63.34.81.234:443 | p1.parsely.com | tcp |
| US | 8.8.8.8:53 | o248881.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | o248881.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 34.120.195.249:443 | o248881.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | 3.77.0.192.in-addr.arpa | udp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | 234.81.34.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.tumblr.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| NL | 142.250.179.174:443 | translate.google.com | tcp |
| GB | 18.154.84.84:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | 84.84.154.18.in-addr.arpa | udp |
| US | 35.165.49.51:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| NL | 142.251.36.10:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.36.251.142.in-addr.arpa | udp |
| IE | 63.34.81.234:443 | p1.parsely.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| NL | 142.250.179.202:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | download2344.mediafire.com | udp |
| US | 8.8.8.8:53 | download2344.mediafire.com | udp |
| US | 199.91.155.85:443 | download2344.mediafire.com | tcp |
| US | 8.8.8.8:53 | 85.155.91.199.in-addr.arpa | udp |
| NL | 142.251.36.10:443 | translate-pa.googleapis.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 192.0.77.40:443 | www.tumblr.com | udp |
| GB | 184.28.176.56:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| US | 104.16.114.74:443 | www.mediafire.com | udp |
| GB | 184.28.176.56:443 | www.bing.com | udp |
| NL | 172.217.168.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | udp |
| GB | 184.28.176.56:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | api.reasonsecurity.com | udp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 235.1.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 172.217.168.206:443 | www.youtube.com | udp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| GB | 184.28.176.104:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | sf.symcd.com | udp |
| DE | 152.199.19.74:80 | sf.symcd.com | tcp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | ocsp.catcert.cat | udp |
| ES | 93.115.204.43:80 | ocsp.catcert.cat | tcp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 43.204.115.93.in-addr.arpa | udp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| GB | 184.28.176.56:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | appealsozvmio.shop | udp |
| US | 172.67.199.173:443 | appealsozvmio.shop | tcp |
| US | 104.21.47.141:443 | celebratioopz.shop | tcp |
| US | 8.8.8.8:53 | writerospzm.shop | udp |
| US | 172.67.166.231:443 | writerospzm.shop | tcp |
| US | 104.22.1.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 141.47.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | deallerospfosu.shop | udp |
| US | 172.67.204.20:443 | deallerospfosu.shop | tcp |
| US | 8.8.8.8:53 | bassizcellskz.shop | udp |
| US | 104.21.46.242:443 | bassizcellskz.shop | tcp |
| US | 8.8.8.8:53 | 20.204.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mennyudosirso.shop | udp |
| US | 172.67.140.31:443 | mennyudosirso.shop | tcp |
| US | 8.8.8.8:53 | 242.46.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | languagedscie.shop | udp |
| US | 104.21.35.48:443 | languagedscie.shop | tcp |
| US | 8.8.8.8:53 | complaintsipzzx.shop | udp |
| US | 172.67.158.159:443 | complaintsipzzx.shop | tcp |
| US | 8.8.8.8:53 | 31.140.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.35.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | quialitsuzoxm.shop | udp |
| US | 172.67.137.188:443 | quialitsuzoxm.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 159.158.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.137.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tenntysjuxmz.shop | udp |
| US | 172.67.141.209:443 | tenntysjuxmz.shop | tcp |
| US | 8.8.8.8:53 | 155.143.214.23.in-addr.arpa | udp |
| US | 172.67.199.173:443 | appealsozvmio.shop | tcp |
| US | 104.21.47.141:443 | celebratioopz.shop | tcp |
| US | 8.8.8.8:53 | 209.141.67.172.in-addr.arpa | udp |
| US | 172.67.166.231:443 | writerospzm.shop | tcp |
| US | 172.67.204.20:443 | deallerospfosu.shop | tcp |
| US | 104.21.46.242:443 | bassizcellskz.shop | tcp |
| US | 172.67.140.31:443 | mennyudosirso.shop | tcp |
| US | 104.21.35.48:443 | languagedscie.shop | tcp |
| US | 172.67.158.159:443 | complaintsipzzx.shop | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 172.217.168.214:443 | i.ytimg.com | udp |
| US | 172.67.137.188:443 | quialitsuzoxm.shop | tcp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 214.168.217.172.in-addr.arpa | udp |
| US | 172.67.141.209:443 | tenntysjuxmz.shop | tcp |
| NL | 142.250.179.174:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 184.28.176.56:443 | r.bing.com | udp |
| GB | 184.28.176.56:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.250.179.142:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| NL | 142.250.179.142:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| NL | 216.58.214.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.251.39.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.251.36.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.250.179.134:443 | static.doubleclick.net | udp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 118.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | rr1---sn-4g5edndd.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1---sn-4g5edndd.googlevideo.com | udp |
| DE | 172.217.133.166:443 | rr1---sn-4g5edndd.googlevideo.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.138:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.250.179.134:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| NL | 142.251.39.97:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | gamingbeasts.com | udp |
| US | 8.8.8.8:53 | gamingbeasts.com | udp |
| US | 104.26.15.250:443 | gamingbeasts.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | udp |
| US | 8.8.8.8:53 | 250.15.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | https-gamingbeasts-com.disqus.com | udp |
| US | 8.8.8.8:53 | https-gamingbeasts-com.disqus.com | udp |
| US | 199.232.192.134:443 | https-gamingbeasts-com.disqus.com | tcp |
| US | 199.232.192.134:443 | https-gamingbeasts-com.disqus.com | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 151.101.192.134:443 | disqus.com | tcp |
| GB | 13.224.132.33:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | gamingbeasts.com | udp |
| US | 8.8.8.8:53 | tempest.services.disqus.com | udp |
| US | 8.8.8.8:53 | tempest.services.disqus.com | udp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 8.8.8.8:53 | gamingbeasts.com | udp |
| US | 199.232.196.64:443 | tempest.services.disqus.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 151.101.192.134:443 | disqus.com | tcp |
| US | 151.101.192.134:443 | disqus.com | tcp |
| US | 8.8.8.8:53 | tsyndicate.com | udp |
| US | 8.8.8.8:53 | tsyndicate.com | udp |
| DE | 144.76.168.81:443 | tsyndicate.com | tcp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | 134.192.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.168.76.144.in-addr.arpa | udp |
| GB | 13.224.132.2:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | uvi-9125.agenteimmobiliare.info | udp |
| US | 8.8.8.8:53 | uvi-9125.agenteimmobiliare.info | udp |
| US | 8.8.8.8:53 | pxl.tsyndicate.com | udp |
| US | 172.67.180.218:443 | uvi-9125.agenteimmobiliare.info | udp |
| US | 172.67.180.218:443 | uvi-9125.agenteimmobiliare.info | udp |
| DE | 116.202.244.171:443 | pxl.tsyndicate.com | tcp |
| US | 8.8.8.8:53 | s.optnx.com | udp |
| NL | 95.211.229.248:443 | s.optnx.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | s3t3d2y8.afcdn.net | udp |
| US | 8.8.8.8:53 | s3t3d2y8.afcdn.net | udp |
| US | 8.8.8.8:53 | 2.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.229.211.95.in-addr.arpa | udp |
| GB | 84.17.50.9:443 | s3t3d2y8.afcdn.net | tcp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 199.232.196.134:443 | referrer.disqus.com | tcp |
| US | 8.8.8.8:53 | cdn.viglink.com | udp |
| US | 8.8.8.8:53 | cdn.viglink.com | udp |
| GB | 18.164.68.65:443 | cdn.viglink.com | tcp |
| US | 199.232.196.134:443 | referrer.disqus.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 8.8.8.8:53 | links.services.disqus.com | udp |
| US | 8.8.8.8:53 | links.services.disqus.com | udp |
| US | 199.232.192.64:443 | links.services.disqus.com | tcp |
| US | 8.8.8.8:53 | 9.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.68.164.18.in-addr.arpa | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 34.120.95.133:443 | downloads.digitaltrends.com | tcp |
| US | 34.120.95.133:443 | downloads.digitaltrends.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | htlbid.com | udp |
| US | 8.8.8.8:53 | htlbid.com | udp |
| US | 8.8.8.8:53 | sc.dgtcdn.net | udp |
| US | 8.8.8.8:53 | sc.dgtcdn.net | udp |
| GB | 18.164.68.75:443 | htlbid.com | tcp |
| US | 151.101.65.91:443 | sc.dgtcdn.net | tcp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| GB | 13.224.222.112:443 | sdk.privacy-center.org | tcp |
| US | 151.101.65.91:443 | sc.dgtcdn.net | udp |
| US | 8.8.8.8:53 | 133.95.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 34.120.95.133:443 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | screenshots.dgtcdn.net | udp |
| US | 8.8.8.8:53 | screenshots.dgtcdn.net | udp |
| US | 151.101.65.91:443 | screenshots.dgtcdn.net | udp |
| US | 8.8.8.8:53 | consent.cookiebot.com | udp |
| US | 8.8.8.8:53 | cdn-magiclinks.trackonomics.net | udp |
| US | 8.8.8.8:53 | cdn-magiclinks.trackonomics.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| GB | 13.224.222.112:443 | sdk.privacy-center.org | udp |
| GB | 173.222.211.80:443 | consent.cookiebot.com | tcp |
| GB | 18.245.218.90:443 | cdn-magiclinks.trackonomics.net | tcp |
| US | 151.101.129.91:443 | screenshots.dgtcdn.net | tcp |
| US | 151.101.129.91:443 | screenshots.dgtcdn.net | tcp |
| US | 151.101.129.91:443 | screenshots.dgtcdn.net | tcp |
| US | 151.101.129.91:443 | screenshots.dgtcdn.net | tcp |
| US | 151.101.129.91:443 | screenshots.dgtcdn.net | tcp |
| US | 151.101.129.91:443 | screenshots.dgtcdn.net | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | 80.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.218.245.18.in-addr.arpa | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | consentcdn.cookiebot.com | udp |
| US | 8.8.8.8:53 | consentcdn.cookiebot.com | udp |
| US | 8.8.8.8:53 | consentcdn.cookiebot.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| GB | 23.53.172.14:443 | consentcdn.cookiebot.com | tcp |
| US | 8.8.8.8:53 | pub.doubleverify.com | udp |
| US | 8.8.8.8:53 | pub.doubleverify.com | udp |
| US | 104.18.167.224:443 | pub.doubleverify.com | udp |
| US | 8.8.8.8:53 | static.chartbeat.com | udp |
| US | 8.8.8.8:53 | static.chartbeat.com | udp |
| US | 8.8.8.8:53 | p.gcprivacy.com | udp |
| US | 8.8.8.8:53 | p.gcprivacy.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | di-images.sftcdn.net | udp |
| US | 8.8.8.8:53 | di-images.sftcdn.net | udp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| GB | 54.192.137.81:443 | p.gcprivacy.com | tcp |
| GB | 18.244.161.205:443 | static.chartbeat.com | tcp |
| US | 104.18.21.97:443 | cdn.confiant-integrations.net | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| US | 151.101.65.91:443 | di-images.sftcdn.net | tcp |
| NL | 142.251.39.123:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 14.172.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.167.18.104.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 104.18.167.224:443 | pub.doubleverify.com | udp |
| US | 8.8.8.8:53 | ping.chartbeat.net | udp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| US | 100.25.52.82:443 | ping.chartbeat.net | tcp |
