Malware Analysis Report

2024-11-16 12:47

Sample ID 240810-bt7kkatbpc
Target https://steamsunlocked.org/geometry-dash/
Tags
cobaltstrike lumma backdoor discovery evasion execution exploit persistence privilege_escalation spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://steamsunlocked.org/geometry-dash/ was found to be: Known bad.

Malicious Activity Summary

cobaltstrike lumma backdoor discovery evasion execution exploit persistence privilege_escalation spyware stealer trojan

Lumma Stealer, LummaC

Cobaltstrike

Contains code to disable Windows Defender

Cobalt Strike reflective loader

Drops file in Drivers directory

Possible privilege escalation attempt

Creates new service(s)

Downloads MZ/PE file

Manipulates Digital Signatures

Checks BIOS information in registry

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Reads user/profile data of web browsers

Modifies file permissions

Executes dropped EXE

Checks computer location settings

Checks installed software on the system

Enumerates connected drives

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Modifies powershell logging option

Suspicious use of SetThreadContext

AutoIT Executable

Drops file in System32 directory

Checks system information in the registry

Drops file in Program Files directory

Drops file in Windows directory

Launches sc.exe

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Modifies system certificate store

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Suspicious behavior: LoadsDriver

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Runs net.exe

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-10 01:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-10 01:27

Reported

2024-08-10 01:57

Platform

win10v2004-20240802-en

Max time kernel

1800s

Max time network

1785s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamsunlocked.org/geometry-dash/

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Lumma Stealer, LummaC

stealer lumma

Creates new service(s)

persistence execution

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\rsCamFilter020502.sys C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsKernelEngine.sys C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File opened for modification C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\FuncName = "WVTAsn1SpcLinkEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverCleanupPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustFinalPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.3\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\FuncName = "WVTAsn1SpcStatementTypeEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.2\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2012\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp420790338\installer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
N/A N/A \??\c:\program files\reasonlabs\EPP\ui\EPP.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\program files\reasonlabs\epp\rsLitmus.A.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\motw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe N/A
N/A N/A C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\motw.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Program Files\McAfee\Temp420790338\installer.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\rundll32.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Modifies powershell logging option

evasion

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_72BCADB7EE100ECA692C6EC1A866B75B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_E3A0B2E345AA9F5A174687564C886046 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\439F613B3D55693954E1B080DE3085B4_C4927E03400A4F6EDB9D613E6354F864 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0E663C78920A8217B4CBE3D45E3E6236_A0860A3E34061BC810010D272A66BEF4 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1D627669EFC8CD4F21BCF387D97F9B5_61D1EDDE6329614DE52DDB7C8BCE0380 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\48B35517638A85CA46010B026C2B955A_0E2607AD9B9E618A16D313BC98EDE832 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D39788B13702052FB3F54D33DA23D999 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFEAE42B75BFF187FD82F1175ED61E4E_FBD4B93BAA2ADCDDAD1BF4FBA8787C37 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_FD0723D657636FF4074BCCACA38E92A5 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFEAE42B75BFF187FD82F1175ED61E4E_FBD4B93BAA2ADCDDAD1BF4FBA8787C37 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_C4753E70B0D639C80CB575487E8A02AC C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3D0AC26322348780E90E022EA217C58C C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FA C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFEAE42B75BFF187FD82F1175ED61E4E_081E0B09A14B1AFCE072B9E6A8B95754 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_72BCADB7EE100ECA692C6EC1A866B75B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_C4753E70B0D639C80CB575487E8A02AC C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\439F613B3D55693954E1B080DE3085B4_C4927E03400A4F6EDB9D613E6354F864 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0E663C78920A8217B4CBE3D45E3E6236_A0860A3E34061BC810010D272A66BEF4 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_0A36A03C09DCEEA388C024E3D20B14B7 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0FD7C8CB35A5508C225BD37696B3744C C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5F26A2159BA21EA573A1C5E3DE2CF211_E3375A509D9058F6A8FFB74D3B4E6F77 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A3D5BF1283C2E63D8C8A8C72F0051F5A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1D627669EFC8CD4F21BCF387D97F9B5_61D1EDDE6329614DE52DDB7C8BCE0380 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_0A36A03C09DCEEA388C024E3D20B14B7 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5F26A2159BA21EA573A1C5E3DE2CF211_E3375A509D9058F6A8FFB74D3B4E6F77 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_9040490E275779DE86373A998E4711FB C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_78D45C4E3E3526FF7881218652651E16 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D39788B13702052FB3F54D33DA23D999 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0972B7C417F696E06E186AEB26286F01_30B4D916E12169D9CB0BC7A11DE46EA6 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3D0AC26322348780E90E022EA217C58C C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0FD7C8CB35A5508C225BD37696B3744C C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_E3A0B2E345AA9F5A174687564C886046 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\206932163209AD483A44477E28192474 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_C4502B2ED7ABD16FF1FA41F55DB2B363 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_022B2B3B07D70EA5A73F2579070A87A5 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_686A447EF0220EBC1D36EF897F31F606 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0972B7C417F696E06E186AEB26286F01_30B4D916E12169D9CB0BC7A11DE46EA6 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_9040490E275779DE86373A998E4711FB C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 10844 set thread context of 6324 N/A C:\Users\Admin\AppData\Local\Temp\motw.exe C:\Windows\SysWOW64\more.com
PID 9720 set thread context of 4988 N/A C:\Users\Admin\AppData\Local\Temp\motw.exe C:\Windows\SysWOW64\more.com

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-it-IT.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\eventsupplied.luc C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Primitives.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor.json C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-risk.png C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-CA.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\facebook.png C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Threading.Overlapped.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\x64\rsYara-x64.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp420790338\jslang\wa-res-shared-fr-CA.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-zh-TW.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Net.NetworkInformation.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.Primitives.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-hu-HU.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pt-PT.pak C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\config_manager.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Text.Encoding.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\ldplayer9box\SUPInstall.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\tstPDMAsyncCompletion.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\resource.dll C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ko-KR.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\te.pak C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sk-SK.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\ldplayer9box\platforms\qoffscreen.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\vccorlib140.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon.png C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\el.pak C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sr.pak C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.Writer.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Security.SecureString.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-sysinfo-l1-1-0.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp420790338\jslang\wa-res-shared-fr-FR.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-tr-TR.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-en-US.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\settingmanager.dll C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\aviary_client.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\transport_ga.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.FastSerialization.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Runtime.InteropServices.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-toasts.html C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-de-DE.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-FR.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ko.pak C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\arm64\lz4_arm64.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-mwb-checklist.html C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\samrecoverable.luc C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpstrial.luc C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-el-GR.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\simplewmiquery.luc C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\Temp420790338\jslang\wa-res-shared-sr-Latn-CS.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-tr-TR.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.html C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.ComponentModel.Primitives.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-zh-TW.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fi-FI.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\mr.pak C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hu-HU.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\rest_transport.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File opened for modification C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sk-SK.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-TW.js C:\Program Files\McAfee\Temp420790338\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Xml.XmlSerializer.dll C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\SearchIndexer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\motw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\motw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\more.com N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\dism.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\more.com N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\SearchIndexer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\LDPlayer\LDPlayer9\driverconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key opened \Registry\Machine\Hardware\Description\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" F:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\McAfee\WebAdvisor\updater.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CF37-453B-9289-3B0F521CAF27}\ = "IStateChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8690-11E9-B83D-5719E53CF1DE} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\NumMethods\ = "30" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-800A-40F8-87A6-170D02249A55}\NumMethods\ = "21" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7006-40D4-B339-472EE3801844}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6}\ = "IAppliance" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CC7B-431B-98B2-951FDA8EAB89}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\ = "IFormValue" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-b4a4-44ce-85a8-127ac5eb59dc} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7997-4595-A731-3A509DB604E5} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}\NumMethods\ = "18" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-659C-488B-835C-4ECA7AE71C6C}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AEDF-461C-BE2C-99E91BDAD8A1}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-04D0-4DB6-8D66-DC2F033120E1}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08a7-4c8f-910d-47aabd67253a} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\NumMethods\ = "13" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44A0-A470-BA20-27890B96DBA9}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\VersionIndependentProgID\ = "VirtualBox.VirtualBox" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\ = "IExtPackManager" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ = "IVBoxSVCRegistration" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F} C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F} C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\NumMethods\ = "31" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-800A-40F8-87A6-170D02249A55} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\ = "VirtualBox Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9641-4397-854A-040439D0114B}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\ = "IDHCPIndividualConfig" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\NumMethods\ = "17" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CurVer C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1A29-4A19-92CF-02285773F3B5}\NumMethods\ = "13" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\VERSION\ = "2.1" C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-a161-41f1-b583-4892f4a9d5d5} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\ = "IExtPackBase" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 1900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d9820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f1030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 5c0000000100000004000000000800001900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d98040000000100000010000000ebf59d290d61f9421f7cc2ba6de3150920000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 040000000100000010000000ebf59d290d61f9421f7cc2ba6de315090f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e81900000001000000100000004fca18b530ab2d3765b8830436884be620000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 0f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\fltmc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\motw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\motw.exe N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 6300 wrote to memory of 4128 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 6300 wrote to memory of 4128 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 6300 wrote to memory of 4128 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 6300 wrote to memory of 1716 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 6300 wrote to memory of 1716 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 6300 wrote to memory of 1716 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 6300 wrote to memory of 2472 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 6300 wrote to memory of 2472 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 6300 wrote to memory of 2472 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 6300 wrote to memory of 7204 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 6300 wrote to memory of 7204 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 6300 wrote to memory of 7204 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2540 wrote to memory of 7456 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe
PID 2540 wrote to memory of 7456 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe
PID 2540 wrote to memory of 7456 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe
PID 7456 wrote to memory of 7948 N/A C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe
PID 7456 wrote to memory of 7948 N/A C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe
PID 7948 wrote to memory of 8124 N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
PID 7948 wrote to memory of 8124 N/A C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
PID 6300 wrote to memory of 7376 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe F:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 6300 wrote to memory of 7376 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe F:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 6300 wrote to memory of 7376 N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe F:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 7256 wrote to memory of 7612 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
PID 7256 wrote to memory of 7612 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
PID 7612 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe C:\Program Files\McAfee\Temp420790338\installer.exe
PID 7612 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe C:\Program Files\McAfee\Temp420790338\installer.exe
PID 1716 wrote to memory of 7764 N/A C:\Program Files\McAfee\Temp420790338\installer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 1716 wrote to memory of 7764 N/A C:\Program Files\McAfee\Temp420790338\installer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 7764 wrote to memory of 9884 N/A C:\Windows\SYSTEM32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 7764 wrote to memory of 9884 N/A C:\Windows\SYSTEM32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 7764 wrote to memory of 9884 N/A C:\Windows\SYSTEM32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1716 wrote to memory of 10332 N/A C:\Program Files\McAfee\Temp420790338\installer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 1716 wrote to memory of 10332 N/A C:\Program Files\McAfee\Temp420790338\installer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 8748 wrote to memory of 8116 N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe C:\Program Files\McAfee\WebAdvisor\UIHost.exe
PID 8748 wrote to memory of 8116 N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe C:\Program Files\McAfee\WebAdvisor\UIHost.exe
PID 8748 wrote to memory of 8496 N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe C:\Windows\system32\cmd.exe
PID 8748 wrote to memory of 8496 N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe C:\Windows\system32\cmd.exe
PID 7376 wrote to memory of 1448 N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 7376 wrote to memory of 1448 N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 7376 wrote to memory of 1448 N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 1448 wrote to memory of 9300 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 1448 wrote to memory of 9300 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 1448 wrote to memory of 9300 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 9300 wrote to memory of 9336 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 9300 wrote to memory of 9336 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 9300 wrote to memory of 9336 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1448 wrote to memory of 9364 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 9364 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 9364 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 9376 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 9376 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 9376 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 7304 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 7304 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 7304 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 9576 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 9576 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 9576 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 8884 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 8884 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 8884 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 8908 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 8908 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1448 wrote to memory of 8908 N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamsunlocked.org/geometry-dash/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4820,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4064,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5392,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5548,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5560,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6020,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6200,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6116,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6956,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6868,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=7156,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=7212,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6960,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=7028,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=6588,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=7388,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7840,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --field-trial-handle=7112,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6772,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=7012,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8176 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3a4 0x418