| US | 34.239.71.74:443 | p2.gcprivacy.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| GB | 18.244.138.116:443 | aax.amazon-adsystem.com | tcp |
| GB | 52.84.90.106:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| GB | 18.245.143.100:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | ams-pageview-public.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | ams-pageview-public.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 52.217.41.244:443 | ams-pageview-public.s3.amazonaws.com | tcp |
| IE | 54.77.158.234:443 | bcp.crwdcntrl.net | tcp |
| NL | 64.158.223.146:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | 97.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.137.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.161.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.52.25.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.71.239.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.41.217.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | imgsct.cookiebot.com | udp |
| US | 8.8.8.8:53 | imgsct.cookiebot.com | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| GB | 18.244.138.116:443 | aax.amazon-adsystem.com | tcp |
| GB | 23.53.172.14:443 | imgsct.cookiebot.com | tcp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| GB | 108.138.233.47:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | grid.bidswitch.net | udp |
| US | 8.8.8.8:53 | grid.bidswitch.net | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | krk2.kargo.com | udp |
| US | 8.8.8.8:53 | krk2.kargo.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 185.89.210.212:443 | ib.adnxs.com | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 35.156.68.29:443 | krk2.kargo.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| NL | 178.250.1.8:443 | grid.bidswitch.net | tcp |
| GB | 108.138.233.47:443 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | pixel.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | pixel.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| IE | 54.194.23.86:443 | pixel.adsafeprotected.com | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| NL | 142.250.179.193:443 | 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com | tcp |
| NL | 142.250.179.193:443 | 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 47.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.68.156.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.39.97:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | protected-by.clarium.io | udp |
| US | 8.8.8.8:53 | protected-by.clarium.io | udp |
| IE | 52.16.96.17:443 | protected-by.clarium.io | tcp |
| NL | 142.250.179.193:443 | 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| US | 34.149.50.64:443 | s.seedtag.com | udp |
| IE | 52.16.96.17:443 | protected-by.clarium.io | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 17.96.16.52.in-addr.arpa | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | fid.agkn.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| US | 34.160.46.1:443 | fid.agkn.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.46.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 151.101.65.91:443 | di-images.sftcdn.net | udp |
| US | 8.8.8.8:53 | cdn.jwplayer.com | udp |
| US | 8.8.8.8:53 | cdn.jwplayer.com | udp |
| GB | 18.165.242.95:443 | cdn.jwplayer.com | tcp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| GB | 18.165.242.95:443 | cdn.jwplayer.com | tcp |
| US | 8.8.8.8:53 | ssl.p.jwpcdn.com | udp |
| US | 8.8.8.8:53 | ssl.p.jwpcdn.com | udp |
| US | 8.8.8.8:53 | consentcdn.cookiebot.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 151.101.2.114:443 | ssl.p.jwpcdn.com | tcp |
| US | 151.101.2.114:443 | ssl.p.jwpcdn.com | tcp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | 95.242.165.18.in-addr.arpa | udp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | assets-jpcust.jwpsrv.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 151.101.2.114:443 | assets-jpcust.jwpsrv.com | tcp |
| US | 8.8.8.8:53 | videos-cloudfront-usp.jwpsrv.com | udp |
| US | 52.217.41.244:443 | ams-pageview-public.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| GB | 99.86.114.74:443 | videos-cloudfront-usp.jwpsrv.com | tcp |
| US | 8.8.8.8:53 | 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com | udp |
| US | 52.217.41.244:443 | ams-pageview-public.s3.amazonaws.com | tcp |
| NL | 142.250.179.193:443 | 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 74.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 34.160.46.1:443 | fid.agkn.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | prd.jwpltx.com | udp |
| US | 8.8.8.8:53 | prd.jwpltx.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 108.156.39.61:443 | prd.jwpltx.com | tcp |
| GB | 184.25.193.136:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | 136.193.25.184.in-addr.arpa | udp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | shared.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.akamai.steamstatic.com | udp |
| GB | 173.222.211.115:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 173.222.211.104:443 | shared.akamai.steamstatic.com | tcp |
| GB | 173.222.211.104:443 | shared.akamai.steamstatic.com | tcp |
| GB | 173.222.211.104:443 | shared.akamai.steamstatic.com | tcp |
| GB | 173.222.211.104:443 | shared.akamai.steamstatic.com | tcp |
| GB | 173.222.211.104:443 | shared.akamai.steamstatic.com | tcp |
| GB | 173.222.211.104:443 | shared.akamai.steamstatic.com | tcp |
| GB | 173.222.211.115:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 173.222.211.115:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 173.222.211.115:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 173.222.211.115:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 173.222.211.115:443 | cdn.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 105.211.222.173.in-addr.arpa | udp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 115.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | video.akamai.steamstatic.com | udp |
| GB | 173.222.211.130:443 | video.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 104.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| GB | 184.25.193.136:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 23.214.143.155:443 | api.steampowered.com | tcp |
| GB | 173.222.211.89:443 | clan.akamai.steamstatic.com | tcp |
| GB | 173.222.211.89:443 | clan.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 89.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consentcdn.cookiebot.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| NL | 178.250.1.8:443 | grid.bidswitch.net | tcp |
| NL | 185.89.210.212:443 | ib.adnxs.com | tcp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| NL | 142.250.179.193:443 | 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| N/A | 127.0.0.1:27060 | tcp | |
| US | 8.8.8.8:53 | 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | protected-by.clarium.io | udp |
| US | 8.8.8.8:53 | protected-by.clarium.io | udp |
| IE | 52.19.196.221:443 | protected-by.clarium.io | tcp |
| NL | 142.250.179.162:443 | www.googletagservices.com | tcp |
| NL | 142.250.179.162:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| NL | 142.251.36.6:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 221.196.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 92.123.143.232:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | consentcdn.cookiebot.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| NL | 142.250.179.162:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| NL | 185.89.210.212:443 | ib.adnxs.com | tcp |
| NL | 178.250.1.8:443 | grid.bidswitch.net | tcp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 52.217.41.244:443 | ams-pageview-public.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| NL | 142.250.179.193:443 | d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| NL | 142.250.179.193:443 | d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | consentcdn.cookiebot.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com | udp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 5de0153288ecb64a6d9d6add3e3bd773.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 5de0153288ecb64a6d9d6add3e3bd773.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 5de0153288ecb64a6d9d6add3e3bd773.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| NL | 142.250.179.193:443 | 5de0153288ecb64a6d9d6add3e3bd773.safeframe.googlesyndication.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 5de0153288ecb64a6d9d6add3e3bd773.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 5de0153288ecb64a6d9d6add3e3bd773.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | downloads.digitaltrends.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 184.25.193.136:443 | store.steampowered.com | tcp |
| N/A | 127.0.0.1:27060 | tcp | |
| N/A | 127.0.0.1:27060 | tcp | |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| GB | 184.28.176.104:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | ping.chartbeat.net | udp |
| US | 8.8.8.8:53 | ping.chartbeat.net | udp |
| US | 8.8.8.8:53 | shared.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 184.25.193.136:443 | store.steampowered.com | tcp |
| GB | 184.28.176.104:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 184.25.193.136:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | video.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | video.akamai.steamstatic.com | udp |
| GB | 173.222.211.130:443 | video.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | ping.chartbeat.net | udp |
| US | 8.8.8.8:53 | ping.chartbeat.net | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 184.25.193.136:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | update.reasonsecurity.com | udp |
| GB | 18.154.84.26:443 | update.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 26.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 51.245.100.95.in-addr.arpa | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | ping.chartbeat.net | udp |
| US | 34.238.101.65:443 | ping.chartbeat.net | tcp |
| US | 8.8.8.8:53 | 65.101.238.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 92.123.143.232:443 | sadownload.mcafee.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | d9cb0b4a66458d85470ccf9b3575c0e7 |
| SHA1 | 1572092be5489725cffbabe2f59eba094ee1d8a1 |
| SHA256 | 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05 |
| SHA512 | 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6 |
memory/6300-18-0x0000000073690000-0x00000000736A6000-memory.dmp
memory/6300-17-0x0000000006630000-0x0000000006646000-memory.dmp
memory/6300-20-0x00000000096F0000-0x0000000009C94000-memory.dmp
memory/6300-21-0x00000000093E0000-0x0000000009472000-memory.dmp
memory/6300-31-0x00000000013D0000-0x0000000001414000-memory.dmp
memory/6300-32-0x000000000A3D0000-0x000000000A46C000-memory.dmp
memory/6300-34-0x000000000A9A0000-0x000000000AECC000-memory.dmp
memory/6300-33-0x0000000003280000-0x00000000032E6000-memory.dmp
memory/6300-35-0x000000000A8A0000-0x000000000A8AA000-memory.dmp
memory/6300-36-0x000000000B0B0000-0x000000000B100000-memory.dmp
memory/6300-37-0x000000000BAD0000-0x000000000BB82000-memory.dmp
memory/6300-38-0x000000000BA70000-0x000000000BA8A000-memory.dmp
memory/6300-39-0x000000000BBD0000-0x000000000BBE2000-memory.dmp
memory/6300-40-0x000000000BC40000-0x000000000BC60000-memory.dmp
memory/6300-41-0x000000000BCA0000-0x000000000BCD2000-memory.dmp
memory/6300-42-0x000000000BD50000-0x000000000BDB6000-memory.dmp
memory/6300-43-0x000000000BCE0000-0x000000000BCFE000-memory.dmp
memory/6300-44-0x000000000BD30000-0x000000000BD4A000-memory.dmp