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=8416,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=8404,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=8772,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=9044,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9016 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap15583:134:7zEvent29951

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7828,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=6800,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --field-trial-handle=5928,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=8920,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --field-trial-handle=8460,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --field-trial-handle=8604,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --field-trial-handle=9224,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --field-trial-handle=5664,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --field-trial-handle=9460,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --field-trial-handle=9480,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --field-trial-handle=9512,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --field-trial-handle=8784,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --field-trial-handle=8852,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --field-trial-handle=9408,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --field-trial-handle=5916,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --field-trial-handle=5712,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --field-trial-handle=7848,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --field-trial-handle=5724,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --field-trial-handle=5640,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --field-trial-handle=8548,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --field-trial-handle=10000,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --field-trial-handle=10068,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --field-trial-handle=10300,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --field-trial-handle=10448,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --field-trial-handle=10664,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --field-trial-handle=10900,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --field-trial-handle=10660,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --field-trial-handle=11172,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --field-trial-handle=11296,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --field-trial-handle=11160,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --field-trial-handle=10124,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --field-trial-handle=10128,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --field-trial-handle=10672,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=8944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --field-trial-handle=11096,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --field-trial-handle=11712,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --field-trial-handle=9564,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --field-trial-handle=9288,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --field-trial-handle=11308,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --field-trial-handle=10272,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --field-trial-handle=10976,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --field-trial-handle=10988,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --field-trial-handle=10720,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --field-trial-handle=10652,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --field-trial-handle=10052,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --field-trial-handle=11728,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --field-trial-handle=11952,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --field-trial-handle=12020,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --field-trial-handle=12112,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --field-trial-handle=5748,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=11548,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=11548,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --field-trial-handle=10960,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --field-trial-handle=9924,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --field-trial-handle=11348,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --field-trial-handle=11220,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --field-trial-handle=9788,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --field-trial-handle=9492,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --field-trial-handle=5692,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --field-trial-handle=9544,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --field-trial-handle=5652,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --field-trial-handle=9636,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --field-trial-handle=10328,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --field-trial-handle=10776,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --field-trial-handle=10288,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --field-trial-handle=11476,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --field-trial-handle=11748,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=11088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --field-trial-handle=11936,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --field-trial-handle=11288,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --field-trial-handle=8368,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=12908,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --field-trial-handle=12872,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --field-trial-handle=12612,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --field-trial-handle=8612,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --field-trial-handle=12548,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --field-trial-handle=13300,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --field-trial-handle=13520,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=13760,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=13760,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13732 /prefetch:8

C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --field-trial-handle=12740,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=9688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=13792,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=12752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --field-trial-handle=13400,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=13504,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=119 --field-trial-handle=12856,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=12708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=120 --field-trial-handle=12712,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=14040,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=122 --field-trial-handle=12696,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=123 --field-trial-handle=14076,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=13904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=124 --field-trial-handle=14072,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10340 /prefetch:1

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayerex.exe /T

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=0589f1d54215f45872e7673c79088a61078a4756&dit=20240810013132391&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM bugreport.exe /T

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

F:\LDPlayer\LDPlayer9\LDPlayer.exe

"F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="F:\LDPlayer\LDPlayer9\"

C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe

"C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe" /silent

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe

.\UnifiedStub-installer.exe /silent

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp420790338\installer.exe

"C:\Program Files\McAfee\Temp420790338\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

F:\LDPlayer\LDPlayer9\dnrepairer.exe

"F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=459512

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\2EA345F1-071C-4E28-8767-9EBEA8F37231\dismhost.exe {E825BD28-D9B6-4747-98EE-BA8D66822299}

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=125 --field-trial-handle=7096,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=126 --field-trial-handle=12900,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=10196 /prefetch:1

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml

C:\Windows\SYSTEM32\fltmc.exe

"fltmc.exe" load rsKernelEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\elam\evntdrv.xml

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"

F:\LDPlayer\LDPlayer9\driverconfig.exe

"F:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x23c,0x240,0x244,0x238,0x2b0,0x7ff850dfd198,0x7ff850dfd1a4,0x7ff850dfd1b0

\??\c:\program files\reasonlabs\epp\rsHelper.exe

"c:\program files\reasonlabs\epp\rsHelper.exe"

\??\c:\program files\reasonlabs\EPP\ui\EPP.exe

"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2756,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=2752 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1852,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=2844 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2168,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=2960 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4364,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=4704,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=4736,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4772 /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1668 --field-trial-handle=1672,i,8694624105957429801,7709914417783673692,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2096 --field-trial-handle=1672,i,8694624105957429801,7709914417783673692,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1672,i,8694624105957429801,7709914417783673692,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5112,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5100,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5156,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:1

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\program files\reasonlabs\epp\rsLitmus.A.exe

"C:\program files\reasonlabs\epp\rsLitmus.A.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5596,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:1

F:\LDPlayer\LDPlayer9\dnplayer.exe

"F:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.robtopx.geometryjump|package=com.robtopx.geometryjump

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5880,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --field-trial-handle=6172,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6180,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=564,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6368,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:8

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6344,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3372 --field-trial-handle=1672,i,8694624105957429801,7709914417783673692,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6780,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6804 /prefetch:8

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6780,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6804 /prefetch:8

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6928,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=7124,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6488,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7180,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5432,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7264,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5812,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7444,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7336,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7600,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --field-trial-handle=7360,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --field-trial-handle=8060,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8092,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=1220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=7304,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5244,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6964,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7324,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=8656,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7224,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7540,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --field-trial-handle=8084,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=7216,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2916 --field-trial-handle=1672,i,8694624105957429801,7709914417783673692,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8896,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8904,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8952,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8468,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4792,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=8856,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7188,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8392,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=5104,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8940,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=4296,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=7756,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7516,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=8960,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=4972,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:1

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_SetapFiles1_enX64+instructions.zip\Read me before you start.txt

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\" -ad -an -ai#7zMap17105:122:7zEvent27093

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4768,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4768,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --field-trial-handle=7284,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4756 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\" -an -ai#7zMap28873:152:7zEvent25919

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=2632,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7804,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4220 /prefetch:1

C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe

"C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\motw.exe

"C:\Users\Admin\AppData\Local\Temp\motw.exe"

C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe

C:\Users\Admin\AppData\Roaming\readerwizard\GHZNXOBPZJOKUCF\StrCmp.exe

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe

"C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\motw.exe

"C:\Users\Admin\AppData\Local\Temp\motw.exe"

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SetapFiles1_enX64+instructions\Setap-FilesX86\" -ad -an -ai#7zMap26211:152:7zEvent31114

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3a4 0x418

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=8668,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=5448,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=7144,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=4752,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=4832,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=7428,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=8832,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=9088,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=4196,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=7728,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4032,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=4908,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4948,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=3788,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=7556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=9072,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=4824,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=8204,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=8736,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=9028,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=9120,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=8500,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=9256,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=9564,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=3748,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=8956,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=9764,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=9444,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=6080,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=4236,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8244 /prefetch:1

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=9300,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=9116,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=5008,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=9952,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=9864,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=9944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=9040,i,3008936200572757493,8730414996289708154,262144 --variations-seed-version --mojo-platform-channel-handle=8872 /prefetch:8

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 steamsunlocked.org udp
US 8.8.8.8:53 steamsunlocked.org udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 steamsunlocked.org udp
US 104.21.75.164:443 steamsunlocked.org udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.46.73.244:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 92.123.140.42:443 bzib.nelreports.net tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 164.75.21.104.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 244.73.46.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
GB 92.123.142.130:443 www.bing.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 steamsunlocked.org udp
US 8.8.8.8:53 steamsunlocked.org udp
US 8.8.8.8:53 42.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 130.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 steamsunlocked.org udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 97.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 wq24-1.g-site.site udp
US 8.8.8.8:53 wq24-1.g-site.site udp
US 8.8.8.8:53 wq24-1.g-site.site udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 wq24-1.g-site.site udp
NL 37.48.90.246:443 wq24-1.g-site.site tcp
NL 37.48.90.246:443 wq24-1.g-site.site tcp
US 8.8.8.8:53 246.90.48.37.in-addr.arpa udp
US 8.8.8.8:53 wq24-1.g-site.store udp
US 8.8.8.8:53 wq24-1.g-site.store udp
US 8.8.8.8:53 wq24-1.g-site.store udp
US 8.8.8.8:53 wq24-1.g-site.site udp
NL 37.48.90.246:443 wq24-1.g-site.site tcp
NL 37.48.90.246:443 wq24-1.g-site.site tcp
US 8.8.8.8:53 safesystemfile3.site udp
US 8.8.8.8:53 safesystemfile3.site udp
US 8.8.8.8:53 safesystemfile3.site udp
US 8.8.8.8:53 wq24-1.g-site.store udp
US 8.8.8.8:53 safesystemfile3.site udp
US 8.8.8.8:53 safesystemfile3.site udp
US 8.8.8.8:53 safesystemfile3.site udp
NL 37.48.90.246:443 safesystemfile3.site tcp
NL 37.48.90.246:443 safesystemfile3.site tcp
US 8.8.8.8:53 download-rarfree.com udp
US 8.8.8.8:53 download-rarfree.com udp
US 8.8.8.8:53 download-rarfree.com udp
US 104.21.62.229:443 download-rarfree.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.66.137:443 code.jquery.com tcp
US 8.8.8.8:53 mtmoweb.website udp
US 8.8.8.8:53 mtmoweb.website udp
NL 212.162.153.43:443 mtmoweb.website tcp
US 151.101.66.137:443 code.jquery.com tcp
US 8.8.8.8:53 229.62.21.104.in-addr.arpa udp
US 8.8.8.8:53 wq24-1.g-site.site udp
NL 37.48.90.246:443 safesystemfile3.site tcp
US 8.8.8.8:53 43.153.162.212.in-addr.arpa udp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 wq24-1.g-site.site udp
US 8.8.8.8:53 wq24-1.g-site.store udp
US 8.8.8.8:53 wq24-1.g-site.site udp
NL 37.48.90.246:443 wq24-1.g-site.site tcp
US 8.8.8.8:53 safesystemfile3.site udp
US 8.8.8.8:53 wq24-1.g-site.store udp
NL 37.48.90.246:443 wq24-1.g-site.store tcp
US 8.8.8.8:53 download-rarfree.com udp
US 8.8.8.8:53 nleditor.osi.office.net udp
US 8.8.8.8:53 nleditor.osi.office.net udp
GB 52.109.32.46:443 nleditor.osi.office.net tcp
US 8.8.8.8:53 46.32.109.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.11:443 g.api.mega.co.nz tcp
LU 66.203.125.11:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 37.124.203.66.in-addr.arpa udp
LU 66.203.125.11:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 11.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 postnav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 postnav-edge.smartscreen.microsoft.com udp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
GB 51.11.108.188:443 postnav-edge.smartscreen.microsoft.com tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 xpaycdn.azureedge.net udp
US 8.8.8.8:53 xpaycdn.azureedge.net udp
US 13.107.246.64:443 xpaycdn.azureedge.net tcp
US 13.107.246.64:443 xpaycdn.azureedge.net tcp
US 13.107.246.64:443 xpaycdn.azureedge.net tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 13.107.246.64:443 xpaycdn.azureedge.net tcp
US 8.8.8.8:53 gfs214n104.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs214n104.userstorage.mega.co.nz udp
ES 185.206.27.14:443 gfs214n104.userstorage.mega.co.nz tcp
ES 185.206.27.14:443 gfs214n104.userstorage.mega.co.nz tcp
ES 185.206.27.14:443 gfs214n104.userstorage.mega.co.nz tcp
ES 185.206.27.14:443 gfs214n104.userstorage.mega.co.nz tcp
ES 185.206.27.14:443 gfs214n104.userstorage.mega.co.nz tcp
US 8.8.8.8:53 14.27.206.185.in-addr.arpa udp
ES 185.206.27.14:443 gfs214n104.userstorage.mega.co.nz tcp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
GB 92.123.142.161:443 www.bing.com tcp
US 8.8.8.8:53 161.142.123.92.in-addr.arpa udp
US 104.21.75.164:443 steamsunlocked.org udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
GB 92.123.142.161:443 www.bing.com tcp
GB 92.123.142.161:443 www.bing.com tcp
GB 92.123.142.161:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
GB 92.123.142.130:443 r.bing.com tcp
GB 92.123.142.130:443 r.bing.com tcp
GB 92.123.142.112:443 th.bing.com tcp
GB 92.123.142.112:443 th.bing.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 112.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 bing.com udp
US 8.8.8.8:53 bing.com udp
US 204.79.197.200:443 bing.com tcp
GB 92.123.142.130:443 r.bing.com udp
GB 92.123.142.112:443 th.bing.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 173.222.211.41:443 aefd.nelreports.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.74:443 login.microsoftonline.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 41.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 13.107.21.237:443 c.bing.com tcp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 151.64.8.51.in-addr.arpa udp
GB 92.123.142.112:443 www.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 www.appcracy.com udp
US 8.8.8.8:53 www.appcracy.com udp
US 8.8.8.8:53 www.appcracy.com udp
US 172.66.42.235:443 www.appcracy.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 235.42.66.172.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
NL 142.251.39.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 204.79.197.237:443 bat.bing.com tcp
NL 142.250.179.196:443 www.google.com udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
NL 172.217.168.195:443 www.google.co.uk udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 195.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.appcracy.com udp
US 8.8.8.8:53 2b911d3e30aa659b73fe3791d7078b23.safeframe.googlesyndication.com udp
US 8.8.8.8:53 2b911d3e30aa659b73fe3791d7078b23.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.appcracy.com udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 142.250.179.193:443 2b911d3e30aa659b73fe3791d7078b23.safeframe.googlesyndication.com tcp
NL 142.250.179.193:443 2b911d3e30aa659b73fe3791d7078b23.safeframe.googlesyndication.com tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 193.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.appcracy.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.appcracy.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 129.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 151.101.193.91:443 geometry-dash.en.softonic.com tcp
US 151.101.193.91:443 geometry-dash.en.softonic.com tcp
US 151.101.193.91:443 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 199.232.209.91:443 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
GB 13.224.222.58:443 sdk.privacy-center.org tcp
US 151.101.129.91:443 images.sftcdn.net tcp
US 151.101.129.91:443 images.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 13.107.246.64:443 www.clarity.ms tcp
US 204.79.197.237:443 bat.bing.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 151.101.129.91:443 images.sftcdn.net tcp
US 151.101.129.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net udp
US 151.101.129.91:443 images.sftcdn.net udp
US 199.232.209.91:443 softonic.com tcp
GB 13.224.222.58:443 sdk.privacy-center.org tcp
GB 13.224.222.58:443 sdk.privacy-center.org udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 btloader.com udp
GB 18.172.148.233:443 www.datadoghq-browser-agent.com tcp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 91.209.232.199.in-addr.arpa udp
US 8.8.8.8:53 58.222.224.13.in-addr.arpa udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 storage.googleapis.com udp
US 8.8.8.8:53 storage.googleapis.com udp
US 8.8.8.8:53 di-images.sftcdn.net udp
US 8.8.8.8:53 di-images.sftcdn.net udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 51.8.64.151:443 h.clarity.ms tcp
NL 142.250.179.187:443 storage.googleapis.com tcp
GB 52.84.90.40:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.6.141:443 cdn.btmessage.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 199.232.209.91:443 softonic.com udp
US 104.26.6.141:443 cdn.btmessage.com tcp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 notix.io udp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 187.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 40.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 141.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 233.148.172.18.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 576de34f021acda79e9b89fffcbfdd62.safeframe.googlesyndication.com udp
US 8.8.8.8:53 576de34f021acda79e9b89fffcbfdd62.safeframe.googlesyndication.com udp
US 8.8.8.8:53 576de34f021acda79e9b89fffcbfdd62.safeframe.googlesyndication.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 wct.softonic.com udp
US 8.8.8.8:53 wct.softonic.com udp
US 8.8.8.8:53 api.privacy-center.org udp
US 8.8.8.8:53 api.privacy-center.org udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
NL 142.250.179.193:443 bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com tcp
NL 142.250.179.193:443 bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 104.26.3.63:443 wct.softonic.com tcp
IE 54.154.253.231:443 ap.lijit.com tcp
GB 108.138.233.123:443 api.privacy-center.org tcp
NL 142.250.179.196:443 www.google.com udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
IE 54.171.44.102:443 ad.360yield.com tcp
NL 185.89.210.122:443 ib.adnxs.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 34.120.63.153:443 prebid.media.net tcp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
IE 54.77.158.234:443 id.crwdcntrl.net tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
GB 18.245.143.118:443 tags.crwdcntrl.net tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
GB 108.138.233.123:443 api.privacy-center.org udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