memory/6736-50-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp
memory/6736-49-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp
memory/6736-48-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp
memory/6736-60-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp
memory/6736-59-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp
memory/6736-58-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp
memory/6736-57-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp
memory/6736-56-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp
memory/6736-55-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp
memory/6736-54-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
| MD5 | 5ed95f2fe473989033e71bcede79444b |
| SHA1 | c66d9e432c756e6f842553c0db9adc80fa751c8d |
| SHA256 | 3a0ef7b9ecc0c0626aadde7ac1d7f9338e59d08355fc5860c83a9804bd060e6a |
| SHA512 | a6f3eb87870cc1ac6d11d081f87910b93adca0f41f3260ffadeaec14d2540be34ebfd19fbe2bbff3cbc52d1b3dfda7e182780be5a9bedb02f9f33583d1d916da |
memory/2540-64-0x000001D62FC60000-0x000001D62FC68000-memory.dmp
memory/2540-68-0x000001D64A600000-0x000001D64AB28000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
| MD5 | 143255618462a577de27286a272584e1 |
| SHA1 | efc032a6822bc57bcd0c9662a6a062be45f11acb |
| SHA256 | f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4 |
| SHA512 | c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9 |
C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe
| MD5 | 7326c0587df89e878451efb3b3a24f98 |
| SHA1 | f87c2f39db33e5ff3edaa179d3ea3a223c9a7676 |
| SHA256 | c4c0f5a6e0db5761f72172ad4ba4376bbe3a7fe4dc3c49897d30fcf6c5fe21fc |
| SHA512 | 3c217da4f04ae92f62bed53a2f0087502061dcd78b80e9f64d8f7f5c052b71d1be9391af7efb90bc0a57cebcf2011472f1feb7a6404031bd1ad8e7d751d174d4 |
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe
| MD5 | 493d5868e37861c6492f3ac509bed205 |
| SHA1 | 1050a57cf1d2a375e78cc8da517439b57a408f09 |
| SHA256 | dc5bc92e51f06e9c66e3933d98dc8f8d217bc74b71f93d900e4d42b1fb5cc64f |
| SHA512 | e7e37075a1c389e0cad24ce2c899e89c4970e52b3f465d372a7bc171587ed1ee7d4f0a6ba44ab40b18fdf0689f4e29dfdbccbabb07e0f004ef2f894cb20d995d |
memory/7948-202-0x000001CBD2360000-0x000001CBD246C000-memory.dmp
memory/7948-206-0x000001CBD2840000-0x000001CBD2870000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\rsLogger.dll
| MD5 | 1cfc3fc56fe40842094c7506b165573a |
| SHA1 | 023b3b389fdfa7a9557623b2742f0f40e4784a5c |
| SHA256 | 187da6a5ab64c9b814ab8e1775554688ad3842c3f52f5f318291b9a37d846aa2 |
| SHA512 | 6bd1ceaf12950d047a87fd2d9c1884c7ac6e45bd94f11be8df8144ddd3f71db096469d1c775cf1cb8bc7926f922e5a6676b759707053e2332aa66f86c951fbc0 |
memory/7948-204-0x000001CBD4050000-0x000001CBD4096000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\rsStubLib.dll
| MD5 | 3bcbeaab001f5d111d1db20039238753 |
| SHA1 | 4a9c0048bbbf04aa9fe3dfb9ce3b959da5d960f8 |
| SHA256 | 897131dd2f9d1e08d66ae407fe25618c8affb99b6da54378521bf4403421b01a |
| SHA512 | de6cde3ad47e6f3982e089700f6184e147a61926f33ead4e2ff5b00926cfc55eb28be6f63eea53f7d15f555fd820453dd3211f0ba766cb3e939c14bb5e0cfc4c |
memory/7948-208-0x000001CBECC20000-0x000001CBECCD2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\Newtonsoft.Json.dll
| MD5 | 4f0f111120d0d8d4431974f70a1fdfe1 |
| SHA1 | b81833ac06afc6b76fb73c0857882f5f6d2a4326 |
| SHA256 | d043e6cde1f4d8396978cee2d41658b307be0ca4698c92333814505aa0ccab9a |
| SHA512 | e123d2f9f707eb31741ef8615235e714a20c6d754a13a97d0414c46961c3676025633eb1f65881b2d6d808ec06a70459c860411d6dd300231847b01ed0ce9750 |
memory/7948-209-0x000001CBD40D0000-0x000001CBD40F2000-memory.dmp
memory/7948-211-0x000001CBD4100000-0x000001CBD412E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\rsAtom.dll
| MD5 | dc15f01282dc0c87b1525f8792eaf34e |
| SHA1 | ad4fdf68a8cffedde6e81954473dcd4293553a94 |
| SHA256 | cc036bcf74911fe5afb8e9fcc0d52b3f08b4961bcda4e50851eda4159b1c9998 |
| SHA512 | 54ee7b7a638d0defcff3a80f0c87705647b722d3d177bc11e80bfe6062a41f138ef99fc8e4c42337b61c0407469ef684b704f710b8ead92b83a14f609f0bc078 |
memory/7948-216-0x000001CBECB90000-0x000001CBECBE8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\Microsoft.Win32.TaskScheduler.dll
| MD5 | e6a31390a180646d510dbba52c5023e6 |
| SHA1 | 2ac7bac9afda5de2194ca71ee4850c81d1dabeca |
| SHA256 | cccc64ba9bbe3897c32f586b898f60ad0495b03a16ee3246478ee35e7f1063ec |
| SHA512 | 9fd39169769b70a6befc6056d34740629fcf680c9ba2b7d52090735703d9599455c033394f233178ba352199015a384989acf1a48e6a5b765b4b33c5f2971d42 |
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\uninstall-epp.exe
| MD5 | 79638251b5204aa3929b8d379fa296bb |
| SHA1 | 9348e842ba18570d919f62fe0ed595ee7df3a975 |
| SHA256 | 5bedfd5630ddcd6ab6cc6b2a4904224a3cb4f4d4ff0a59985e34eea5cd8cf79d |
| SHA512 | ab234d5815b48555ddebc772fae5fa78a64a50053bdf08cc3db21c5f7d0e3154e0726dacfc3ea793a28765aea50c7a73011f880363cbc8d39a1c62e5ed20c5a9 |
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\rsSyncSvc.exe
| MD5 | f2738d0a3df39a5590c243025d9ecbda |
| SHA1 | 2c466f5307909fcb3e62106d99824898c33c7089 |
| SHA256 | 6d61ac8384128e2cf3dcd451a33abafab4a77ed1dd3b5a313a8a3aaec2b86d21 |
| SHA512 | 4b5ed5d80d224f9af1599e78b30c943827c947c3dc7ee18d07fe29b22c4e4ecdc87066392a03023a684c4f03adc8951bb5b6fb47de02fb7db380f13e48a7d872 |
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
| MD5 | 6c847932d63660b0e0ad0b0a4b9780d2 |
| SHA1 | 17139565a23b4a6cf1891296c8d1607ec7653a94 |
| SHA256 | ed60db47b383ab1f4f50b8542d22ce992c31f450ce9d33b946a84e0ebfd3cde4 |
| SHA512 | f8bb7521fb8f24dd12ef7e59731bb5e68cac0d75ad547216d97b6069e0ad48dc9a25c7917f760841df1604fbe43335ba039c299c3e2199eb6b1f8b53c4fd6b75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 8c21a1395766ae1b50d3f390af0c0d04 |
| SHA1 | 15208bc5a61f6105441c60bbd79fdaf691c1e328 |
| SHA256 | 439d4aec77df9bf6576eb45575a3bc47e9c5747fefc07a2ed8d80b48262e8b15 |
| SHA512 | 6c6607b7866678d81d492241a353266980aae656908cd4181c7f735ae98384117b6b405ffbecf974ad69adcddbd10fb45e2e3abd80bf0a9020004b9d45c8e5fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | dcfb442aa95623a62fe713bb6c33e1c1 |
| SHA1 | 63b3c80e79a54d344af8999adc17af2d28706a89 |
| SHA256 | 348d268b4ab850b8bc555abf11fa1e6efdb1af1c6ba6f7511902cb66d3381bfe |
| SHA512 | 0a9b021ddb9eab7f5357839fdf57a0e91a7c3751903829f7fc535d7119758ea358cd49febc17d3f628840dbaf94c2513711ae5f7207a9e7527d90545dbc73df3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 94b5cb438aff2743cf8cdab9122a743c |
| SHA1 | edc9ce72cb26e03e93f89bbc70e589781d64d1ed |
| SHA256 | 12469907a47559a0db9682c139c109b52373f95152bdba1e5cb5be1d662f99a6 |
| SHA512 | da290a6115f22ce01e586661e65887aec600607b14743bd6ff4b1901b5b3deebb73a798c33a3b0db9bfd925ccdc2a5b954d370c428608bc295461708a726adc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 66390c1ae148e79f7d4c1c9851a8480e |
| SHA1 | 52b6b198850b57c7fb361b576e55adc6d0b318cb |
| SHA256 | dda79490b323e8323e70b5ba4f61ff83a80216393dc8f4d3f437ca4d14da7f34 |
| SHA512 | 183dfc782a1d5c0280fc8b87fe0a6d892f6bb586f5ca07a80168781b698c1421daabae59121a7486c2e492054c467c35b654a958f62a6e108ed6f9b9c223d656 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 602fe26295e1fdb07a4a7c84c015f501 |
| SHA1 | 51711c019a57cb4defe5ffed934a6ec6c80cf04f |
| SHA256 | c4c3818ced09be5ccabcfe8b69c7f0d8bb9c525a0ce6737f9653fd57ce75c070 |
| SHA512 | df789546db5e43ee7d35bad9a74a2dd2d939d7d4deef538401258cce7be5a8b5ee7dd74b1b71cfa1e6e023188850013cbf72500f0c25b5c65f0b05f8ece776d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | a4c4c2528f9b3fcaa78c4e9614631ad9 |
| SHA1 | 37e4bb70812ff49737d72d62f65506cb11dfa0a8 |
| SHA256 | c2357a728bb20a2ae83fdf4c4891ef64d6c426bdf6effddc5e09ce1adf6e7d50 |
| SHA512 | fbb2584f4def4918d57f69b06b9ad54f840c9bcc2f2ee82932123571196b32e5c1343696f0105f90ab6b2e57cb5fd829374dadeb8a5c6ef22a70b8b41ca35844 |
C:\Program Files\McAfee\Temp420790338\installer.exe
| MD5 | 7891a2a1d8a263db846292708a8ed1f0 |
| SHA1 | 4044ea34ca9d112133e3aa5aed14a7c0ea952d36 |
| SHA256 | 6bf9a3e9f2874cc5474dc107a90c0484cf26c9c817a2f23a7e004b4e611180c0 |
| SHA512 | 00abdd3086e0528063216fbb44b9bbd18890b7629579361b54f751e8a22e0a3ee4f05a483ac4c3188ebb2c85c45f6a5922e7f1db3beb1ca0303c0fcf122a220d |
C:\Users\Admin\AppData\Local\Temp\mwaA396.tmp
| MD5 | 662de59677aecac08c7f75f978c399da |
| SHA1 | 1f85d6be1fa846e4bc90f7a29540466cf3422d24 |
| SHA256 | 1f5a798dde9e1b02979767e35f120d0c669064b9460c267fb5f007c290e3dceb |
| SHA512 | e1186c3b3862d897d9b368da1b2964dba24a3a8c41de8bb5f86c503a0717df75a1c89651c5157252c94e2ab47ce1841183f5dde4c3a1e5f96cb471bf20b3fdd0 |
C:\Program Files\McAfee\Temp420790338\browserhost.cab
| MD5 | 41840bd10dda1409adf6d83175c0d981 |
| SHA1 | b363a2922f5d69e22641bdbc3d070de324ae2d1f |
| SHA256 | a94ff5f7d7b84a416eca7f6f42d9bd012d1051b91dc574633429bce822f51c12 |
| SHA512 | 8828623e4965c88ea631010f2ede2e1c42b26183a00e50f665c37fff930956a7b4089629e24a728210fe61389dcc109386629280c3a5457e6072fe7ccd3820c1 |
C:\Program Files\McAfee\Temp420790338\logicmodule.cab
| MD5 | a56c6d0e52f42d6546dfc17d1b539294 |
| SHA1 | 463071d9de6f6113d6d31890b50a49ca5af67354 |
| SHA256 | 6c9941e674abe2cce976f8bb49d11235b1563281cba8736aed383f9b79eaabf3 |
| SHA512 | 3f4a1211b17db79f276f9ae5ef9855f10780b2f8fce4d0308f672edd34399e6126e3f5694feb3c515d2d6afbd016830a987df28fc4390f5cfdb1d9d9b8e97e04 |
C:\Program Files\McAfee\Temp420790338\resourcedll.cab
| MD5 | 05a260ee8a80494001fa1d4c7fa5a357 |
| SHA1 | 029898a55602d45dc656d43585f05748f4a10e5e |
| SHA256 | 5e6b92af5b48255e96cdb4815204b597bcb01332da99f16a33239b30f9b9e2d9 |
| SHA512 | 13adc543ed493498e1cf6d7087cec62e8dab689a9795101cf4df905dc6c3512effbb839e366c9abc1aadfebaff645cf31611e86f215e73d1fd6cb55178fb2d35 |
C:\Program Files\McAfee\Temp420790338\uimanager.cab
| MD5 | d386a056952aa84bdc20fc2e73075102 |
| SHA1 | 7ecd4accd817e47a6b84c7e6f48eaee11fade196 |
| SHA256 | 73453d0b006e9bbf3c0d47da6740dd058d456e317e694f8c617ffa80874c7299 |
| SHA512 | 9f066df00221376ef5e790eb2c3cff8e70aea16604e5ede23294d1624b2d2746dbc46ada26dd355b15e02cafd2a11cf26267050fe5ccea1ba6a118006fe1de22 |
C:\Program Files\McAfee\Temp420790338\wssdep.cab
| MD5 | 665c741b1f80de536088d951f0bc793c |
| SHA1 | 184f5a895a746de1a1c707cfb68d40745fef3f56 |
| SHA256 | abf588228567d558edc7adb950f5ac4067746564eacfaf6364611573bcad9909 |
| SHA512 | 4929819e0d7b5ff9dc240e928c1cad96bc457d5f90c81949e6b481ab7ba3fc3e600c7a3e3b7bac435cba5626e336aeb03abe299efeb5c3c4c7fd3fc968ed3bde |
memory/1716-467-0x00007FF6233D0000-0x00007FF6233E0000-memory.dmp
memory/1716-572-0x00007FF629330000-0x00007FF629340000-memory.dmp
C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll
| MD5 | 4ea91a66a588314d28db2bd84568aab9 |
| SHA1 | ffbeed2b347f56035a0eecf5bc03934d69d2ae13 |
| SHA256 | 257a14d199f6cbfcadab22e20e0a45692f151be6d3385e2bc53b761197f8b3b2 |
| SHA512 | 76cb2a00eb94cec292d25088ff9950a186cc73ec2c79e42294657c22cc7c31d866526d8a464c06bcaa4a102f9d914ab470c96e4545e70dbb76293ba50c7914a7 |
C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll
| MD5 | 6b8f4f525f49f76d673ddb7d8763b14d |
| SHA1 | dc1110f8706baa9d3ebf25a503ec34442bcb5b1a |
| SHA256 | caa333d19234f8ff90119ae0361aff6f01c74332851aae149f7f56f7c6b5a934 |
| SHA512 | d7a195eaa57f188565de096fff7c6e24535644fdd3ff0ea9a3b0b881e40d49a28b2ee30555b723d9714642331b309547fabdd13637f0d4889fde0a01774b69f3 |
C:\Program Files\McAfee\WebAdvisor\SettingManager.dll
| MD5 | e4d4d439488cb7c7cc43583016978e5b |
| SHA1 | 858a31bda072d1d9d4b91fdb7a6fb43219283b62 |
| SHA256 | e916b4f9e84660377a28f0a737349630d332931937afc0f759a8219ed6e17541 |
| SHA512 | 545f961fd90f8c87b32a09fc5c091b17e98c36f037df2b89aa3455f6038485a7eee436225728f04b7612da53035f48e10d4be9f9dae22f0c012f98c6cd38156c |
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
| MD5 | ad677f565503dc0f594c523e21c7c786 |
| SHA1 | 4552aab5de1b677ce9c22b686daefbb1467a2724 |