NL 142.250.102.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 www.google.co.uk udp
NL 142.250.179.196:443 www.google.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 ampcid.google.com udp
US 8.8.8.8:53 ampcid.google.com udp
US 104.26.3.63:443 wct.softonic.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 172.217.168.195:443 www.google.co.uk udp
NL 142.250.179.174:443 ampcid.google.com tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 lexicon.33across.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
NL 142.250.179.193:443 bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 576de34f021acda79e9b89fffcbfdd62.safeframe.googlesyndication.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
NL 142.250.102.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
NL 185.235.87.89:443 ag.gbc.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
FR 185.235.86.165:443 gem.gbc.criteo.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 63.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 123.233.138.108.in-addr.arpa udp
US 8.8.8.8:53 231.253.154.54.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 102.44.171.54.in-addr.arpa udp
US 8.8.8.8:53 122.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 175.203.166.188.in-addr.arpa udp
US 8.8.8.8:53 232.154.172.18.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 58.139.4.46.in-addr.arpa udp
US 8.8.8.8:53 234.158.77.54.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 118.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 154.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
NL 185.235.87.89:443 ag.gbc.criteo.com tcp
FR 185.235.86.165:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 576de34f021acda79e9b89fffcbfdd62.safeframe.googlesyndication.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
US 8.8.8.8:53 en.softonic.com udp
US 151.101.129.91:443 en.softonic.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 34.120.63.153:443 prebid.media.net udp
US 104.18.36.155:443 htlb.casalemedia.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 151.101.193.108:443 acdn.adnxs.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
GB 184.26.56.245:443 ads.pubmatic.com tcp
DE 168.119.146.39:443 sync.richaudience.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 172.64.149.180:443 js-sec.indexww.com tcp
GB 184.25.192.27:443 contextual.media.net tcp
GB 184.26.56.245:443 ads.pubmatic.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 151.101.193.108:443 acdn.adnxs.com tcp
DE 168.119.146.39:443 sync.richaudience.com tcp
GB 184.25.192.27:443 contextual.media.net tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
US 151.101.193.91:443 en.softonic.com tcp
US 8.8.8.8:53 74.122.95.52.in-addr.arpa udp
DE 168.119.146.39:443 sync.richaudience.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.211.116:443 ib.adnxs.com tcp
US 8.8.8.8:53 cacerts.rapidssl.com udp
US 8.8.8.8:53 cacerts.rapidssl.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
DE 37.252.171.53:443 secure.adnxs.com tcp
DE 37.252.171.53:443 secure.adnxs.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 bc-sync.com udp
US 8.8.8.8:53 bc-sync.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.adsrvr.org udp
GB 92.123.140.19:443 player.aniview.com tcp
GB 92.123.140.19:443 player.aniview.com tcp
US 54.205.9.1:443 api-2-0.spot.im tcp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 match.prod.bidr.io udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 35.71.131.137:443 match.adsrvr.org tcp
US 8.2.108.175:443 bc-sync.com tcp
IE 52.215.113.33:443 match.prod.bidr.io tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 sync.1rx.io udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 52.202.30.230:443 cs-server-s2s.yellowblue.io tcp
US 52.202.30.230:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 108.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 245.56.26.184.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 27.192.25.184.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 39.146.119.168.in-addr.arpa udp
US 8.8.8.8:53 116.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 53.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 19.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 33.113.215.52.in-addr.arpa udp
US 8.8.8.8:53 1.9.205.54.in-addr.arpa udp
US 52.54.28.112:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 tracker.open-adsyield.com udp
US 8.8.8.8:53 tracker.open-adsyield.com udp
US 8.2.108.175:443 bc-sync.com tcp
US 172.111.38.54:443 tracker.open-adsyield.com tcp
IE 54.154.36.42:443 ap.lijit.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
IE 52.48.205.230:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 bttrack.com udp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 sync.aniview.com udp
US 8.8.8.8:53 sync.aniview.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
DE 51.38.120.206:443 onetag-sys.com udp
US 192.132.33.69:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 172.67.40.173:443 spl.zeotap.com tcp
FR 178.32.210.230:443 ssbsync-global.smartadserver.com tcp
NL 142.250.179.162:443 cm.g.doubleclick.net tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
NL 142.250.179.162:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
NL 142.250.179.162:443 cm.g.doubleclick.net udp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 match.sharethrough.com udp
DE 37.252.171.53:443 secure.adnxs.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 player.aniview.com udp
DE 3.71.91.116:443 match.sharethrough.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 player.aniview.com udp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 sync.aniview.com udp
US 172.240.45.78:443 sync.aniview.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 230.30.202.52.in-addr.arpa udp
US 8.8.8.8:53 42.36.154.54.in-addr.arpa udp
US 8.8.8.8:53 112.28.54.52.in-addr.arpa udp
US 8.8.8.8:53 54.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 230.205.48.52.in-addr.arpa udp
US 8.8.8.8:53 76.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 230.210.32.178.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 166.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 185.25.132.164.in-addr.arpa udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
GB 184.25.193.73:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 116.91.71.3.in-addr.arpa udp
US 8.8.8.8:53 249.129.214.23.in-addr.arpa udp
US 8.8.8.8:53 73.193.25.184.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 leap.ldplayer.gg udp
US 8.8.8.8:53 leap.ldplayer.gg udp
US 8.8.8.8:53 leap.ldplayer.gg udp
GB 163.181.57.237:443 leap.ldplayer.gg tcp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
GB 163.181.57.237:443 www.ldplayer.net tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 142.250.179.142:443 syndicatedsearch.goog tcp
ES 157.240.5.10:443 connect.facebook.net tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
NL 142.250.179.142:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 326e72a70eba6ddd52af7bda682c3faa.safeframe.googlesyndication.com udp
US 8.8.8.8:53 326e72a70eba6ddd52af7bda682c3faa.safeframe.googlesyndication.com udp
US 8.8.8.8:53 326e72a70eba6ddd52af7bda682c3faa.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
NL 142.250.179.142:443 syndicatedsearch.goog udp
US 8.8.8.8:53 237.57.181.163.in-addr.arpa udp
NL 142.250.179.193:443 326e72a70eba6ddd52af7bda682c3faa.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 js.adscale.de udp
US 8.8.8.8:53 js.adscale.de udp
GB 18.245.143.108:443 js.adscale.de tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
NL 172.217.168.194:443 partner.googleadservices.com udp
GB 18.245.143.108:443 js.adscale.de tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 en.softonic.com udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 ih.adscale.de udp
US 8.8.8.8:53 ih.adscale.de udp
US 8.8.8.8:53 en.softonic.com udp
DE 35.158.227.25:443 tcp
DE 35.158.227.25:443 tcp
NL 185.235.87.89:443 ag.gbc.criteo.com tcp
FR 185.235.86.165:443 gem.gbc.criteo.com tcp
US 130.211.23.194:443 api.btloader.com udp
ES 157.240.5.10:443 connect.facebook.net udp
US 8.8.8.8:53 326e72a70eba6ddd52af7bda682c3faa.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 108.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
US 8.8.8.8:53 25.227.158.35.in-addr.arpa udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 35.244.193.51:443 lexicon.33across.com udp
US 8.8.8.8:53 prs.sftcdn.net udp
US 8.8.8.8:53 prs.sftcdn.net udp
US 8.8.8.8:53 articles-img.sftcdn.net udp
US 8.8.8.8:53 articles-img.sftcdn.net udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
NL 142.251.36.54:443 play-lh.googleusercontent.com tcp
NL 142.251.36.54:443 play-lh.googleusercontent.com tcp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
GB 18.172.153.8:443 cdn.ldplayer.net tcp
NL 142.251.36.54:443 play-lh.googleusercontent.com udp
DE 178.63.248.56:443 push-sdk.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 uidsync.net udp
US 8.8.8.8:53 uidsync.net udp
GB 18.172.153.8:443 cdn.ldplayer.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 stpd.cloud udp
US 8.8.8.8:53 stpd.cloud udp
DE 23.88.8.123:443 uidsync.net tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 104.18.31.49:443 stpd.cloud tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 56.248.63.178.in-addr.arpa udp
US 8.8.8.8:53 8.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 123.8.88.23.in-addr.arpa udp
US 8.8.8.8:53 54.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 49.31.18.104.in-addr.arpa udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
DE 23.88.8.123:443 uidsync.net tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 326e72a70eba6ddd52af7bda682c3faa.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
NL 142.251.36.14:443 apis.google.com tcp
US 8.8.8.8:53 apien.ldplayer.net udp
US 8.8.8.8:53 apien.ldplayer.net udp
US 8.8.8.8:53 invite.ldplayer.net udp
US 8.8.8.8:53 usersdk.ldmnq.com udp
US 8.8.8.8:53 usersdk.ldmnq.com udp
US 8.8.8.8:53 api.ldshop.gg udp
US 8.8.8.8:53 api.ldshop.gg udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 142.251.36.14:443 apis.google.com udp
GB 52.84.90.3:443 apien.ldplayer.net tcp
SG 8.219.66.74:443 invite.ldplayer.net tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
US 8.8.8.8:53 api.ldshop.gg udp