| SHA256 | 417bb7d1796f87f4c281097ea2c6e3af5eefa42f951375edaab7056249500e11 |
| SHA512 | 0dbeb28011aba75b2262826ecb39cd597740aed7d0b0ba24643eedc56d593f9437355f0a953c40e0adfcc2dd16b1e770d1cebc3221c7fe438f6cfc14fca107bf |
memory/1716-571-0x00007FF629330000-0x00007FF629340000-memory.dmp
memory/1716-569-0x00007FF629330000-0x00007FF629340000-memory.dmp
memory/1716-568-0x00007FF629330000-0x00007FF629340000-memory.dmp
memory/1716-566-0x00007FF629330000-0x00007FF629340000-memory.dmp
memory/1716-564-0x00007FF629330000-0x00007FF629340000-memory.dmp
memory/1716-537-0x00007FF629330000-0x00007FF629340000-memory.dmp
memory/1716-527-0x00007FF634E50000-0x00007FF634E60000-memory.dmp
memory/1716-526-0x00007FF634E50000-0x00007FF634E60000-memory.dmp
memory/1716-525-0x00007FF634E50000-0x00007FF634E60000-memory.dmp
memory/1716-524-0x00007FF634E50000-0x00007FF634E60000-memory.dmp
memory/1716-506-0x00007FF629330000-0x00007FF629340000-memory.dmp
memory/1716-500-0x00007FF634E50000-0x00007FF634E60000-memory.dmp
memory/1716-499-0x00007FF634E50000-0x00007FF634E60000-memory.dmp
memory/1716-497-0x00007FF634E50000-0x00007FF634E60000-memory.dmp
memory/1716-496-0x00007FF634E50000-0x00007FF634E60000-memory.dmp
memory/1716-495-0x00007FF634E50000-0x00007FF634E60000-memory.dmp
memory/1716-473-0x00007FF614100000-0x00007FF614110000-memory.dmp
memory/1716-465-0x00007FF67EA60000-0x00007FF67EA70000-memory.dmp
memory/1716-489-0x00007FF61E7A0000-0x00007FF61E7B0000-memory.dmp
memory/1716-487-0x00007FF63A660000-0x00007FF63A670000-memory.dmp
memory/1716-459-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-458-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-457-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-456-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-455-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-454-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-453-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-452-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-451-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-450-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-449-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-448-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-447-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-446-0x00007FF633970000-0x00007FF633980000-memory.dmp
C:\Program Files\McAfee\Temp420790338\webadvisor.cab
| MD5 | eb9dc6e92aaeb766ea0ddd6dc1675f18 |
| SHA1 | 7ebb0b6a317cf2d3240094edf014aab8a5c71f9c |
| SHA256 | a169c580b122ad54087903134984b54b6aa2deb76faf0f1534ff621ce7a8cc2f |
| SHA512 | 9f0e3d1c30ae3e5739c821730e5ba9deda71f425ae92b7a4ab00b29999db8d49dfb5d58ef4ed7b91ab8133ddd8fa2bcc709c8d5240c03cdee7a4c6ddf4b6cfec |
C:\Program Files\McAfee\Temp420790338\wataskmanager.cab
| MD5 | ac05241d59f482ea308ee71758098453 |
| SHA1 | 2203c08527c24f9c55e46ba700be1cf0383e741a |
| SHA256 | d6b07588cc9f523f4fdb35b904a954ff594237f9330d68dbd7ea61751445464d |
| SHA512 | 4f1bda65555dbb4c4ece4c8e45c11de74267c373f92ff46811011894f72c72a3326e5ce96f90f39f4e94d9d9c89152e0ebeefb09539329d06b12e79f905b0bb3 |
memory/1716-442-0x00007FF633970000-0x00007FF633980000-memory.dmp
C:\Program Files\McAfee\Temp420790338\updater.cab
| MD5 | c4a33acb72e38f175643df1f4885fa08 |
| SHA1 | 2f43ae32571b98209f06e477e241ace819e9a7c0 |
| SHA256 | b870afb0e5fac44d1ba71dbf40f47991f20b54f8926bd620b2dd2f44975e509e |
| SHA512 | 9488964b486546413019ea070a3d21aabd79e017c23942706c863a9a75b26e3417227e32a10a0e8c61bf3094b26e7a49dd7ed8b33b217a330b9210f3e1357e36 |
memory/1716-440-0x00007FF633970000-0x00007FF633980000-memory.dmp
C:\Program Files\McAfee\Temp420790338\uninstaller.cab
| MD5 | 9b05a0c33183b3074bf15eb3e4188a08 |
| SHA1 | be04bf97d0120a4da92cc41a8044865a1221faee |
| SHA256 | 1fb7abd4977a7dc6f43113b21a4022b1097475f65cadd6d179ef0368beb28487 |
| SHA512 | 1fc8be40429ea83b3f6fcc8418237613bf2d53efb044a088255026f10b91a422d61b71d472a8b6e45fa5674b08d9036c82fa92277e9bd898cc1fad89f4bed1fd |
C:\Program Files\McAfee\Temp420790338\uihost.cab
| MD5 | d4b05b3d41b6349234b48e6c0a7ad2f8 |
| SHA1 | 8d277c3eedf5a650a1ad25fc43609519aa0b773a |
| SHA256 | 93ba29bcf9b1d61cf1b8ac456141f3c2416506060741f3ee908de59451afc312 |
| SHA512 | 028006c483c103ad2fad92f18fa3ce33b312380fb995d653b9a2d386d6a7b0cb42fbcc51cc8c1a600b7be227be3840ce5afb56c14679db09c27fe317c571df69 |
memory/1716-436-0x00007FF633970000-0x00007FF633980000-memory.dmp
C:\Program Files\McAfee\Temp420790338\telemetry.cab
| MD5 | 656d5d8d3bccf3dddb443eeb6556dbe3 |
| SHA1 | b9c77ef1b9f64f2533086b9fc2024728b3e33034 |
| SHA256 | b09b64ea667d7638b054217d617dff83b3e2b0fec92271c4228df324124f4ef8 |
| SHA512 | 6b2a29d66ec4663cdc14137a26c663a239fae440bd6a23f07d1e585fcfc4cfcbcdc8df08475edfcde012c808b67be70e30811b13bfcc0ee80b612fee3dfd38fa |
C:\Program Files\McAfee\Temp420790338\taskmanager.cab
| MD5 | 0894bdf9d21c032f464d71b1f5bd31ba |
| SHA1 | 0b60cc31217b1b24971eb39f67ba54291543fd69 |
| SHA256 | 79bd696a281c3eeaf42e5373d46e9caa7993a0ca7d07bb6d9a6e034cd7f999cf |
| SHA512 | e01a49270d2f272c0c984baf32b114a5d294ad463968fd821b82971075333937292c1026a61f135cd1eb851e2ec0d75e7766e2d61b613e40fe144ff7d2222764 |
memory/1716-433-0x00007FF633970000-0x00007FF633980000-memory.dmp
C:\Program Files\McAfee\Temp420790338\settingmanager.cab
| MD5 | abdcda6e45d446e3fac2227f1086b7f2 |
| SHA1 | 850a5bc7abf58be91a844ce0f4bd91a587978d2e |
| SHA256 | eedb70f956d92e3e2d7512f59c8f00637ba8f6dbc38ce357fcce0043a262006b |
| SHA512 | d64f13a94f874cb48c6dc6b2c9ab0308df81de1a4d647891961e17da7e5f9da6c2e24e8693307591f9a171c5789816aaaf73727398bde4773e6ee973323018d8 |
memory/1716-431-0x00007FF633970000-0x00007FF633980000-memory.dmp
C:\Program Files\McAfee\Temp420790338\servicehost.cab
| MD5 | c8a4a500b1930513d44af040a04c3931 |
| SHA1 | 0cebba3d1012035c4799e97457c4e7a6f118d836 |
| SHA256 | a2ec67d5b61acf73159bacdbeb4bc95ffb5a51010ab5bfbffa8600da03180de0 |
| SHA512 | cbe176ee7968ea8d84792f0abe78b049f455902aba5a7c87d3ffff3cd679749d417084e27c88c1dc8de36791ac0ce3b09e0ae9818555e1d0d69deccfc58ac63c |
memory/1716-428-0x00007FF633970000-0x00007FF633980000-memory.dmp
C:\Program Files\McAfee\Temp420790338\mfw.cab
| MD5 | 320a057206bdb5a7ce1a6cf9e7502557 |
| SHA1 | b851e2d941f013b74f64e50130481711460fd3a3 |
| SHA256 | 9f5c0192d1e924a9e3ef4590ec4f2483bd59da98227bb24970180b000759055f |
| SHA512 | 1393d881255bd5c7562cbc956f112d2945af6fb53a3e80744f58702211df72cc549ff02d824de3f681f38b2dac45367db3f74d12b94328e4f7942d6c2b213bac |
memory/1716-426-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-425-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-424-0x00007FF633970000-0x00007FF633980000-memory.dmp
C:\Program Files\McAfee\Temp420790338\mfw-webadvisor.cab
| MD5 | 0f79f075560c6c91116f4162c268ae54 |
| SHA1 | b03607d04958038477fd4dd5adb2a2dc0632d6ca |
| SHA256 | f89ab4291eae4b52e1adfa639f1776fb95ed411257a67b274e1f727e859bbc5b |
| SHA512 | f7966211c9e24eeb495a01d8185740a60634de0dfb19e1e5e78ab2c3184086ef256b68f3ca0eec7475302c13eaefe13aecd9d123fe5f3486661de3df51dadaa6 |
memory/1716-422-0x00007FF633970000-0x00007FF633980000-memory.dmp
C:\Program Files\McAfee\Temp420790338\mfw-nps.cab
| MD5 | b9071741dd0de141bc57f3c43a911202 |
| SHA1 | 9cef3cce37c8094a8609e39908fda7c8ade5b59b |
| SHA256 | ec74a91cfb9d3ab75b0c33fd9f92140d00d2ff0a52d5080a6aa4dcef6834bfa4 |
| SHA512 | 9e665f265f75e010ccfddb013c73e83b1d8b04eddfbc338deca8c982d5faaf4bbe2a9dc872e3d4739ec9ac29f0c74aa650effeea90d3967c8fb75d4c56032ccc |
memory/1716-420-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-419-0x00007FF633970000-0x00007FF633980000-memory.dmp
C:\Program Files\McAfee\Temp420790338\mfw-mwb.cab
| MD5 | eeba6fe0bf59eea07384faea7b8b57e7 |
| SHA1 | 8a7bc85e488c3063ad6fd644eaf66942d28be34a |
| SHA256 | d2c592dcd51c0ccf979634bb969eda7b4b3d69d5e9b225fe15b5a0a9a8a0a45e |
| SHA512 | 8daba71ee57042972f796afecf3c7020020a4951bc1b9fd4c867935c6539bfd85e78c794e27e99912aff7d0d2d0ddb37e727de1955fd044dd36dc8b8364a9837 |
memory/1716-417-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-416-0x00007FF633970000-0x00007FF633980000-memory.dmp
C:\Program Files\McAfee\Temp420790338\lookupmanager.cab
| MD5 | a447b6c857ae29a8b8f2e3bff007df6c |
| SHA1 | f3d245b7ef702290c82f8b6c35ef973bcc2acc99 |
| SHA256 | 55fb14f82bdb042f9a231dd069451112a2a792e711b96e593e264652c87e3b90 |
| SHA512 | 458838d2f2f9f5f4145db622dc44694a05caec9fb9d61fc7b600f108dfa5b0343dbbd99dd0a92ba938819cf4c5eb641c939cf9616d69f8ee049b8ae750e51d46 |
C:\Program Files\McAfee\Temp420790338\logicscripts.cab
| MD5 | c1adad2f314d114594aead6816ea02bf |
| SHA1 | be8e53c61500376514848d007115293c88ea9b6d |
| SHA256 | f27e1c439d4c9ca4296b7c463ce76ea15870dbb8210c58ab4ca5f20d01112f7f |
| SHA512 | b6b5f50b81c24d801205ae9234ba5ffccdf25fe6c557fe284c83d80c7d0eac9e4f6ce5d3b2804484626269166f418476433101ab916bbfdde6535cefb876caa0 |
C:\Program Files\McAfee\Temp420790338\l10n.cab
| MD5 | fca9378018e30742bc2c1fdac03fad41 |
| SHA1 | 46f9df6312920424d3f20914dab59874551f57ba |
| SHA256 | df2a4c968dce5c9a03ce10e2d0ffa243fd20b94e0d1f60d49a2709353efc4a02 |
| SHA512 | 0d39532169b19f240779129ecc49b4e582373350d51b73f3cfc91cf0b655f7845df48c57a219391926cd3105a5825f55a14db28c76be9ed9e8d9d4bfc5e54b78 |
C:\Program Files\McAfee\Temp420790338\eventmanager.cab
| MD5 | cb3c3baf9d0f30958c3b9df32352a058 |
| SHA1 | ca427e00cdaa32f39fb4a6df8ba1aff5b8200f16 |
| SHA256 | 054ef467f43e73d3c5687966e8a2be5fe41ed099875ba179ea6a446cb8b75ee9 |
| SHA512 | 9567c4fc176e31a5ee06769f103c8d4d03ef6b873827b3efffc09c4329620c1d817ccf641004c419e4438f69820681b223a185ad415991be3af70d60f70ab3f2 |
C:\Program Files\McAfee\Temp420790338\browserplugin.cab
| MD5 | 253337eb5d13a9f79378de0904b0e448 |
| SHA1 | 5dcf4b41d3ec3eda26e7e25c9221643b62468962 |
| SHA256 | 05c9b53b895f9c79eb9e429f2bd11651a4b51018b9151fefe41d835212d515f5 |
| SHA512 | b7e2d2eb1dc29e1f5b87f73133ead258776aaf2ae21ba43d21d1fb91c61079cfd649be6c1aa2c2d9aa9982a1ba86978df18f677cec7b15919b1f2d44c888eef1 |
memory/1716-408-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-407-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-406-0x00007FF633970000-0x00007FF633980000-memory.dmp
memory/1716-405-0x00007FF633970000-0x00007FF633980000-memory.dmp
C:\Program Files\McAfee\Temp420790338\analyticstelemetry.cab
| MD5 | f9424b351f5fd545d96ccc3458777f3a |
| SHA1 | fe13b0160e4cf4340952b4ce120ee4cc4ade29e4 |
| SHA256 | b7cbecfc093acfc824fbddac62e091b8bb04a1d0b59060e34cf715e1d93ae1c8 |
| SHA512 | dcc46a38db86aac6ba7e1083a7a5c0c9ff4aa91cfeee5c0a7ae6eb7f369521d8d575fa4261c3153a56777c851122139e781efff3ada9a1879450abd09702677a |
C:\Program Files\McAfee\Temp420790338\analyticsmanager.cab
| MD5 | 5be9597eb624a4897d79402c4cd34b6b |
| SHA1 | 0998b43ef247820ddaf7655a3ee527a64b8b41fd |
| SHA256 | 4d2c613e6cdd7ac00025b5da1329d52d63628257ff44a1686ac230f25cac2862 |
| SHA512 | 524937dc6ccfa241f96dcd7c9e9df0be6d8faa680d4b641b8a49cc687884b7e5b3a6939e516e3486c89a3a706f0ff5318581eb05edcf84b8740ff64baf110b39 |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | ab0c6b183284159b25381092acaaebec |
| SHA1 | 33775b860c71d7f6b94050c0d26517103a4c7a4a |
| SHA256 | 8cc09a9dad9a3731ee3f84d5d78ec1aa3b2beecb16e1f8e111f61a6ae6a2cf26 |
| SHA512 | d99a3d5bce3fc8617a073001e2f6de15dba6cbda48b4d65651bbb72902b921258414c98ecc1a092f59b2ccca8960e9456c66d5af0aa3fc1756c316db98e5a352 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 97e10d9b1d0fbb21788d3a4dfa174fe1 |
| SHA1 | 6aa3234f1fd17258e236db69394421b2ef4411b1 |
| SHA256 | e3d68fad25928758489b71bb0b10ee7b6419c5fb58458d3663f993eaabf633ce |
| SHA512 | abf67b2589cfa7bb6a2017fca101633a7fe92561b09225c0be62e25945a91e20e56ce2c8b088714da9ec62fae4169b473b449248b036d5c857d04bb06c4c8c02 |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 02ca745f466e29c915b4625306e9fb35 |
| SHA1 | 7bc12e3863ce2d3b774c2d009cbbadb8320e1a0b |
| SHA256 | feb53c46b52de3e0040700ba1b737f76756efd08c21a01e3aba08e61e3a757bd |
| SHA512 | 4ca6ce3ed53fdadfd41c097ee5f5c04fad35c668fb052edcca7ae271275e8134c5b4feed2388dd3cc7ada6a228d6b65aa8107f84b89d2665ac906760b600d59a |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | bd4e67c9b81a9b805890c6e8537b9118 |
| SHA1 | f471d69f9f5fbfb23ff7d3c38b5c5d5e5c5acf27 |
| SHA256 | 916f5e284237a9604115709a6274d54cb924b912b365c84322171872502d4bf8 |
| SHA512 | 92e1d4a8a93f0bf68fc17288cd1547b2bb9131b8378fbd1ed67a54963a8974717f772e722477417f4eb6c6bb0b3dfba4e7847b20655c3d451cba04f6134c3ab5 |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 5a000179a02fc2a0edbef08edbfc6958 |
| SHA1 | 90f708b3d4893d5fba55423728258c15bb907e7c |
| SHA256 | f4396a11c151227663fd5b2c72e43ed6341db16f509143a879a8c7b4926b5d9e |
| SHA512 | d8edc1c1c69b295593d812c85243fbbb3408f8629d3ecbd19451d32580af1e1ab9957a38676beecfc516ec75638da69645436d81961b638e4e580a510230ef01 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | da82bfaac15959bc9031245be652ad4d |
| SHA1 | 25ae3e2be723fcce4089ffb4b57d7d99685b91ab |
| SHA256 | 57e01c9280048e164de0631e0dd63b230192b812f13b6f296cb97bcf9d793b41 |
| SHA512 | c691efa3ff3ab91466aaa53c9f9e8f22bc48d4fcdff2b62a2bdb77dd85f2d0141ad1f30f19b3cd602ee38e75f83d9c7373e26d62cb73309cfa3912160474dd11 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 229ae5be82d4b5dc59f133fa3cecf088 |
| SHA1 | 11a19946619ef68668e0221208ff024e55a42acd |
| SHA256 | 190d7923c239f63a2b278e823b63dca3dea73e4b089601343e36cca894afbeec |
| SHA512 | 0824c3840628f70b42159d82f8a93dbe5db219c944599ebd9734a40e89e3fee849998446eee0dedd1354784b6a40718fb4fe48a53d85312539f42f4d0aa46b59 |
C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt
| MD5 | f87610be28ed3ac50690109053805a25 |
| SHA1 | 6b65a10d2f80c072ee11bdfdfcf379d5d6effe21 |
| SHA256 | a61c24bc0e63e14f2089fc5aa0d0f257b6ba529661f14a37763cea084fb3e029 |
| SHA512 | c8d4c5b97809e6c8fe4de759d3e7d283c4db2076c6b25679452cea735e02c2ee45a5bed9d749caafe4e088bcb63b803b51083dc81f15bb88d42b83454034fafb |
memory/7948-2939-0x000001CBEE730000-0x000001CBEE780000-memory.dmp
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
| MD5 | 00b6cab6ba8e9d5197b17f57596d4f49 |
| SHA1 | 78f50610b982ca2ad8bf0043d67c5ba975e024ef |
| SHA256 | b30c10b3bd2119bf9b3e420a1b26542acf801ddfdf46480ccc11e9d81e958dea |
| SHA512 | 8df4866ba40835761c7fa4b6d857e7f83a910037e573b7dc763df44eb7b2da7c86c52964d27104ed333e00324aa7f09d343beebe6fa8b4d7129ad3ae19eadb4d |
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
| MD5 | b18e755939ccacc936879f4c16aee4c5 |
| SHA1 | dc8018d8258d0768dcb39f0aeff57eb1188d69a6 |
| SHA256 | ecbb51b5df9f788c130e71ebb9881e26ab814c3f9f521164f88aa4f521aba2df |
| SHA512 | bf1091c478bc278366175bf7e485cfbd63e5b50cc0073c043166ecebeeb7ca878845fb2ac64add35d7af654db3671b55c2daf79f4084089ba8fbe92cce5e68b5 |
C:\Program Files\ReasonLabs\EPP\mc.dll
| MD5 | b1e90962b3fa14291312e7f82b0eab9d |
| SHA1 | 3fe9ed4bd9ca3cc0ff34130a71d4bf44b4b59933 |
| SHA256 | 0ae59059eb797352185e590151f876962e797a78acb8ebd3ddf6400dfd6e0264 |
| SHA512 | 1443594d548ffdf75ce765486bbe99679083895e03c1242af0d9ad9eeab8ed13dbc3488b872440c5b56ab101318383aed6f25cc659d85f662a0f5504a5831d38 |
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
| MD5 | c1ee566d9d2d4c41109c73e2b7fed42c |
| SHA1 | 68f9c35a9a5cdc396f09a94425c4ae87ce9ee3f2 |
| SHA256 | 10540b6e26547eaed68893f6a0e66cdcee41db69dca3affffe0ccd0c9012d2b6 |
| SHA512 | 6b8d1fae02c5a3a4be5f653c9de50f89655050827d13add3acd8bc4d5a28072cd7aa8d618a356aa60b0cb5effbfa3eb82ea1e2fc00921b20b4fafd63807c594f |
C:\Windows\Logs\DISM\dism.log
| MD5 | 731123fd6e742ba3bba0b83b3eeeb296 |
| SHA1 | 495c7b87e86ae374d4db81da6f8733112920acea |
| SHA256 | d30ca42361e7b3d6ede180da3c3e91007ab11f2efecc67d7905acb46b7b817b3 |
| SHA512 | b408af0dc7a43a2d8ab8480de37ed12c50a3041f7e2f965ff19e0bfa15f44d14f8822a44e2bec229011b696aa1c036080014a860ab4bea10d4fbdec76b101e5c |
memory/7948-3146-0x000001CBEE920000-0x000001CBEE978000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\574d6088-6e86-4e70-805a-c4d7982b750d\UnifiedStub-installer.exe\assembly\dl3\b524ba64\048d4958_c5eada01\rsJSON.DLL
| MD5 | 422a34a07bf00303012c8f130fb51aa6 |
| SHA1 | 6e60d28383cdfe714c097ca0c85d3eeb73e2bb00 |
| SHA256 | cf155a5acf93578eefa9307a8ab6268f4ce37d493fdf4263164fffb96a92ce68 |
| SHA512 | 6c190c83359d0f99c3b680bbbf0556f0151c7304e2cfcaa44e5261629ae1488692803aed11bd3b571bf0ab7227d054c57a63e62721f5b26a360c755c5f6474af |
memory/7948-4782-0x000001CBEE980000-0x000001CBEE9BA000-memory.dmp
memory/7948-4802-0x000001CBEE880000-0x000001CBEE8B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\574d6088-6e86-4e70-805a-c4d7982b750d\UnifiedStub-installer.exe\assembly\dl3\d113c539\27b64958_c5eada01\rsLogger.DLL
| MD5 | 870d12c755207b5e1b95b5a6dfe2ad27 |
| SHA1 | 85f9fa6a3d0866c323fbc9b337ea39e5aca4cd56 |
| SHA256 | e71e353a022573c8cb3fa92e98c5b7a60c7008aaba90c2b0e4b6e33cdaf8ef40 |
| SHA512 | e26ea78f3e0f4ce52155204ef50a7a26069602cb4870a91d4a1ccc580b90bb2f0ffeb6e23619fbb13542688afaa0be998b05aa984993363c7464415c1f1da784 |
memory/7948-4829-0x000001CBEE880000-0x000001CBEE8AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\574d6088-6e86-4e70-805a-c4d7982b750d\UnifiedStub-installer.exe\assembly\dl3\bd74eee0\ac092c58_c5eada01\rsAtom.DLL
| MD5 | 18be5ed564d1fda8fd535137f3aeda9e |
| SHA1 | 0fc2a790fd3ecca41e385a36c8771903756c2c76 |
| SHA256 | 18c388e8445141b41c85c567f5fd23ab4a566531dc0adf79d931cba3c58eb5ca |
| SHA512 | 4fb25c819c1a7566de6875d17ccf21268a5bdfc49517a9077be4672fe4b68af330379f46fc850a3d7c5d40333d81ca6aa4c5713542f2d0a7d93a90bdcbfa754e |
C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\574d6088-6e86-4e70-805a-c4d7982b750d\UnifiedStub-installer.exe\assembly\dl3\661f8ce4\47dc4958_c5eada01\rsServiceController.DLL
| MD5 | a2125e3a8189aef14cbd8cfe059fdf53 |
| SHA1 | b1b6db623549e11ed28058aceb6b8105f999b8c0 |
| SHA256 | 337b6d848ebffe68a149103d31dc3a78d10e24ed66d8dddce3e7a9ff91da76e4 |
| SHA512 | 876d76bb5d4de73181bf14950a5b65e909131040794eb8c86a170e0f17890488adc1a39eac3175dda9a244fb8bcd189608792b8bc3ea54921152c178ddcc86e1 |
memory/7948-4864-0x000001CBEEA30000-0x000001CBEEA60000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngine.config
| MD5 | 8f0226643e7cd6f7985447cbf71e9031 |
| SHA1 | ae0df1350d61a0cff8dcc42c0f61d256f31b2efa |
| SHA256 | e69de3a71a69107346ac4723fe3b1d43910696bb98271380ac58abde714c5fc2 |
| SHA512 | f98ccb69c3aa0c80cd83210a08296421d8e2cbe801b7199f1d440afbfdc8f29e20e9bbfe509471450b4b25903433b3592b58d925b67511bc71df6a67938b5901 |
C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 0a0fe9a478456a42105ea6e7e94c62c1 |
| SHA1 | 400c436c6450c5b8c43ff2c947088d3832c81e56 |
| SHA256 | 1b640401b647ae6ba99db5506e60c751e0fa7cb54a81cb49b627c699167b96af |
| SHA512 | 483405b5aa8276f699b6b666dd346c4eb3c4675371d0bc9c1ecb2ac2f3d62e37ed54b9712d185c8547416be6522e0ee4b4ebdb8dbb9e9923af1b3ad775a355a2 |
C:\Program Files\ReasonLabs\EPP\x64\elam\rsElam.sys
| MD5 | 8129c96d6ebdaebbe771ee034555bf8f |
| SHA1 | 9b41fb541a273086d3eef0ba4149f88022efbaff |
| SHA256 | 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51 |
| SHA512 | ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18 |
memory/8848-5065-0x0000028857C60000-0x0000028857C8E000-memory.dmp
memory/8848-5080-0x0000028857C60000-0x0000028857C8E000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | b2ec2559e28da042f6baa8d4c4822ad5 |
| SHA1 | 3bda8d045c2f8a6daeb7b59bf52295d5107bf819 |
| SHA256 | 115a74ccd1f7c937afe3de7fa926fe71868f435f8ab1e213e1306e8d8239eca3 |
| SHA512 | 11f613205928b546cf06b5aa0702244dace554b6aca42c2a81dd026df38b360895f2895370a7f37d38f219fc0e79acf880762a3cfcb0321d1daa189dfecfbf01 |
memory/8848-5093-0x0000028858090000-0x00000288580A2000-memory.dmp
memory/8848-5094-0x00000288580F0000-0x000002885812C000-memory.dmp
memory/10820-5102-0x0000000002820000-0x0000000002856000-memory.dmp
memory/10820-5103-0x00000000052F0000-0x0000000005918000-memory.dmp
memory/10820-5104-0x0000000005240000-0x0000000005262000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pbnrfusn.01a.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/10820-5114-0x0000000005B00000-0x0000000005E54000-memory.dmp
memory/10820-5115-0x0000000006180000-0x000000000619E000-memory.dmp
memory/10820-5116-0x00000000061B0000-0x00000000061FC000-memory.dmp
memory/10820-5121-0x0000000006760000-0x0000000006792000-memory.dmp
memory/10820-5122-0x000000006E5D0000-0x000000006E61C000-memory.dmp
memory/10820-5132-0x0000000007350000-0x000000000736E000-memory.dmp
memory/10820-5133-0x0000000007380000-0x0000000007423000-memory.dmp
memory/10820-5137-0x0000000007B00000-0x000000000817A000-memory.dmp
memory/10820-5138-0x0000000007530000-0x000000000753A000-memory.dmp
memory/10820-5142-0x0000000007740000-0x00000000077D6000-memory.dmp
memory/10820-5145-0x00000000076C0000-0x00000000076D1000-memory.dmp
memory/10820-5146-0x0000000007710000-0x000000000771E000-memory.dmp
memory/10820-5147-0x00000000077E0000-0x00000000077FA000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 43fbbd79c6a85b1dfb782c199ff1f0e7 |
| SHA1 | cad46a3de56cd064e32b79c07ced5abec6bc1543 |
| SHA256 | 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0 |
| SHA512 | 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea |
memory/11152-5178-0x000000006E5D0000-0x000000006E61C000-memory.dmp
memory/9308-5188-0x0000011719AA0000-0x0000011719E06000-memory.dmp
memory/9308-5189-0x00000117198B0000-0x0000011719A2C000-memory.dmp
memory/9308-5190-0x0000011700EB0000-0x0000011700ECA000-memory.dmp
memory/9308-5191-0x0000011719730000-0x0000011719752000-memory.dmp
memory/9808-5193-0x0000022252650000-0x000002225269A000-memory.dmp
memory/9808-5194-0x00000222542D0000-0x000002225432A000-memory.dmp
memory/9808-5195-0x0000022254270000-0x0000022254298000-memory.dmp
memory/9808-5206-0x000002226CC60000-0x000002226CCA4000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
| MD5 | 0dd7ab115062ec8b9181580dbd12ff02 |
| SHA1 | 28a9115deb8d858c2d1e49bec5207597a547ccf0 |
| SHA256 | 2fe9b5c64e7ef21c1ea477c15eff169189bac30fd2028f84df602f52c8fc6539 |
| SHA512 | 2c1a4e5ebf7ab056d4510ea56613fec275ca1da8bb15ed8118e9192fc962833e77974a0363538cebf9ab2a1a1ff9486c3078d14b4820c2a8df803f80f94e19f1 |
memory/9808-5196-0x0000022252650000-0x000002225269A000-memory.dmp
memory/9808-5220-0x000002226D080000-0x000002226D2D8000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
| MD5 | 705ace5df076489bde34bd8f44c09901 |
| SHA1 | b867f35786f09405c324b6bf692e479ffecdfa9c |
| SHA256 | f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950 |
| SHA512 | 1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7 |
memory/11256-5224-0x000002B024E50000-0x000002B024E80000-memory.dmp
memory/11256-5226-0x000002B024EE0000-0x000002B024F18000-memory.dmp
memory/11256-5227-0x000002B024F20000-0x000002B024F46000-memory.dmp
memory/11888-5347-0x000001546C700000-0x000001546C72A000-memory.dmp
memory/11888-5348-0x000001546ED40000-0x000001546EF00000-memory.dmp
memory/11256-5349-0x000002B024FC0000-0x000002B02502C000-memory.dmp
memory/11256-5350-0x000002B024F50000-0x000002B024F82000-memory.dmp
memory/11888-5351-0x000001546C700000-0x000001546C72A000-memory.dmp
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
| MD5 | 1068bade1997666697dc1bd5b3481755 |
| SHA1 | 4e530b9b09d01240d6800714640f45f8ec87a343 |
| SHA256 | 3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51 |
| SHA512 | 35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329 |
memory/11256-5362-0x000002B024F90000-0x000002B024FBA000-memory.dmp
memory/11256-5361-0x000002B0250C0000-0x000002B025146000-memory.dmp
memory/11256-5366-0x000002B025B60000-0x000002B025E06000-memory.dmp
C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog
| MD5 | 789f18acca221d7c91dcb6b0fb1f145f |
| SHA1 | 204cc55cd64b6b630746f0d71218ecd8d6ff84ce |