US 8.8.8.8:53 api.ldshop.gg udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 172.217.168.226:443 www.googletagservices.com tcp
SG 8.222.160.10:443 api.ldshop.gg tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 3.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
GB 52.84.90.3:443 apien.ldplayer.net udp
US 8.8.8.8:53 tagan.adlightning.com udp
US 8.8.8.8:53 tagan.adlightning.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.ldplayer.net udp
GB 216.137.44.59:443 tagan.adlightning.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.ldplayer.net udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 74.66.219.8.in-addr.arpa udp
US 8.8.8.8:53 49.4.236.47.in-addr.arpa udp
US 8.8.8.8:53 226.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.160.222.8.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 59.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 18.245.143.100:443 tags.crwdcntrl.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 contextual.media.net udp
GB 184.25.192.27:443 contextual.media.net udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
GB 184.25.192.27:443 contextual.media.net udp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
GB 92.123.140.19:443 player.aniview.com udp
US 8.2.108.175:443 bc-sync.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 52.215.113.33:443 match.prod.bidr.io tcp
US 52.54.28.112:443 sync.srv.stackadapt.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 106.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 100.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 c1.adform.net udp
DE 3.71.91.116:443 match.sharethrough.com tcp
GB 108.156.39.69:443 s.ad.smaato.net tcp
DK 37.157.3.26:443 c1.adform.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 26.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 69.39.156.108.in-addr.arpa udp
DE 178.63.248.56:443 uidsync.net tcp
US 8.8.8.8:53 client.wns.windows.com udp
GB 20.90.156.32:443 client.wns.windows.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
DE 178.63.248.56:443 uidsync.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
DE 178.63.248.56:443 uidsync.net tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 32.156.90.20.in-addr.arpa udp
NL 185.235.87.105:443 ag.gbc.criteo.com tcp
FR 185.235.86.149:443 gem.gbc.criteo.com tcp
FR 185.235.86.149:443 gem.gbc.criteo.com tcp
NL 185.235.87.105:443 ag.gbc.criteo.com tcp
GB 184.28.176.56:443 www.bing.com udp
US 8.8.8.8:53 56.176.28.184.in-addr.arpa udp
NL 185.235.87.105:443 ag.gbc.criteo.com tcp
FR 185.235.86.149:443 gem.gbc.criteo.com tcp
US 199.232.209.91:443 softonic.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 172.217.2.35:443 csi.gstatic.com tcp
US 8.8.8.8:53 rr1---sn-4g5e6nzl.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-4g5e6nzl.googlevideo.com udp
US 172.217.2.35:443 csi.gstatic.com tcp
US 172.217.2.35:443 csi.gstatic.com tcp
US 172.217.2.35:443 csi.gstatic.com tcp
US 172.217.2.35:443 csi.gstatic.com tcp
US 172.217.2.35:443 csi.gstatic.com tcp
DE 74.125.11.102:443 rr1---sn-4g5e6nzl.googlevideo.com udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 35.2.217.172.in-addr.arpa udp
US 8.8.8.8:53 en.softonic.com udp
US 151.101.193.91:443 en.softonic.com udp
GB 13.224.222.58:443 sdk.privacy-center.org udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
NL 185.89.210.122:443 secure.adnxs.com tcp
US 8.8.8.8:53 b-code.liadm.com udp
US 8.8.8.8:53 b-code.liadm.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
GB 18.165.227.55:443 b-code.liadm.com tcp
US 8.8.8.8:53 68ffc8be5e93938198beddffd438956c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 172.217.2.35:443 csi.gstatic.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
NL 142.250.179.193:443 68ffc8be5e93938198beddffd438956c.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 55.227.165.18.in-addr.arpa udp
NL 142.250.179.193:443 68ffc8be5e93938198beddffd438956c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 68ffc8be5e93938198beddffd438956c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 cd.connatix.com udp
US 8.8.8.8:53 cd.connatix.com udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 104.18.6.198:443 cd.connatix.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 cds.connatix.com udp
US 8.8.8.8:53 cds.connatix.com udp
US 8.8.8.8:53 198.6.18.104.in-addr.arpa udp
US 8.8.8.8:53 capi.connatix.com udp
US 8.8.8.8:53 capi.connatix.com udp
GB 184.25.192.27:443 contextual.media.net udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
GB 184.26.56.245:443 ads.pubmatic.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
GB 184.25.192.27:443 contextual.media.net udp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 ins.connatix.com udp
US 8.8.8.8:53 ins.connatix.com udp
US 8.8.8.8:53 vid.connatix.com udp
US 8.8.8.8:53 vid.connatix.com udp
US 8.8.8.8:53 lit.connatix.com udp
US 8.8.8.8:53 lit.connatix.com udp
US 8.8.8.8:53 ins.connatix.com udp
US 8.8.8.8:53 ins.connatix.com udp
US 8.8.8.8:53 vid.connatix.com udp
US 8.8.8.8:53 vid.connatix.com udp
US 8.8.8.8:53 lit.connatix.com udp
US 8.8.8.8:53 lit.connatix.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
DE 37.252.171.53:443 secure.adnxs.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
GB 92.123.140.19:443 player.aniview.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
DE 51.38.120.206:443 onetag-sys.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 visitor.omnitagjs.com udp
DE 37.252.171.53:443 secure.adnxs.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 img.connatix.com udp
US 8.8.8.8:53 img.connatix.com udp
NL 172.217.23.202:443 imasdk.googleapis.com tcp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.2.108.175:443 bc-sync.com tcp
IE 52.215.113.33:443 match.prod.bidr.io tcp
US 52.54.28.112:443 sync.srv.stackadapt.com tcp
NL 185.89.211.116:443 secure.adnxs.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
FR 178.32.210.230:443 ssbsync.smartadserver.com tcp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
DE 3.71.91.116:443 match.sharethrough.com tcp
US 8.2.108.175:443 bc-sync.com tcp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
NL 172.217.23.202:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
NL 142.251.39.102:443 s0.2mdn.net tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 102.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 161.182.54.209.in-addr.arpa udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
NL 216.58.208.98:443 pubads.g.doubleclick.net tcp
NL 216.58.208.98:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 98.208.58.216.in-addr.arpa udp
NL 185.235.87.85:443 ag.gbc.criteo.com tcp
FR 185.235.86.155:443 gem.gbc.criteo.com tcp
FR 185.235.86.155:443 gem.gbc.criteo.com tcp
NL 185.235.87.85:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 dnacdn.net udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 bid.g.doubleclick.net udp
US 8.8.8.8:53 bid.g.doubleclick.net udp
US 8.8.8.8:53 bid.g.doubleclick.net udp
US 8.8.8.8:53 bid.g.doubleclick.net udp
NL 142.250.102.156:443 bid.g.doubleclick.net udp
US 8.8.8.8:53 156.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 csi.gstatic.com udp
NL 172.217.23.202:443 imasdk.googleapis.com udp
US 8.8.8.8:53 gcdn.2mdn.net udp
US 8.8.8.8:53 gcdn.2mdn.net udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 www.googletagservices.com udp
IT 142.251.143.131:443 csi.gstatic.com tcp
NL 142.250.179.162:443 www.googletagservices.com tcp
NL 172.217.168.238:443 gcdn.2mdn.net tcp
US 8.8.8.8:53 assets.connatix.com udp
US 8.8.8.8:53 assets.connatix.com udp
IT 142.251.143.131:443 csi.gstatic.com tcp
NL 142.250.179.162:443 www.googletagservices.com tcp
NL 172.217.168.238:443 gcdn.2mdn.net tcp
US 104.18.6.198:443 assets.connatix.com udp
US 8.8.8.8:53 r1---sn-4g5edndd.c.2mdn.net udp
DE 172.217.133.166:443 r1---sn-4g5edndd.c.2mdn.net udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.143.251.142.in-addr.arpa udp
US 8.8.8.8:53 166.133.217.172.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
NL 172.217.23.194:443 ade.googlesyndication.com tcp
NL 172.217.23.194:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 185.235.87.85:443 ag.gbc.criteo.com tcp
FR 185.235.86.155:443 gem.gbc.criteo.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 geometry-dash.en.softonic.com udp
IT 142.251.143.131:443 csi.gstatic.com udp
NL 172.217.23.194:443 ade.googlesyndication.com udp
NL 142.250.179.162:443 ade.googlesyndication.com udp
US 8.8.8.8:53 leap.ldplayer.gg udp
US 8.8.8.8:53 www.ldplayer.net udp
GB 18.172.153.8:443 cdn.ldplayer.net udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
GB 52.84.90.3:443 apien.ldplayer.net udp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 id.hadron.ad.gt udp
IE 54.194.254.146:443 bcp.crwdcntrl.net tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 63.215.202.146:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 leap.ldplayer.gg udp
US 8.8.8.8:53 leap.ldplayer.gg udp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
NL 142.251.36.54:443 play-lh.googleusercontent.com udp
US 104.18.31.49:443 stpd.cloud tcp
GB 163.181.57.236:443 ldcdn.ldmnq.com tcp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 leap.ldplayer.gg udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.5.69:443 a.ad.gt tcp
GB 163.181.57.236:443 leap.ldplayer.gg tcp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 146.254.194.54.in-addr.arpa udp
US 8.8.8.8:53 146.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 236.57.181.163.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 8.8.8.8:53 prebid-stag.setupad.net udp
DE 141.95.33.120:443 id5-sync.com tcp
US 8.8.8.8:53 rtb.adxpremium.services udp
US 8.8.8.8:53 rtb.adxpremium.services udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 adx.adform.net udp
US 8.8.8.8:53 adx.adform.net udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 script.4dex.io udp
DE 141.95.33.120:443 id5-sync.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
NL 142.250.179.193:443 bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com tcp
NL 142.250.179.193:443 bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 147.75.80.51:443 prebid.a-mo.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
FR 51.178.195.208:443 prg.smartadserver.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
US 104.18.10.176:443 mp.4dex.io tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 104.26.9.169:443 script.4dex.io tcp