| SHA256 | a5ff0b9a9832b3f5957c9290f83552174b201aeb636964e061273f3a2d502b63 |
| SHA512 | eae74f326f7d71a228cae02e4455557ad5ca81e1e28a186bbc4797075d5c79bcb91b5e605ad1d82f3d27e16d0cf172835112ffced2dc84d15281c0185fa4fa62 |
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState
| MD5 | 362ce475f5d1e84641bad999c16727a0 |
| SHA1 | 6b613c73acb58d259c6379bd820cca6f785cc812 |
| SHA256 | 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899 |
| SHA512 | 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b |
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
| MD5 | 6895e7ce1a11e92604b53b2f6503564e |
| SHA1 | 6a69c00679d2afdaf56fe50d50d6036ccb1e570f |
| SHA256 | 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177 |
| SHA512 | 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2 |
C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt
| MD5 | 1b71a0a9e018df0de266b08eb592e3e2 |
| SHA1 | 462d30cedbbd1874f2c9f8163372001f65d983eb |
| SHA256 | 66b5ce2631eac55e8df5e51ab6fb657c5a21b9eca32756fe2f59bd6b8f011ab3 |
| SHA512 | d058b5aabbaef871cb9363d3e0fd51683a336242079d529459403f3b00e061159db835c69915461e532981f425119bfa4e242433152716226bd2f9f193c67fad |
memory/11256-5394-0x000002B025060000-0x000002B025090000-memory.dmp
memory/11256-5395-0x000002B025910000-0x000002B02596E000-memory.dmp
memory/11256-5396-0x000002B025E10000-0x000002B026179000-memory.dmp
memory/11256-5397-0x000002B0258B0000-0x000002B0258FF000-memory.dmp
memory/9104-5398-0x000001E568EC0000-0x000001E568EEE000-memory.dmp
memory/11256-5399-0x000002B0265B0000-0x000002B026836000-memory.dmp
memory/11256-5412-0x000002B0259E0000-0x000002B025A46000-memory.dmp
memory/9104-5437-0x000001E569900000-0x000001E5699B2000-memory.dmp
memory/11256-5441-0x000002B00C560000-0x000002B00C586000-memory.dmp
memory/11256-5440-0x000002B025A90000-0x000002B025ACA000-memory.dmp
memory/11256-5442-0x000002B025A50000-0x000002B025A78000-memory.dmp
memory/11256-5444-0x000002B026180000-0x000002B0261B4000-memory.dmp
memory/11256-5443-0x000002B026240000-0x000002B0262F2000-memory.dmp
memory/11256-5445-0x000002B025AD0000-0x000002B025AFE000-memory.dmp
memory/9104-5446-0x000001E56A020000-0x000001E56A310000-memory.dmp
memory/11256-5451-0x000002B0261C0000-0x000002B0261EA000-memory.dmp
memory/11368-5500-0x000000006E5D0000-0x000000006E61C000-memory.dmp
memory/11256-5511-0x000002B026370000-0x000002B0263D6000-memory.dmp
memory/9104-5512-0x000001E569D30000-0x000001E569D8E000-memory.dmp
memory/11256-5513-0x000002B027C90000-0x000002B028234000-memory.dmp
memory/9104-5514-0x000001E569E10000-0x000001E569E26000-memory.dmp
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
F:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp
| MD5 | 3b1ec0ce9c80815e263b14a7c0cbce34 |
| SHA1 | fc2809a8b17be8e2f3489284c521df3c6e1ed7d0 |
| SHA256 | 7bca6765c36236563953edc64a3f917764dc2a458b8ccfa17aa8156d09cd0215 |
| SHA512 | c5ee74dc93b4525dd6b02e9f1d657699da153a99741759decc575934e0084a4216c1a4ac11575dd8fe3d4a740b0e58b9f60f56feb994c77b80e541d61233ad0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5457c56df6f5c83a4add1de5ed0d8187 |
| SHA1 | 76fd30203306bf7d8868b6003003f5f98f572433 |
| SHA256 | 84e86322d092c2322606fec31952f14c1e826a5496c6b8149370aa0cf6c8efe1 |
| SHA512 | 1e7fa6f081b0e5c3bd2ee887e08cc0d23eb30ed826d74c2ab3987b238aa0438e9365778a661819b9cb8e3c58edc6b5ce631a81c6e0108b6d640cd768de8dbcf6 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp
| MD5 | 8b314905a6a3aa1927f801fd41622e23 |
| SHA1 | 0e8f9580d916540bda59e0dceb719b26a8055ab8 |
| SHA256 | 88dfaf386514c73356a2b92c35e41261cd7fe9aa37f0257bb39701c11ae64c99 |
| SHA512 | 45450ae3f4a906c509998839704efdec8557933a24e4acaddef5a1e593eaf6f99cbfc2f85fb58ff2669d0c20362bb8345f091a43953e9a8a65ddcf1b5d4a7b8e |
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp
| MD5 | 2a69f1e892a6be0114dfdc18aaae4462 |
| SHA1 | 498899ee7240b21da358d9543f5c4df4c58a2c0d |
| SHA256 | b667f411a38e36cebd06d7ef71fdc5a343c181d310e3af26a039f2106d134464 |
| SHA512 | 021cc359ba4c59ec6b0ca1ea9394cfe4ce5e5ec0ba963171d07cdc281923fb5b026704eeab8453824854d11b758ac635826eccfa5bb1b4c7b079ad88ab38b346 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\ProgramData\ReasonLabs\EPP\Signatures.dat
| MD5 | a13b2ea8fbdac799da1f4d8ae5685112 |
| SHA1 | 2a9e4d67bdeb4bc65ddf005120fd2c6100c4058b |
| SHA256 | 33d020625a6fe18b2c984dbff6efbd6a6157b0cc5449cca1687845c1438450d1 |
| SHA512 | 00c9137c79b03c0857c83681e517cf42984318cd95d131d22cbee1efdb0394e0bedd64ff79d7bf2427b7b9c4ed9b8b8da9e4d4c50f833a5ce256fc894707b946 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat
| MD5 | 3d5a092f97ca28e990483f643d613891 |
| SHA1 | b7bc1c83bcfa801cbc60b597afe26172bd3bcd3e |
| SHA256 | a7cf36e18a7c07e4390c7b4b5e163fb642442b07dd491535eca890f7b040ccdc |
| SHA512 | 6cdce0186a875acf5dcc6838477ef60396cb19cb0164d0884bab8456960c167a93043ff4d0d32b7d0afe8d83219b0fccf8e8c966266ae0a3fbc17e4cfb3c2e82 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat
| MD5 | 298385f96578d6dfa04bc40cde21e1be |
| SHA1 | ee7268b3d9c6f149c83c471948ed37c1c5bc46ab |
| SHA256 | 998e75d968f22b63f5c356d4b13036b3d497b223f57b48ca553ffa9f25464941 |
| SHA512 | e180987b311f7e72ff00b2f4520e848116e72fd5ea2cedf5af10cc78d9d7f2813dbd15704c88ce0f009c9959b2d1142a6bf4e2fba1b9c227c11724397d1e15ee |
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat
| MD5 | 8c9eae09192c0bbd53cf0bd9f4891b0c |
| SHA1 | 6dd2a82b985b82eb34c1b00af5213d6e9ecd0175 |
| SHA256 | d6aa2e414099fd7a3c083a478a0db12e314ff33cbae07564cedef5cec9e99628 |
| SHA512 | 59cfc80a2017c2ca1b257662baea1012793bd554dac13e75e7caed0fea9c8a782584bbed970efd3fec196bd1dea7e0b004d6b53dc2874a969ff97617b407a18f |
C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp
| MD5 | 55cb5ecbfd4f28299765b8d8994677cc |
| SHA1 | 04ccb36d458d9df9d5804440d0a6e9d8ca706289 |
| SHA256 | af48e00779cfa338dc3d23f0aa8da1551f4493663d9bb8edb081021979b37942 |
| SHA512 | 6e82cec4d6ac962078b4bbd1d5222dc7b96da2c3a8480fcbfc0492d329c46bde07cfdab812138fad758a77ef8d913022c383f161827d29f7a019c24154a583e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9f8fc4ae-354d-4169-befb-960bb8637ce8.tmp
| MD5 | 6e84a197c301f80dad21d41dbb6438b6 |
| SHA1 | de88e85d7b293e2424d2cf1ad692aa88f050a599 |
| SHA256 | 29dd4bc3a3e33e45adc361ff03a960151c44e26d97b643bf4212aea426a57783 |
| SHA512 | ba5fd9818f43af18317298191e18852dcd2cf6f1569d45b44951383b73a9e338c8b20fca37d053cd56404a38f25cbaa1c9b7a7c9b603be2d1b6e3216c92ee262 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 89dd9439cd2fbe73add6f3270cda8225 |
| SHA1 | 22cb3777705bf1f07f6004a215ecfec64d2cce11 |
| SHA256 | 0dc9ecb416d2afb00d56c201ec9ca644826930dcdabbfc2ac438a4f527a49689 |
| SHA512 | 43a17bac38d75b6dd10d687f1052bfc6aa3160e7a8e7a3f76ede57da8306fbf26f2df46c5cb9c943d05078652ccab0caf72f6dacf8df3611fec893a7ba0c5422 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | b5472eceddcafba044949e9c630c7f43 |
| SHA1 | 824dc8de7cbb74f55d229eeae0dc3467f034226b |
| SHA256 | af8e3931673a6cf8b867891448c3107523b2304bfb3f275702a37bd0a28d165c |
| SHA512 | c89a88863983537908609aad7b33c0e315bae968eacb5b3085955dbd88193f3eb7e2ddfa14be07b1eb2ac93b3aa3e1597bf794e99b694fea7acab910d73ab4b5 |
F:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 77138e2662cdeffd61cf6210ae3fb8ca |
| SHA1 | a085b99630efc74cedd0be9a0eeb57eff7b3850f |
| SHA256 | 68c83685da55573ae966db3113ee513dd76ba489024373968e527bd44d814724 |
| SHA512 | a4621910aa3ae4b5dfa558e69d0270717341467cf067d9397e2bbf118f789c87eef8750ecb25ffd9c60f51f35ceb40b211ce9a738116c4dfc06e543ac90d1bcc |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | e12b5ed58c201614efca3da018d6de4f |
| SHA1 | 36ff19687efd016d1f00eeafc6af19df933c186c |
| SHA256 | c7bdffcb3062d1340b18f3c01d630da32469c3adbe3d144d4368e12894b166a0 |
| SHA512 | 4428594e703a15b0979766e09637d1d29be0579457396986cf19f49c1929d7b8b051040798cd0a1842972f0f2fa57dd76db78339c35b3372e60b4e35c72cfdc5 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 22c036b2ede16ed7918f3a8bbadb5ced |
| SHA1 | 7ae6ab04470e29eb73011d693ae6ae14abeee168 |
| SHA256 | 8b55ca6604def2f37271c977257f3ea18137ce84742a25e0a3804b8209eb49da |
| SHA512 | c81b9d6c5cec8aac480659e6642cf57e600e9419f0a3e69ed88e895b35555ec2f85f12065cbe26d291e17ea25e847bb7ce9a1d11f64a8eba1e4ab7c9adef2b54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a14ae64017c536678b5a1d5fb6a31f45 |
| SHA1 | ff32bc267ff05340dd389c127e6c03a7d48b951e |
| SHA256 | 933ac01bca356f590960a78e19832bd2ea3abb8551afb3bb867cb8689f410678 |
| SHA512 | 538b37cfbe10ceb31d384644d72efb633abe036ab8f67906916028f18968861a265f2437a8047b9b391dc070029b338ecb0ee17dc2e636529088c3805265a084 |
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | b2e3ba2084f827f2e46a917983363f0b |
| SHA1 | 41fd27f8688b7a755abc0acc72a2a6a0e1045c78 |
| SHA256 | 7daa3d35584a7e87c3e8e3afeb436d088209966471d6c766328087823f1f3e73 |
| SHA512 | 4aea989bda6efc91836264f04f23fb3760764e3ef7809f618ad949c2e64b5a167fe5d054607535ec22fea4942d9ddc5ea7f70a1f529ee23633c1cd275d90e508 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\672aa2cf-0091-46d2-875d-1cfe264f8caf.tmp
| MD5 | 97bdf2e6419c66daae2a33e6644aafb2 |
| SHA1 | 20c82d21debbce64d1a3e630e2d4ae492ddb3b45 |
| SHA256 | 6bffb5c61a00895f569fb4562ffea0e6f2dc810862bec3cd2b282eb1aa928431 |
| SHA512 | 4aa13f54bf173abb6931e0fd2996a37724b735ff04ddc5ac1d317ab617e516d3c7fdca27b8729d950d842aa0afdc83e0f5aefa0ecad5b6e8295907c1e776a2ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 893e053b06b5de1d41d715022f9d66e2 |
| SHA1 | a00b7c056db7ddf77bd28c2989557c3bbfc1fa23 |
| SHA256 | 0ec16acda2162edc5f300cea7fd6056506917865983c0f11d1c869e2310808af |
| SHA512 | 4fc57c9d37d4a9dc8f7e4d9e27064d13b24f96a1886f078f8d35dfae94ab3c39ecdba9755c1b68834cf138a07894e82c568c14f354e61e9cff39690985bc9fc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 6da9dfdb89ba3ec2627fd43539d2b470 |
| SHA1 | 137ab868adddf0c91fdc9a3f1a4f10914abc1368 |
| SHA256 | 3608b836b7fd0e9917aa816d7d4f107bafa1d2d97cb605eff256e6a4604ec688 |
| SHA512 | 014310464f82e9b6e7ad3fd64a41de27b14282172c9e8c7a333565f500c9a5545a9be3c1f8a83262066f63d04d1ee3c325e4b9b9d28738cbebf822007f910d44 |
F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.34.0\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.34.0\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.34.0\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.34.0\GPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.34.0\Local Storage\leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5ad14d66122046d5fb37922c016364af |
| SHA1 | b1726a182c58e72e07705ce757191bec43719a93 |
| SHA256 | 0238a3095d6bce48eaca835de16804fd0398180920592108feb6bbaa88ca17b3 |
| SHA512 | 7f6bf9037e15a5c2161065d501e4dade03c2426ffa8afcac2014b45feaffef1dae63bf94a310fbed2e9dcd0853dd4d8f7f68c7ab5999982b5196e12d1f03b9a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8c85e7f879417567b573004a28cb44fd |
| SHA1 | a5538a1503d3b038e1937078c4f5471495235e79 |
| SHA256 | 839cf01675e45ba12b0747f35aea1c28ed05bcfe5eea028450c85eab36353f68 |
| SHA512 | 2d83b25f745e0ae8dd05904c8fd19f4f20fc4fef3d028bc02c7dfd655fe383cf51362dd23d731a94edb2ac28136932dedaf11c73772c0219b20eee5389fe2c8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ea0b5ba4414878ef156634a9e9dbfdb3 |
| SHA1 | f7ce14c2b319442091ca7e3c3d5d180bccc07520 |
| SHA256 | 517ff5fb244bb743685b85c347ebf4aabf3fbc60d00252e52e2247ff1d42b8d9 |
| SHA512 | 11772b855c654f785e3a4e001289002ac0147f6b26d376adacb5fb5b3ae346f486e0ef3bb8c3b07496160a96bb53c194bc429fa76c237a73263f85e235e9ea16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 511d1a5068b950709e7ad1d9ae3f0039 |
| SHA1 | 0008291b02080c4f4413a05ba47b46f0d02ac4e4 |
| SHA256 | 247e77e78d9ad16b2490814515a86e2ee18e09bd2c3920a64149c064f45ccb92 |
| SHA512 | 5612e9e0b91053835c46f33e828fa67bc5f575bfc7276a6820b56200afd0057e3fb6d439a4de63fc870d0378de2e762beb4d08cbd12c39a265f5c37e0be2dd48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00014d
| MD5 | d7ec0f87774fe13a374fd922c678c895 |
| SHA1 | 2b2f5fe4f72ce686069368b7c7333f5e54bafeb7 |
| SHA256 | 799cfb2e7f686ebb6d7150d6ccef07466738529ba538e91d8de4bc4a478de6ac |
| SHA512 | 02faf8f8677fc3147fc3132bc22f36e120e5ed8fd4d40ac0b32509b3f2f1f5695b6c1604f2b5d4612343c2ffcf94f601dfa8cf617fa3b06d4da1fc798b0220f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\d62f05d8-39a5-4f60-b769-4e82abde25d8\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\index.txt
| MD5 | b86f8fe970cc69cb6ef0a19af79ea847 |
| SHA1 | 36169efd4638ae69434aee68e71c30a275aea5e1 |
| SHA256 | dc3fe778aab2f1384a4b17ee2879a40cb097b936caabcbb9b3a025f20c6ae9ab |
| SHA512 | 7cae05fc0561022b1d82c9bf885ee03979a84343700a28f597d5beda4efe04fdcf42ee690a5dc0eb5710d55cee06103fe0f5abb13598534d6577376a09ca6ce5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe5ffe10.TMP
| MD5 | 701a54767d381c83d35642356414822a |
| SHA1 | f590f680f7595b5ef2f3d94848209568e6e1cc51 |
| SHA256 | 8d5af9bc15665f39fc9edd79629be3d0cdb3493c6d903d0c07a92ef0a64739dc |
| SHA512 | aa97afddebf05e0d41739a9f79c9c63534b30cd97adc92e73a7db71fcb00bd714d1e632176b8685d2255ecebebcaeae0c013229817359a1306be2c066600234d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 82aec170c852c55cad7a125945bf3769 |
| SHA1 | 0a393cbe7ddd321d88d55dab0e097624d6193f11 |
| SHA256 | 7bd32dca09ac7fba0aebf5180fd081793c8c91f8a227a3fa689f5be2b7f7cb94 |
| SHA512 | b305700aa1594424687d2d666a69f6e4f419c9f1f0e8aa91fb10fd7e3ec1d76f239d9e401a4eec0430e1d81875f2da0e3fa3ad2c998ec263f6f607990dbd3e27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 03215b7a34ce1f035f7cbc1bd066d420 |
| SHA1 | e75cfdc885472decde5e8085fe062b8ee2afa1e0 |
| SHA256 | dfcbe9513bf3204a067c188619133222f94479f2e2400a16e2bfe2c0e133d6f7 |
| SHA512 | b835fab04376c8cace743c6783d10c8a210a26b95797a18ae4c2563217d6f3de53e0d3d5b52fc1d32391a0ac7b3339a7c5fa9d4dca7966d86f4c37f9420f7f98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
| MD5 | b6f7a6b03164d4bf8e3531a5cf721d30 |
| SHA1 | a2134120d4712c7c629cdceef9de6d6e48ca13fa |
| SHA256 | 3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39 |
| SHA512 | 4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 92ba26914987fe46a715c4512a55f6fe |
| SHA1 | 483f38d61a8f617fef84291058d748f95f17cb28 |
| SHA256 | 1e87b4b097791a702f2d62990aae085db61b04f0550a5edc882f5089ef23aca6 |
| SHA512 | ef60e4a87281c0df7406bac5fc438b3fd8dcc62fc05e9606840d9c81c3d7341c3a03d797e19848f616217e028c1eba064f0e4d17a782bcf4dd6f0ee9f25f001b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 28d57e9b29c0f263be9ebe53ab33e227 |
| SHA1 | 5c7c0b7c88fd68d2fde617291e23c6a879a74ee5 |
| SHA256 | cc1ca6ac82dbf29faa1177238e7c10697365813c87941a4e1f00d85fd089779f |
| SHA512 | b8ecaaacafe5ba6fba587bafeb065694f4c7e7c291d448abaf267eb3a02fa09f89e932c025c8bac489c8665fd07d5195792efd82d5292e5ccc82d275483e3981 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe60238a.TMP
| MD5 | 8a2c7c0dfd1456f7faf6976e366bce9d |
| SHA1 | 564f2271dfb00c2455f609baf29fbf7b60c2249c |
| SHA256 | 6776bbfc20674085c9c0267982588b89bc726c7b92c80d02d22142eea872c9f0 |
| SHA512 | 492aa2331e6f462ce45da15a65f1f6cad8efa050cd0dcb17356e84964ae25739d44ad55c5159e658e63801daa15842b7e24b5bfe1a4249105dba39ac9616e99a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000163
| MD5 | 80f1c7472825e6dd19d7ab65b0984ffb |
| SHA1 | 76af1427993a5d699b8441a32d751777a91fb0ef |
| SHA256 | cc6186b5115525964b454ef070e9034df1d919d806314ee6a2203a2d66b4f7b3 |
| SHA512 | b0be05f9536efd3ee010afef24fe879aeabe56cd52c877cc23980b8c1742823834f2e9e8c000a78d79b077d0f257dc30bff10b5eb5bfa6d2cd684405bfec7c0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\37cc1d9f-3c80-4f5a-a4c9-e4ad14bf21de\index-dir\the-real-index
| MD5 | 7810cd47b4b22190ec27dfc2f518b48c |
| SHA1 | 11cc7d033029e5970b37e615e6a88745710d43ee |
| SHA256 | 98c8f36b61281d64266c50cb8bf93c9fb5d2b7efae5b9e6baff9ac5a627d4753 |
| SHA512 | 2490d34f30ee8507a63e77d51a21efb19ca0d28728e4ecb2b7527365636779da203e65c262d0f016482afee6308c6d94126163f6adf0ec92b7987d261b6578f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a4e9b9e5a57a28f699427a96e06e9078 |
| SHA1 | 103d25e62e545c0227e2daab02a579cce236294a |
| SHA256 | 6aa8d05e2ffa5184807f00a0169ffeaced3e7e948dd51368afb173afaa31a973 |
| SHA512 | 35459e7d2a1676c3edd6453d4bc4e44aa2c40dd08229bb613a724f24ced9c50e0c84dfb6e621b36b3c36807b016b6a1293b15da68231332e6ab4fdbcff56114f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
| MD5 | aeb54e31e3a768daa1e73668387dc81b |
| SHA1 | 5ac90b46f24d02639db881638fd6f41b481eb125 |
| SHA256 | b0099da40f552db8192ab3aac08797aff291d88c91994701fbd9dda1c3cf85fc |
| SHA512 | 5749b8ead822af88dc390329b06d90da3f29202fb2385c9c16312b6950805dd8069670ba91373dd8317a4472b88634e0b63d0b616fccb0c300c11e64dbe6a4de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | fc8908f9950f727d6646966bce1d3be4 |
| SHA1 | a1fcdb7d80472d190eb60412b167b80f24a01fe4 |
| SHA256 | 5cfc7f2381e436b09b9aa00baaf163d7206a1f3cdad598e938e0871a4c80c979 |
| SHA512 | d5e3c9e0141cdc0952cbd23dbd74bc40c21c9af7fbc44ffb5944f355ed0d208eeb0f71b1c2579bbf3bba89df02f1dd152c2b5006fc8c796fd1320adf791ea6f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc5d1b41c07e273144b14f9dd2a79f70 |
| SHA1 | 688d288bc94fcc49845bf5f5f526684d8c48641f |
| SHA256 | dadce2566455d4f939a55637792d0c707696f5307615e9883ad05467ea27b0a8 |
| SHA512 | 364fa2cbfc45223e01b754e2c0104a2ac4c4ecd9be96e1cc6d3dde99757ab00d7b5159a7508ce97d0266a8360b94d973f4c90b89cd3016650ed596fc4654d19c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 088559f3ddde175117958bd71389cecf |
| SHA1 | d387a74992b0645207f5fd7bf6dfd31a24c1fdc6 |
| SHA256 | 60b1e2d15deabc41d6b376749465b9184b828aed452e2a3daba556ecfc2271dd |
| SHA512 | 6c81082d0e3e2a495fac67b84d340ded03ddb1e8ec3012e35dbe0a571d4d9baeecee66a0f43fc82253d943d7407d26ac5b98901a48597b678f5c162664d450b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000020.ldb
| MD5 | 0d677c21fe0c9b8df94b5dc3c655c774 |
| SHA1 | cc4704b3e245317e1e3870e89c100182be59c353 |
| SHA256 | 456f59ab4c0818cf97700a321fa80b1d30662ea454af50f1b503605295a62685 |
| SHA512 | e130a76d0838785bfc545dae1ad78b10a01a7278b1672d94974288625f982079f45b261fb24e9285398f76d7828f6e2319ee065ba3cfe31e9d9001b288687b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000017.ldb
| MD5 | de38a907f558c0bf62a139b6afab105f |
| SHA1 | aaf1128da8a51f5d06353380c6a768ce384368d9 |
| SHA256 | d2090ffb2cc0f369bd1b7b932c5bc9e29bb602aa2995f1d775960ba12289123e |
| SHA512 | 9c5092e9e00014489644fd39b328fec3201559c2fc9fd2f4ffa71825dc6cd620b7a24c9c79946669575191b10198f3cb547e7a6078f1d0c6122e3f7eb3b5e9af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | f2901b1cd45e51a9eaae7b4c8a4943ad |
| SHA1 | 8340bba49f73d033a2437bf0f26c016c90ae0268 |
| SHA256 | e6fe84ab12948abcf5f81c58f81e35cd94fa027e2eab0075be227fa4799356fd |
| SHA512 | 669e3b86691e914ba855cafcfed24273cb761283d5b83a1ef644739ed3b34751393ee4071a43a0ae661cc125ad253292213211ded97066e6257be48844acc6d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG
| MD5 | ba72b9444881b7012cde647fe3d114e0 |
| SHA1 | 4eac17d30d88b6e2474d7a6a33ec4074725f524f |
| SHA256 | 174ea5689df9ae876f6e6f7cb56e506be28cd8e7d5f4c9a176b0647baffdcdf3 |
| SHA512 | 23650cfb7c82004735b414ef4fb93db3c107599426e2a503e423eb9cbf788636d2323e312b20a1bf6f7c92bea1bfd9099ae88236090f4c96e03d8db98cc3cee9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000018.log
| MD5 | 937dc7798287e7a2d2f2429cb8604863 |
| SHA1 | 27514ae7092b7dfa24143bbddf7dd717a007cfd8 |
| SHA256 | 8aa09d14d9deb6ffff31c3f5f03ec7e389110e342ec9ab20ae868581c2856f95 |
| SHA512 | d484dffaa80fa6d4601f6057b2b116a9713b1be93462d0a8b43454b9daee1ccd28e6a433a078471819698a456255c99ad9ef700d83b797a8e714fb615faafe83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 772baf117d781c192c2e9e574b47516d |
| SHA1 | 94028f65123f5aea4e102ea0a8274e1d20090219 |
| SHA256 | b87bd2976d88508368e0f9b296b58b5e44d3516cb709fc1a931fb6f13e1d6c55 |
| SHA512 | efb6466ef8d5fc93b3830fb2aa37692b93291058195bfd92e5f9a1ba5eefd5b404937f8b7a03295718f53c40ad4d738562c52b72832fc6455327ba3b433a0224 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\37cc1d9f-3c80-4f5a-a4c9-e4ad14bf21de\index-dir\the-real-index
| MD5 | 25ea5b7825307570a30103867a57bfad |
| SHA1 | 01dfacf19ba3a92c31669e7ec57d754334693fde |
| SHA256 | 8fbe4753518ff2195111a4ca0bf6400c8f8597f137a25e65d22a7d42a25fbb75 |
| SHA512 | 3a1e67ca75fb9462790b1fd26237993cf267c50c6b8737c1c4d19b13149f7421d559694f17c4d403918552706160d6c657e7497c6072d058c65d77fc79aea912 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8804acca-2cb7-4bcc-b823-950f0fb8d878\index-dir\the-real-index
| MD5 | 7f1bfe42363287762af8131d350a16ad |
| SHA1 | 968790acf0688c8a85e39b968875a51fb2fbec95 |
| SHA256 | fcba7a4215dc368ec8b262f4a27c06441fca8e3ff2038e77c5b8c1bd4c38a97c |
| SHA512 | ec2c2383226f153c786890df65f97295d1db4d764f380416eef9f579351582816ffd00131e6a123d3d5ff968814601a44340777a3bf6edc9b5fc6c80c5834c81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 88003bc12e03d0fd233542af5db4d2dc |
| SHA1 | c866a7a425b40279d6f4a0cc18321b34bb4ea828 |
| SHA256 | 9aa1c13e9641c2e214ba255fd8bfeef65372124ed6d509fc59a8d8958e3383e7 |
| SHA512 | a00971c2a8a8826941024ef65a5a50f1470fe07f167bd923475ac383990c3d86f57f5a5038d0d0a8f3d252cc713962c61a9bfff433b5c760696e62d9a6547286 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\50bfd696-4fb9-4e87-ad0d-289b5c5054a5.tmp
| MD5 | 2dff7c8835db1b4dfa8bbfece55ce6af |
| SHA1 | 25f34ccc98b249fcbf8eb5be0fdc61167e4992bc |
| SHA256 | 267f651b828a665f046723dde0fa0b7edca7d454e90e3c54ac12ac8164e59ebf |
| SHA512 | 49e4560e8e9c915952235ae3f163dbab6cfd58bd7f1e4d31f54bd7a53beaf38f09cb35a1073b86addfdbe0a467e0494ad4bb542744ce0da3d5ab2d42d9865d92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0caff18c0815857c9e8119aefd3fc4c8 |
| SHA1 | 935680639cc74977010dff19f0f8b1e50a2604c8 |
| SHA256 | 4405672c433c72451956b5e35af58dea2f8a9671d75ffe64fe37b0b2a00bed82 |
| SHA512 | cd5c3d696914461d9f413d2374a8ed46e02ae26392a4485c47410bd9052b742143306f479c51ba367cd6add52043aab933e1e6d96c4fb0ea53fadaf98768336a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 55e0a4852575b704277323ea11e85ab6 |
| SHA1 | b31f2c2f4cf11b062488d44438eac2883ebb79f2 |
| SHA256 | 4db3ce9cd63a41a94123f9e12a1c757e5720ffac856e30fd36bcc44d99e2f3ae |
| SHA512 | 5b3836d3178e8ed30149a25af11994f9e234c08743482195cc87d074196f4345dbd5a4a5ba1b864c4bcc4bf8909a791648963697db57314e1d1070c02cdd387e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | d80b9bbe3a4fa401aa6a6991c6de544b |
| SHA1 | c9199ac54b5d7e2e694a4bfcc87e26ad67b1079d |
| SHA256 | a15ff5c1fb89e8b61397219193ce78369f99ce70986b1c24d357f93ec77ec4b2 |
| SHA512 | 9c7ec7a6517c7982244201567f28e1eb72b440b82c2b426b8789824fb93f4c6cbccd5bd563792d76d8d95d50f6e3693ca8ef28f3f944ac46dbeaa2d3da9d047c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 17931a27b0f913fc448346b1f709e4f2 |
| SHA1 | d26a296b8eac591d7ea89dd3ccad59da9dad9605 |
| SHA256 | e04a87869e93675a4d9556dced851fed7a5e704907ee5bca33cb261d7bc6a1bb |
| SHA512 | 51aba23d4c387f88f80bd1edd24b83ffa467f7bee178e642a3020129c085dc4cf13bf50fb85b3e0a6a86016f60142c8c2b884020a73b1c5c2ba1a9661c9c9434 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 50e498f8c65c9b905d04288018a47840 |
| SHA1 | a148a61183d3cd3d15d3ce56af6c16d0dc4d1700 |
| SHA256 | 9848f5c1fc710102100a80cd2af78c36773832ebaec59618b89cc9c66360ad14 |
| SHA512 | aa1a9f5efef0c558d756bf8fccef9474d203540cb9cb1fbdd0aedd2242e9eccb0ae17682f44a61d63c6172550dd9dbc76f90ad284e461fb65c7a28d64c876067 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\15d69f3b-5fc3-45af-9641-313c908de49c\index-dir\the-real-index
| MD5 | 051f29fcd4dc8063483e3d5c71317aa4 |