DK 37.157.4.29:443 adx.adform.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 104.18.22.145:443 cadmus.script.ac tcp
US 34.98.64.218:443 u.openx.net tcp
US 34.98.64.218:443 u.openx.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
FR 51.178.195.208:443 prg.smartadserver.com tcp
US 104.18.10.176:443 mp.4dex.io tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 18.140.106.185.in-addr.arpa udp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 178.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 51.80.75.147.in-addr.arpa udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 29.4.157.37.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 34.98.64.218:443 u.openx.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 dnacdn.net udp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
GB 184.25.193.73:443 eus.rubiconproject.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 142.250.179.193:443 bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 tagan.adlightning.com udp
US 8.8.8.8:53 tagan.adlightning.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
GB 216.137.44.76:443 tagan.adlightning.com tcp
GB 216.137.44.76:443 tagan.adlightning.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 176.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 208.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 162.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 76.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 35.227.252.103:443 rtb.openx.net udp
FR 5.196.111.69:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 bc2b1f85d24da5b10ad38fc5ca65eec3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 05bffea29eb2c58d37478da120efa06d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 05bffea29eb2c58d37478da120efa06d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 05bffea29eb2c58d37478da120efa06d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.ldplayer.net udp
NL 142.250.179.193:443 05bffea29eb2c58d37478da120efa06d.safeframe.googlesyndication.com tcp
NL 185.235.87.104:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 185.235.86.153:443 gem.gbc.criteo.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
DK 37.157.5.133:443 cm.adform.net tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.ldplayer.net udp
FR 185.235.86.153:443 gem.gbc.criteo.com tcp
NL 185.235.87.104:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 node.setupad.com udp
US 8.8.8.8:53 node.setupad.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 69.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 133.5.157.37.in-addr.arpa udp
DE 159.89.25.223:443 node.setupad.com tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 3.222.57.22:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 8.8.8.8:53 223.25.89.159.in-addr.arpa udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
NL 142.251.36.54:443 play-lh.googleusercontent.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.ldplayer.net udp
NL 193.3.178.4:443 ads.us.e-planning.net tcp
NL 193.3.178.4:443 ads.us.e-planning.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 2d24581203ed00fba66e6b70a008a4c8.safeframe.googlesyndication.com udp
US 8.8.8.8:53 2d24581203ed00fba66e6b70a008a4c8.safeframe.googlesyndication.com udp
US 8.8.8.8:53 2d24581203ed00fba66e6b70a008a4c8.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.ldplayer.net udp
DE 178.63.248.56:443 uidsync.net tcp
NL 142.250.179.193:443 2d24581203ed00fba66e6b70a008a4c8.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 1x1.a-mo.net udp
US 8.8.8.8:53 1x1.a-mo.net udp
US 8.8.8.8:53 www.google.com udp
DE 3.124.135.75:443 1x1.a-mo.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 22.57.222.3.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 www.ldplayer.net udp
FR 5.135.209.101:443 ssbsync.smartadserver.com tcp
FR 5.135.209.101:443 ssbsync.smartadserver.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 u.4dex.io udp
US 8.8.8.8:53 sync.adotmob.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 34.149.40.38:443 u.4dex.io tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 101.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 75.135.124.3.in-addr.arpa udp
US 8.8.8.8:53 38.40.149.34.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 253.61.156.35.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
GB 13.87.96.169:443 app-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 ice.360yield.com udp
IE 34.254.214.108:443 ice.360yield.com tcp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 static.criteo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
US 8.8.8.8:53 108.214.254.34.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 u.openx.net udp
US 35.244.159.8:443 u.openx.net tcp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 34.98.64.218:443 u.openx.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 ms-cookie-sync.presage.io udp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
NL 145.40.97.77:443 sync.a-mo.net tcp
NL 145.40.97.77:443 sync.a-mo.net tcp
US 172.67.138.13:443 adxbid.info udp
US 35.244.159.8:443 setupad-d.openx.net tcp
IE 52.211.93.114:443 match.prod.bidr.io tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 34.1.224.11:443 csync.loopme.me tcp
IE 34.250.74.30:443 ms-cookie-sync.presage.io tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 13.138.67.172.in-addr.arpa udp
US 8.8.8.8:53 77.97.40.145.in-addr.arpa udp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 34.149.40.38:443 u.4dex.io tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 assets.a-mo.net udp
US 8.8.8.8:53 assets.a-mo.net udp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
FR 185.235.86.179:443 ag.gbc.criteo.com tcp
NL 185.235.87.99:443 gem.gbc.criteo.com tcp
US 104.19.159.19:443 assets.a-mo.net tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 id.a-mx.com udp
FR 185.235.86.179:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 as.ck-ie.com udp
US 8.8.8.8:53 as.ck-ie.com udp
NL 185.89.211.84:443 ib.adnxs.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
NL 185.235.87.99:443 gem.gbc.criteo.com tcp
NL 147.75.85.97:443 prebid.a-mo.net tcp
US 8.8.8.8:53 vid.vidoomy.com udp
US 8.8.8.8:53 vid.vidoomy.com udp
US 8.8.8.8:53 vid.vidoomy.com udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 11.224.1.34.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 114.93.211.52.in-addr.arpa udp
US 8.8.8.8:53 118.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 30.74.250.34.in-addr.arpa udp
US 8.8.8.8:53 89.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 19.159.19.104.in-addr.arpa udp
US 8.8.8.8:53 84.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 97.85.75.147.in-addr.arpa udp
US 8.8.8.8:53 113.110.2.8.in-addr.arpa udp
GB 89.187.167.39:443 vid.vidoomy.com tcp
US 8.8.8.8:53 id.rtb.mx udp
US 8.8.8.8:53 id.rtb.mx udp
US 8.8.8.8:53 prebid.adnxs.com udp
US 8.8.8.8:53 prebid.adnxs.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 ssum.casalemedia.com udp
GB 185.64.190.84:443 ow.pubmatic.com tcp
NL 185.89.208.11:443 prebid.adnxs.com tcp
DE 79.127.216.47:443 id.rtb.mx tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 vpaid.vidoomy.com udp
US 8.8.8.8:53 vpaid.vidoomy.com udp
GB 89.187.167.38:443 vpaid.vidoomy.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 a.vidoomy.com udp
US 8.8.8.8:53 a.vidoomy.com udp
US 8.8.8.8:53 39.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 84.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 11.208.89.185.in-addr.arpa udp
US 8.8.8.8:53 38.167.187.89.in-addr.arpa udp
ES 212.36.83.246:443 a.vidoomy.com tcp
FR 185.235.86.153:443 gem.gbc.criteo.com tcp
NL 185.235.87.104:443 gem.gbc.criteo.com tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 8.8.8.8:53 246.83.36.212.in-addr.arpa udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 adxbid.info udp
GB 184.26.56.245:443 ads.pubmatic.com tcp
GB 184.26.56.245:443 ads.pubmatic.com tcp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
IE 52.50.103.254:443 ap.lijit.com tcp
US 8.8.8.8:53 rtb.adxpremium.services udp
US 8.8.8.8:53 rtb.adxpremium.services udp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 8.8.8.8:53 vid.vidoomy.com udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 180.201.192.209.in-addr.arpa udp
US 8.8.8.8:53 254.103.50.52.in-addr.arpa udp
DK 37.157.3.26:443 cm.adform.net tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
FR 185.235.86.159:443 gem.gbc.criteo.com tcp
NL 185.235.87.106:443 gem.gbc.criteo.com tcp
NL 185.235.87.106:443 gem.gbc.criteo.com tcp
FR 185.235.86.159:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 sub.got-to-be.net udp
US 8.8.8.8:53 sub.got-to-be.net udp
DE 157.90.33.68:443 sub.got-to-be.net tcp
DE 157.90.33.68:443 sub.got-to-be.net tcp
US 8.8.8.8:53 68.33.90.157.in-addr.arpa udp
GB 184.28.176.104:443 www.bing.com udp
FR 217.182.178.234:443 rtb-csync.smartadserver.com tcp
FR 217.182.178.234:443 rtb-csync.smartadserver.com tcp
FR 217.182.178.234:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 104.176.28.184.in-addr.arpa udp
FR 217.182.178.234:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
NL 142.251.36.54:443 play-lh.googleusercontent.com udp
FR 217.182.178.234:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 234.178.182.217.in-addr.arpa udp
NL 185.235.87.105:443 gem.gbc.criteo.com tcp
FR 185.235.86.188:443 ag.gbc.criteo.com tcp
FR 185.235.86.188:443 ag.gbc.criteo.com tcp
NL 185.235.87.105:443 gem.gbc.criteo.com tcp
NL 185.235.87.106:443 gem.gbc.criteo.com tcp
FR 185.235.86.159:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 d19mtdoi3rn3ox.cloudfront.net udp
GB 18.245.158.163:443 d19mtdoi3rn3ox.cloudfront.net tcp
US 8.8.8.8:53 76.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 12.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
US 8.8.8.8:53 163.158.245.18.in-addr.arpa udp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
GB 216.137.34.195:443 d1arl2thrafelv.cloudfront.net tcp
GB 216.137.34.195:443 d1arl2thrafelv.cloudfront.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 104.18.36.155:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 195.34.137.216.in-addr.arpa udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 185.89.211.116:443 ib.adnxs.com tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 18.172.153.36:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 s.richaudience.com udp