| SHA1 | c0396c0e571ce1a401a121a928e8acba0e58ac76 |
| SHA256 | 6c0c0e27dc3c660a19f9e80c4d99a4f53f9aa82a70492ec695920981c66664cd |
| SHA512 | 9429c745981bd6ebdb831329f48dff3c480d23682b4a9b668cea414f761e1cb6c316e7a6b10ddd755d649621f57c77b80b0c99a6adfbc6c6bc8982d06eaaf215 |
C:\Users\Admin\AppData\Local\Temp\49866a1d-0ee9-46de-9ba2-9d032a72f464.tmp
| MD5 | f4ede4a1358506bd0e2b11078a500915 |
| SHA1 | 2be5b0df38a450df89a5c80dfd9ef6aebdb99d6c |
| SHA256 | 9cca480e3fa5e8cddffe5674b151640d93571f98da0a2401e3289b6169789d1a |
| SHA512 | cad7e147fc61d4f3ca39457f359d8876e78e9a845733b06ddda6b261bb4e849661b0227248812dc5a2d30bfbf8d44d685dde2cc3a6be09337072887afce8c0a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cf2e2df9c6b7b1b6b8891f998be371c6 |
| SHA1 | 48dc8dbbf2af227fbf1eab807210196a98bb123e |
| SHA256 | 5f44e68150fe93352e2d894675364b3a43cdeba3ffbd1e35c4d35d7ff81eb5f3 |
| SHA512 | 15b08ae792d9da6c4c226b73655aee36674b7434169d4e73ffbeb91b3a8086d5eeaab49d955911c473c907b8dd0152ca43aa99024aaf419f8489447a95b1e68e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1d7848ea4bea1416b3a2f59bf8d479c2 |
| SHA1 | 5d1ee83249a66ac2b92f1e0ae08713bf2da7961c |
| SHA256 | 5bfaa6053700b659ee270d3ed31bb2436bc7e785ba895d787f670e23688edb6a |
| SHA512 | 49df439f28ab9b3eea29b2aa953a460636b84b69c2f022106a3115b7796c90b32f718d3d5f8761e7ae59774eb92f4577dd05981f9a599102b2a87ce3e8849116 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c56326a7b3226fc770fa24c84aea75af |
| SHA1 | 60fba41df210be2505ace602bbbeaea5f5a3f392 |
| SHA256 | 2195909f358d6afba67483bd753495dd87f63238cde2edfd02bfdaaff65d7a4c |
| SHA512 | 22a893cfd7504e4e684eb38d2695b895053757a1f81fed17f2a5a3b5a404ea571d382fceb78a7bf27bcf21dd32d46b21e6d2ad5940cd349a3d6042dfca1e3571 |
C:\Users\Admin\AppData\Local\Temp\syncopator.gif
| MD5 | aca982c5178837a4175c060f5cc3f629 |
| SHA1 | 78be2115e72a7cbc4912649dbcf5fdeaabfa39f1 |
| SHA256 | 0fba7825be895eb1f1ef99653c86ac36a59369ab628513ebf0149250836798a2 |
| SHA512 | 94bf147dba900090ee753b6639aed5174668c45f282fdcdd8cac0547fa4150a4364f43a582d5780a5e71e20d465336aeb745882dec032692f83ebceb7782088f |
C:\Users\Admin\AppData\Local\Temp\WebUI.dll
| MD5 | 3466b1db2f18f460d0355554ee408275 |
| SHA1 | 13cc9203b7161d4714ceb27f7110e66f80058360 |
| SHA256 | 2e20a077ab2deb869d9bb2ad0569014f3d6e12c53dbce37f88d83b04f774bd66 |
| SHA512 | e018356e86e613fce0a18e20ccc7a19ca9765089596aa496d154896f1faa652f25fc017908658deab6aad6f16c36c8a9265de4bc6332aaa2309cb832a3fc67d1 |
C:\Users\Admin\AppData\Roaming\readerwizard\cotise.dwg
| MD5 | 24049b25f1a168dfe24898912052b1e1 |
| SHA1 | a0874a84bad691e52713a2ea4b05a1d8193f145b |
| SHA256 | 836cbae2921810f37db00ac96bb32d853e07014d39f55d80446246acb879d458 |
| SHA512 | ac3f9b76bc75b49eab50ab41dd3264ff02efd49aa32c322c464f13167ee09d66cacaf5dada0537f05db26a1bde723068f809d9b64f4f26b2e2a70b6f2d0362fd |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | bd4badb3f5bec50073b1a79d8178ea84 |
| SHA1 | 3729967bcd302586567b8111485f469b9b002045 |
| SHA256 | 30146f1f7f45c4edd7532e63402347ec698aed7049cbcb3118052ee2d636441a |
| SHA512 | a4805d05e40565d732897a7f72d57f34b3ba30691cea7e41c66f1b4aecf623c826f0780805e28946e6e7ca81bc2798997a18da93257ff960a505b979c54eba29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\index.txt
| MD5 | 2c6d36660171f244a2cbf4ac9d493df4 |
| SHA1 | a811dfce6f88f5353099e76bb805b5dd7d424551 |
| SHA256 | 444aaa298fa23322c544889549129abad8bb4ba00eb26baef51a2caf34a8e084 |
| SHA512 | d1feb7d7f38d1535d85e424f95cf0e9583ee920b713b573a0a0046a17bb3b2118bc6e9716334fb14a016f9ed5df40964e8d06dc596c8725b21d0c8ecbc0a2bc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\37cc1d9f-3c80-4f5a-a4c9-e4ad14bf21de\index-dir\the-real-index
| MD5 | ae2093323118951245cca54585b92d07 |
| SHA1 | 53d52ecfab5401007a27b163be0adb1ef49e766c |
| SHA256 | 72858bd861e63d4bc2f65b4d217d98f3692e6258f9a7ac91394efac577f0d3a4 |
| SHA512 | 2af23781f65061c1bb157baf5fcf98dfa9b13d1300c455a89cd7b928506340b37f178f95cbe365fb8da80ea355b007c096957c7dec7659124d7ad83904e848b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 1b6e81beee8f9cd6147d743ab8ba43fd |
| SHA1 | 10bf0eb361a839377b14ee90e55e166adbacd0ac |
| SHA256 | c0f7f488990018c268a3d6c94f933b7c51f492056cf388a37858d803a5ee8bd7 |
| SHA512 | 97eb700bec829f3375ded56d50e77aeffe05c6539de6e9cb8df5e261cfaed1f0abe359904a080518e5b32402d3f4872f2e0fe2fcf4b254d3367a9c3499a6ed8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 49f9d3a5d639a7894179063367292280 |
| SHA1 | 579ff4f365dd0c273f8ddf350778d2995388bb4b |
| SHA256 | 0fe654bc4b5d15e8b4b99691f913e0002324e5cab3ce2d14f41c2c0db5e8d7c9 |
| SHA512 | 4192275b9f7e67faf144e01a4faf601c19aab1c4d59a48519d9c9525a66259be5447816ef8a58613d6f37ec90a9fb3973bd7cc7645bae5c23cb15f447993f3b2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 59ce80151bcabac985b546b8d458bba2 |
| SHA1 | acb34a42c0ceded106de85709a7cd13852f9b2cc |
| SHA256 | 90a406dd3bd07c5851cb276d11ef7416100aac45478ddee0bfa3548a5faec038 |
| SHA512 | b8cf64c089175d1a90062a96d6922792fce72ef0ff6593f2d9e4a0d3816533a01d5904052092e49a5d29ed80811b37c6b32b39f2f554daadb29b92006ed15f0a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 3fc12846c053994b834eddfcb93363aa |
| SHA1 | b69cd25efacf4f2b97ab3d85fdabf7c41872e96a |
| SHA256 | 9bcb4814ab096c6d3c137ac14dc5f701d9f17080ca7c8f1c35e38ac83c9c250f |
| SHA512 | 3026665dc28b23c0565f9486d7bc1cac819c1126f8cb2a83202f77015b901b1192e87494d160977f70a11da75fb29e029b9cd4b26d0d866d0b04c05015069ba2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f419cae3f27d8b2505fe29f368003aa5 |
| SHA1 | 9efafe5a54bb5978473648382aedf126636d1116 |
| SHA256 | 0f50d7d7063c8b5bcd0d5e7e5825ba4c31661644a41bfc3c213f2bc0e05fdcdc |
| SHA512 | 00b3b5907fd53c203eac249d06be99df0fe96ad2ecda27998a00162ae21f542ed45ae585b5f5ec6eafdf4c9b29a3d537d0aa2f766f8496e473b424b14e88b5af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\37cc1d9f-3c80-4f5a-a4c9-e4ad14bf21de\index-dir\the-real-index
| MD5 | 28c7a3817c9a016e51f51119b2e8918a |
| SHA1 | 1189488753ec21592bbe8db1ab58515c650680b1 |
| SHA256 | 5df7888616af10139ce8caec0536c4eb6cec36d51228f3c9e8c0d202a868665c |
| SHA512 | 96ae6571bf6fbcc169edb4d57328f4b4ab3f90895524371ea511d16ab6e474dd6b6441b76874756c79ea0f5d04aebcc4eef9a77db433918731d91ce43addde08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8804acca-2cb7-4bcc-b823-950f0fb8d878\index-dir\the-real-index
| MD5 | ae5a4dcb92352df17cf2aaf1cb06c5d4 |
| SHA1 | 0252a44be8970c7aae3dca42bcb96b5e5a5d16d8 |
| SHA256 | fbb5ecc63af3432ae178bb0e855460cad0eda85aa4e5e61ad1e796bf38abe253 |
| SHA512 | af95df66197b7ea3a20f5367baa0c6cb071725d436a726f1ec28eb18557e47c0ba23f47f7b53b335a87be0a6765c781a1a801998d2307102cbc0252358bb3e74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 726334cda947eb04fa75aed9a4249765 |
| SHA1 | 16065827655c2aff09b336bacd480daf447c768f |
| SHA256 | 1f9a1cafa619437d8a5520019fb4658b71dc6206eba19d2c85deb8c74a40b818 |
| SHA512 | 798b18cdfc2c879af6fd28ee7f332a3603df95138436cd7199bf5b54833cf770518041e3015ac21008b789a722394820556c0525bfca9248555ca5683d1e4e17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 4493bfd86806e9877a3c5367c164dea7 |
| SHA1 | 7a51790d942a2e8b2fc9d83ef261833a73e0971d |
| SHA256 | d68e5a8eccc1f1591bf1f158c2ff37b09cd96be1aca91df83931c0f0c5a93f75 |
| SHA512 | 1d8f02716755ffaef459e431907a42e6cfab4646ec1ae42a21ddd68bb00c60e66d3f680dda2df2a5c37eca56d05c1d5a67889e98537a8b476e56b044a2dce999 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 78653677a51888bdd6a6f3b20fe354a6 |
| SHA1 | 4805a2bee67a81e455e69f986acdb9ad3da0629c |
| SHA256 | eebff54e2fe6332c070af421a6c4a6303623f6f9fa9a31fd1443a2e5e23330d7 |
| SHA512 | 192ec669ebfb5130870a983ea5fb537cda30744ffc05c751c2f5c1d11f4f47d42a57e5917cc3bf7d7aa26c08335372d716d2faf782d1918ef8f11186ad39a641 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000021.log
| MD5 | 50bde034e8c38c3e3e58ef4c97e400c5 |
| SHA1 | 552484c73ce2c0a5aa070203247335309391c8d2 |
| SHA256 | 3fdb37228324d475882a877e5c5e6b520954b78febab4fe7e4f230f83c0ec151 |
| SHA512 | 54a7085be4aa0e11679dc1e3946cbcff6c573aa3afcc3bd4971f8f23134b8c9bdb2969c1de244099dfa875a63ac787359d2c087d5c9545c8771fc288e2dc1cf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG
| MD5 | 2290b4ae198fc9c8b4c75b4c571dc79b |
| SHA1 | f80e3130b74b6279e6d00231ce7b074aa4296d69 |
| SHA256 | 4701855e1f61142a6272de2fe9ad924cbf0e58c86f63550b246cb50f53e1003f |
| SHA512 | 891542983a6b78665f7feab5ff6deb81944f105c48be987a5b8545e1e1e4d726d1587cd5054f86b7df87761c2d98b4f2991aa7a8d9410aa8c505d706f401398e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2170d79c728c8e7a5f6823ebced61305 |
| SHA1 | 3a4c5f8bd4f6254bdcbdbdc3d54455887d4d3745 |
| SHA256 | d405345b577d0dcc44e0e63af520f14191e073f869cde8605357387d273f1fdc |
| SHA512 | 153605e603cd0c12dc84b11356328a3d84742bb023f1c33eb2e8de76b8dca87a7a1fbc221d4002f60190a3ed7ace022c32690c848900b077eba2f382f4ef3f54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | ef6e5b43d7bf7c542d97de6ec8adf104 |
| SHA1 | d9fc57503c146850117ca8b3284b0078480889a3 |
| SHA256 | 9bcc48c55075f6911f79b403c81b50e8e07dc969cba6b2985cd5afe2aa1e1547 |
| SHA512 | 39f48a55135f5bf5d0c897b83df59f746ccfd613b31b67a3cd65e0a065565657be8739038d5d62ee462664feae718e9258e122612dbfbfbcc851a78e4708c9ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
| MD5 | 5ac2f568c3fcc81cdba247c49f782fca |
| SHA1 | 7247f19739c819e11acf8790a8cfc9f9638b27ed |
| SHA256 | d25aee83d6183299b1d8d010f3cbf7ca823d4d0466351f0cbd0dddf666761f96 |
| SHA512 | 1d532b31744a68eb44a7e365179639a0be0db31ac7249e80140b4ae6a82eb834a0e29db9a9092328f1147615020a6ed25b9bd8991c54c312c3e087f1229e2e74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 93f02522c3565a5d47488aaf2b996e63 |
| SHA1 | 5262051046b9f56b71fff5dbfb1a371e53f43c61 |
| SHA256 | 156f6c6c5ae17c3262d68e5bd666e395abc3e3e2bff5339cbb20edb135468f69 |
| SHA512 | 801bca27f2f7fbb59cbbf81e42abc8fcdffd857ea6498d23c7e3ef2398fbd7150a9e38001dbc61464f74871255fbbde14906f202f4e95062adce18d670354e74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000214
| MD5 | ddf9e6b63630bc36d67d1253a926ee48 |
| SHA1 | 63d5e02dbb16b05885c20dee9541bbc6f939eee5 |
| SHA256 | 228220fb6aa57f32c5901e60f1a2e17ebae1a6d411ac4c33259cfc870070ca61 |
| SHA512 | c71a5d5b8c56f7990e70cd0e91f7dab1adf8be7173ff192f566ba5da2cc4bc7e9cf3f5382e9b64dae63b3ec66d2186e17f6ecaeab864152bf33faf9a90578d41 |
C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt
| MD5 | 4c374e94f33fa1cb3d08f10289dec81c |
| SHA1 | d4ea42d34ca71c0ce3d0fc54d3ab3f0adc5c80af |
| SHA256 | 7e59d35630d427f4f21d48b39df5e2a02180056e8615755234b28f6256864d02 |
| SHA512 | 7922eeac7538e0df3ded52cfffce4af0cae0e03cfadfec7b34931248a5f216eb31866b0a79b19a84ff37141c1d039f3711d62d2ab25ef4af5d115e2e038dab9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 02b2a101977eb0663524d604b54ebe11 |
| SHA1 | 7ce44d4512ec4cf429cc97ddb6693d6816f9ef5c |
| SHA256 | f313335afc1792d8a45552bd04d68dfd42ae02a706e7599ea0c66e593f39396c |
| SHA512 | d6badd806fcec47cd9a6856a16ec5b158e8e1d4fdf51b6a8f620f28e581a0804c147120b626f452a036c4faeb6cd60160c2c516d625a7d4cfce99220ac9c8a02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000227
| MD5 | ed73834cc74913fcb1da866d31851aba |
| SHA1 | 5caf803048b5f65cfeff95fd9c59fb2c776ed2dd |
| SHA256 | 18dea76f200b9c636a8239e1a08c7399e47295def1aa42ac95665234e069a7e8 |
| SHA512 | 110b7511313f263b7ee3767f75cc524fc4155543847c2dc6ce8680a33244038d6534c22262cbd63dbd64043204709f499275d327896ed3c824140c747d38c41e |
C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt
| MD5 | f4ace4a56b2fd4f6d95a72537563bcf6 |
| SHA1 | a2d943e838ce95c402b882c0f321addebd5cd836 |
| SHA256 | 1415ba64c6538d5c5e1c1de18a13394e2cdd1c9df29ac32924c80521225a83f9 |
| SHA512 | 76c665299b7121e93c740143718f729437d4ee4592db0cbdb295e0600213264afa1ee9207821862d60e52e1edf6ed41fcdeacd449a5605add96cb33bcbd9d2c5 |