US 8.8.8.8:53 s.richaudience.com udp
DE 157.90.0.38:443 s.richaudience.com tcp
DE 157.90.0.38:443 s.richaudience.com tcp
US 8.8.8.8:53 36.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 38.0.90.157.in-addr.arpa udp
NL 185.235.87.87:443 gem.gbc.criteo.com tcp
FR 185.235.86.163:443 gem.gbc.criteo.com tcp
NL 185.235.87.87:443 gem.gbc.criteo.com tcp
FR 185.235.86.163:443 gem.gbc.criteo.com tcp
NL 185.235.87.85:443 gem.gbc.criteo.com tcp
FR 185.235.86.178:443 ag.gbc.criteo.com tcp
FR 185.235.86.178:443 ag.gbc.criteo.com tcp
NL 185.235.87.85:443 gem.gbc.criteo.com tcp
FR 185.235.86.163:443 gem.gbc.criteo.com tcp
GB 184.28.176.104:443 www.bing.com udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
NL 185.235.87.87:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 49.4.219.8.in-addr.arpa udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
FR 185.235.86.145:443 gem.gbc.criteo.com tcp
FR 185.235.86.145:443 gem.gbc.criteo.com tcp
NL 185.235.87.90:443 gem.gbc.criteo.com tcp
NL 185.235.87.90:443 gem.gbc.criteo.com tcp
NL 185.235.87.98:443 gem.gbc.criteo.com tcp
FR 185.235.86.181:443 ag.gbc.criteo.com tcp
FR 185.235.86.181:443 ag.gbc.criteo.com tcp
NL 185.235.87.98:443 gem.gbc.criteo.com tcp
NL 185.235.87.90:443 gem.gbc.criteo.com tcp
FR 185.235.86.145:443 gem.gbc.criteo.com tcp
US 104.18.7.198:443 assets.connatix.com udp
US 104.18.7.198:443 assets.connatix.com tcp
US 8.8.8.8:53 198.7.18.104.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
FR 185.235.86.161:443 gem.gbc.criteo.com tcp
FR 185.235.86.161:443 gem.gbc.criteo.com tcp
NL 185.235.87.94:443 gem.gbc.criteo.com tcp
NL 185.235.87.94:443 gem.gbc.criteo.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 170.253.116.51.in-addr.arpa udp
FR 185.235.86.169:443 ag.gbc.criteo.com tcp
NL 185.235.87.93:443 gem.gbc.criteo.com tcp
NL 185.235.87.93:443 gem.gbc.criteo.com tcp
FR 185.235.86.169:443 ag.gbc.criteo.com tcp
NL 185.235.87.94:443 gem.gbc.criteo.com tcp
FR 185.235.86.161:443 gem.gbc.criteo.com tcp
FR 185.235.86.144:443 gem.gbc.criteo.com tcp
FR 185.235.86.144:443 gem.gbc.criteo.com tcp
NL 185.235.87.107:443 gem.gbc.criteo.com tcp
NL 185.235.87.107:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 gamingbeasts.com udp
US 8.8.8.8:53 gamingbeasts.com udp
US 8.8.8.8:53 gamingbeasts.com udp
US 172.67.68.207:443 gamingbeasts.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 207.68.67.172.in-addr.arpa udp
FR 185.235.86.182:443 ag.gbc.criteo.com tcp
US 192.0.76.3:443 stats.wp.com tcp
FR 185.235.86.182:443 ag.gbc.criteo.com tcp
NL 185.235.87.107:443 gem.gbc.criteo.com tcp
US 192.0.76.3:443 stats.wp.com udp
US 8.8.8.8:53 https-gamingbeasts-com.disqus.com udp
US 8.8.8.8:53 https-gamingbeasts-com.disqus.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 https-gamingbeasts-com.disqus.com udp
US 199.232.196.134:443 https-gamingbeasts-com.disqus.com tcp
US 199.232.196.134:443 https-gamingbeasts-com.disqus.com tcp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 151.101.0.134:443 disqus.com tcp
GB 13.224.132.61:443 c.disquscdn.com tcp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 gamingbeasts.com udp
US 8.8.8.8:53 tempest.services.disqus.com udp
US 8.8.8.8:53 tempest.services.disqus.com udp
US 8.8.8.8:53 referrer.disqus.com udp
US 8.8.8.8:53 referrer.disqus.com udp
US 151.101.64.134:443 disqus.com tcp
US 199.232.192.64:443 tempest.services.disqus.com tcp
US 199.232.192.134:443 referrer.disqus.com tcp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 134.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 61.132.224.13.in-addr.arpa udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 gamingbeasts.com udp
US 151.101.64.134:443 disqus.com tcp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 gamingbeasts.com udp
GB 13.224.132.61:443 c.disquscdn.com tcp
GB 13.224.132.61:443 c.disquscdn.com tcp
GB 13.224.132.61:443 c.disquscdn.com tcp
US 8.8.8.8:53 cdn.tsyndicate.com udp
US 8.8.8.8:53 cdn.tsyndicate.com udp
NL 45.133.44.70:443 cdn.tsyndicate.com tcp
US 151.101.64.134:443 disqus.com tcp
US 8.8.8.8:53 134.64.101.151.in-addr.arpa udp
US 8.8.8.8:53 134.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 70.44.133.45.in-addr.arpa udp
US 8.8.8.8:53 cdn.viglink.com udp
US 8.8.8.8:53 referrer.disqus.com udp
GB 18.164.68.102:443 cdn.viglink.com tcp
GB 18.164.68.102:443 cdn.viglink.com tcp
US 199.232.196.134:443 referrer.disqus.com tcp
US 8.8.8.8:53 tsyndicate.com udp
US 8.8.8.8:53 tsyndicate.com udp
US 8.8.8.8:53 tsyndicate.com udp
NL 185.235.87.107:443 gem.gbc.criteo.com tcp
DE 116.202.244.171:443 tsyndicate.com tcp
US 8.8.8.8:53 links.services.disqus.com udp
US 199.232.196.64:443 links.services.disqus.com tcp
US 8.8.8.8:53 uvi-9125.agenteimmobiliare.info udp
US 8.8.8.8:53 uvi-9125.agenteimmobiliare.info udp
US 8.8.8.8:53 pxl.tsyndicate.com udp
US 8.8.8.8:53 pxl.tsyndicate.com udp
DE 213.239.193.198:443 pxl.tsyndicate.com tcp
US 172.67.180.218:443 uvi-9125.agenteimmobiliare.info udp
US 172.67.180.218:443 uvi-9125.agenteimmobiliare.info udp
US 8.8.8.8:53 102.68.164.18.in-addr.arpa udp
US 8.8.8.8:53 171.244.202.116.in-addr.arpa udp
US 8.8.8.8:53 64.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 218.180.67.172.in-addr.arpa udp
NL 185.235.87.107:443 gem.gbc.criteo.com tcp
US 172.67.180.218:443 uvi-9125.agenteimmobiliare.info tcp
US 172.67.180.218:443 uvi-9125.agenteimmobiliare.info tcp
US 8.8.8.8:53 s.optnx.com udp
US 8.8.8.8:53 s.optnx.com udp
US 8.8.8.8:53 s3t3d2y8.afcdn.net udp
US 8.8.8.8:53 s3t3d2y8.afcdn.net udp
NL 95.211.229.246:443 s.optnx.com tcp
GB 89.187.167.39:443 s3t3d2y8.afcdn.net tcp
FR 185.235.86.144:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 198.193.239.213.in-addr.arpa udp
US 8.8.8.8:53 246.229.211.95.in-addr.arpa udp
US 199.232.192.134:443 referrer.disqus.com tcp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
US 8.8.8.8:53 shield.reasonsecurity.com udp
GB 216.137.34.195:443 d1arl2thrafelv.cloudfront.net tcp
GB 18.244.140.87:443 shield.reasonsecurity.com tcp
US 8.8.8.8:53 87.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
GB 18.244.140.87:443 shield.reasonsecurity.com tcp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 35.80.172.133:443 analytics.apis.mcafee.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 133.172.80.35.in-addr.arpa udp
US 8.8.8.8:53 97.136.219.8.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 92.123.143.232:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 34.202.119.205:443 track.analytics-data.io tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 8.8.8.8:53 update.reasonsecurity.com udp
GB 18.154.84.81:443 update.reasonsecurity.com tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 8.8.8.8:53 205.119.202.34.in-addr.arpa udp
US 8.8.8.8:53 81.84.154.18.in-addr.arpa udp
US 34.202.119.205:443 track.analytics-data.io tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 8.8.8.8:53 electron-shell.reasonsecurity.com udp
GB 108.156.46.9:443 electron-shell.reasonsecurity.com tcp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 9.46.156.108.in-addr.arpa udp
FR 185.235.86.162:443 gem.gbc.criteo.com tcp
FR 185.235.86.162:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 13.224.132.104:443 apien.ldmnq.com tcp
NL 185.235.87.101:443 gem.gbc.criteo.com tcp
NL 185.235.87.101:443 gem.gbc.criteo.com tcp
US 34.202.119.205:443 track.analytics-data.io tcp
FR 185.235.86.177:443 ag.gbc.criteo.com tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 173.222.211.41:443 aefd.nelreports.net udp
NL 185.235.87.103:443 gem.gbc.criteo.com tcp
FR 185.235.86.177:443 ag.gbc.criteo.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 92.123.143.232:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 home.mcafee.com udp
GB 23.214.142.196:443 home.mcafee.com tcp
GB 23.214.142.196:443 home.mcafee.com tcp
US 35.80.172.133:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 196.142.214.23.in-addr.arpa udp
NL 185.235.87.103:443 gem.gbc.criteo.com tcp
US 104.18.7.198:443 assets.connatix.com udp
NL 185.235.87.101:443 gem.gbc.criteo.com tcp
FR 185.235.86.162:443 gem.gbc.criteo.com tcp
US 35.80.172.133:443 analytics.apis.mcafee.com tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 8.8.8.8:53 cdn.reasonsecurity.com udp
GB 52.84.90.47:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 47.90.84.52.in-addr.arpa udp
GB 184.28.176.56:443 www.bing.com udp
US 34.202.119.205:443 track.analytics-data.io tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 184.28.176.56:443 th.bing.com udp
GB 184.28.176.104:443 th.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.138:443 login.microsoftonline.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
FR 185.235.86.150:443 gem.gbc.criteo.com tcp
FR 185.235.86.150:443 gem.gbc.criteo.com tcp
US 35.80.172.133:443 analytics.apis.mcafee.com tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 8.8.8.8:53 234.193.25.184.in-addr.arpa udp
NL 185.235.87.109:443 gem.gbc.criteo.com tcp
NL 185.235.87.109:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
FR 185.235.86.191:443 ag.gbc.criteo.com tcp
FR 185.235.86.191:443 ag.gbc.criteo.com tcp
NL 185.235.87.108:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 92.123.143.232:443 sadownload.mcafee.com tcp
NL 185.235.87.108:443 gem.gbc.criteo.com tcp
NL 185.235.87.109:443 gem.gbc.criteo.com tcp
FR 185.235.86.150:443 gem.gbc.criteo.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
FR 185.235.86.152:443 gem.gbc.criteo.com tcp
FR 185.235.86.152:443 gem.gbc.criteo.com tcp
NL 185.235.87.103:443 gem.gbc.criteo.com tcp
NL 185.235.87.103:443 gem.gbc.criteo.com tcp
GB 184.28.176.56:443 www.bing.com udp
GB 184.28.176.104:443 www.bing.com udp
US 34.202.119.205:443 track.analytics-data.io tcp
US 34.202.119.205:443 track.analytics-data.io tcp
FR 185.235.86.187:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 3.86.130.103:443 track.analytics-data.io tcp
US 34.202.119.205:443 track.analytics-data.io tcp
FR 185.235.86.187:443 ag.gbc.criteo.com tcp
NL 185.235.87.100:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 103.130.86.3.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 config.reasonsecurity.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
GB 99.86.114.64:443 config.reasonsecurity.com tcp
US 8.8.8.8:53 64.114.86.99.in-addr.arpa udp
US 8.8.8.8:53 sw.symcd.com udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
DE 152.199.19.74:80 sw.symcd.com tcp
US 8.8.8.8:53 sw.symcb.com udp
SE 192.229.221.95:80 sw.symcb.com tcp
US 8.8.8.8:53 ocsp.thawte.com udp
DE 152.199.19.74:80 ocsp.thawte.com tcp
US 8.8.8.8:53 crl.thawte.com udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
GB 184.28.176.104:443 www.bing.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 3.86.130.103:443 track.analytics-data.io tcp
US 8.8.8.8:53 api.reasonsecurity.com udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
GB 184.28.176.104:443 www.bing.com udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 235.0.22.104.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 discord.gg udp
US 8.8.8.8:53 discord.gg udp
US 162.159.134.234:443 discord.gg tcp
US 8.8.8.8:53 discord.gg udp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 162.159.134.234:443 discord.gg tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 discord.com udp
GB 92.123.140.42:443 bzib.nelreports.net tcp
US 162.159.136.232:443 discord.com udp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 en.ldplayer.net udp
US 8.8.8.8:53 ad.ldplayer.net udp
GB 18.245.218.123:443 ad.ldplayer.net tcp
GB 163.181.57.237:443 en.ldplayer.net tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
GB 143.204.67.183:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 123.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 183.67.204.143.in-addr.arpa udp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 advertise.ldplayer.net udp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 alliance.ldplayer.net udp
US 8.8.8.8:53 res.ldplayer.net udp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 18.244.114.68:443 alliance.ldplayer.net tcp
US 8.8.8.8:53 235.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 68.114.244.18.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 13.224.132.104:80 apien.ldmnq.com tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 13.224.132.104:443 apien.ldmnq.com tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 13.224.132.104:443 apien.ldmnq.com tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 18.172.153.23:443 encdn.ldmnq.com tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
US 8.8.8.8:53 23.153.172.18.in-addr.arpa udp
GB 18.245.218.123:443 ad.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 18.172.153.23:443 encdn.ldmnq.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 3.86.130.103:443 track.analytics-data.io tcp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
US 8.8.8.8:53 track.analytics-data.io udp
NL 142.251.36.54:443 play-lh.googleusercontent.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.179.131:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
NL 142.250.179.131:80 o.pki.goog tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
US 8.8.8.8:53 client.wns.windows.com udp
GB 20.90.156.32:443 client.wns.windows.com tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
GB 18.245.218.123:443 ad.ldplayer.net tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 8.8.8.8:53 mc6.reasonsecurity.com udp
US 52.34.150.127:443 mc6.reasonsecurity.com tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 8.8.8.8:53 127.150.34.52.in-addr.arpa udp
US 34.202.119.205:443 track.analytics-data.io tcp
US 34.202.119.205:443 track.analytics-data.io tcp
US 34.202.119.205:443 track.analytics-data.io tcp
GB 18.245.218.123:443 ad.ldplayer.net tcp
US 34.202.119.205:443 track.analytics-data.io tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 184.28.176.104:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 184.28.176.56:443 th.bing.com udp
GB 184.28.176.56:443 th.bing.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 tse4.mm.bing.net udp
US 8.8.8.8:53 tse4.mm.bing.net udp
US 8.8.8.8:53 tse3.mm.bing.net udp
US 150.171.28.10:443 tse3.mm.bing.net tcp
US 150.171.28.10:443 tse3.mm.bing.net tcp
US 150.171.28.10:443 tse3.mm.bing.net tcp
US 150.171.28.10:443 tse3.mm.bing.net tcp
US 150.171.27.10:443 tse3.mm.bing.net tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 172.217.168.238:443 www.youtube.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
NL 172.217.168.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
NL 216.58.214.14:443 www.youtube.com tcp
NL 172.217.168.238:443 www.youtube.com udp
NL 216.58.214.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.54:443 i.ytimg.com tcp
GB 92.123.140.42:443 bzib.nelreports.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
NL 172.217.168.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.250.179.134:443 static.doubleclick.net tcp
NL 172.217.168.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
NL 216.58.214.14:443 www.youtube.com tcp
NL 216.58.214.14:443 www.youtube.com tcp
NL 216.58.214.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 216.58.214.14:443 www.youtube.com udp
NL 172.217.168.206:443 www.youtube.com tcp
US 8.8.8.8:53 234.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
GB 51.11.108.188:443 dl-edge.smartscreen.microsoft.com tcp
NL 172.217.168.206:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
US 8.8.8.8:53 214.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-4g5lzne6.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-4g5lzne6.googlevideo.com udp
DE 74.125.160.234:443 rr5---sn-4g5lzne6.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.179.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 234.160.125.74.in-addr.arpa udp
NL 142.250.179.202:443 jnn-pa.googleapis.com udp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
NL 216.58.214.14:443 play.google.com udp
NL 142.250.179.214:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 i9.ytimg.com udp
US 8.8.8.8:53 i9.ytimg.com udp
NL 142.250.179.142:443 i9.ytimg.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
NL 142.250.179.142:443 youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.250.179.134:443 static.doubleclick.net tcp
NL 142.250.179.142:443 www.youtube.com udp
NL 216.58.214.14:443 www.youtube.com udp
GB 184.28.176.104:443 www.bing.com udp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
N/A 127.0.0.1:6467 tcp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
N/A 127.0.0.1:6471 tcp
N/A 127.0.0.1:6472 tcp
US 8.8.8.8:53 www.tumblr.com udp
US 8.8.8.8:53 www.tumblr.com udp
US 8.8.8.8:53 www.tumblr.com udp
US 192.0.77.40:443 www.tumblr.com tcp
US 192.0.77.40:443 www.tumblr.com tcp
US 8.8.8.8:53 64.media.tumblr.com udp
US 8.8.8.8:53 64.media.tumblr.com udp
US 8.8.8.8:53 assets.tumblr.com udp
US 192.0.77.3:443 64.media.tumblr.com tcp
US 192.0.77.40:443 www.tumblr.com tcp
US 192.0.77.40:443 www.tumblr.com tcp
US 192.0.77.40:443 www.tumblr.com tcp
US 8.8.8.8:53 40.77.0.192.in-addr.arpa udp
US 192.0.77.40:443 www.tumblr.com udp
US 192.0.77.40:443 www.tumblr.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 cdn.parsely.com udp
US 8.8.8.8:53 cdn.parsely.com udp
US 192.0.77.32:443 s0.wp.com tcp
GB 13.224.243.39:443 cdn.parsely.com tcp
US 8.8.8.8:53 p1.parsely.com udp
US 8.8.8.8:53 p1.parsely.com udp
IE 63.34.81.234:443 p1.parsely.com tcp
US 8.8.8.8:53 o248881.ingest.sentry.io udp
US 8.8.8.8:53 o248881.ingest.sentry.io udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 34.120.195.249:443 o248881.ingest.sentry.io tcp
US 8.8.8.8:53 3.77.0.192.in-addr.arpa udp
US 192.0.76.3:443 pixel.wp.com tcp
US 8.8.8.8:53 234.81.34.63.in-addr.arpa udp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 192.0.76.3:443 pixel.wp.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.tumblr.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
NL 142.250.179.174:443 translate.google.com tcp
GB 18.154.84.84:443 cdn.amplitude.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 84.84.154.18.in-addr.arpa udp
US 35.165.49.51:443 api.amplitude.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
NL 142.251.36.10:443 translate.googleapis.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
NL 142.250.102.154:443 stats.g.doubleclick.net tcp
NL 172.217.168.195:443 www.google.co.uk udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
IE 63.34.81.234:443 p1.parsely.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
NL 142.250.179.202:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 download2344.mediafire.com udp
US 8.8.8.8:53 download2344.mediafire.com udp
US 199.91.155.85:443 download2344.mediafire.com tcp
US 8.8.8.8:53 85.155.91.199.in-addr.arpa udp
NL 142.251.36.10:443 translate-pa.googleapis.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 192.0.77.40:443 www.tumblr.com udp
GB 184.28.176.56:443 www.bing.com udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
US 104.16.114.74:443 www.mediafire.com udp
GB 184.28.176.56:443 www.bing.com udp
NL 172.217.168.206:443 www.youtube.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 104.16.114.74:443 www.mediafire.com udp
GB 184.28.176.56:443 www.bing.com udp
US 8.8.8.8:53 api.reasonsecurity.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 235.1.22.104.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.206:443 www.youtube.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
GB 184.28.176.104:443 www.bing.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 216.58.214.14:443 play.google.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 sf.symcd.com udp
DE 152.199.19.74:80 sf.symcd.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 ocsp.catcert.cat udp
ES 93.115.204.43:80 ocsp.catcert.cat tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 43.204.115.93.in-addr.arpa udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
GB 184.28.176.56:443 www.bing.com udp
US 8.8.8.8:53 appealsozvmio.shop udp
US 172.67.199.173:443 appealsozvmio.shop tcp
US 104.21.47.141:443 celebratioopz.shop tcp
US 8.8.8.8:53 writerospzm.shop udp
US 172.67.166.231:443 writerospzm.shop tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 141.47.21.104.in-addr.arpa udp
US 8.8.8.8:53 231.166.67.172.in-addr.arpa udp
US 8.8.8.8:53 deallerospfosu.shop udp
US 172.67.204.20:443 deallerospfosu.shop tcp
US 8.8.8.8:53 bassizcellskz.shop udp
US 104.21.46.242:443 bassizcellskz.shop tcp
US 8.8.8.8:53 20.204.67.172.in-addr.arpa udp
US 8.8.8.8:53 mennyudosirso.shop udp
US 172.67.140.31:443 mennyudosirso.shop tcp
US 8.8.8.8:53 242.46.21.104.in-addr.arpa udp
US 8.8.8.8:53 languagedscie.shop udp
US 104.21.35.48:443 languagedscie.shop tcp
US 8.8.8.8:53 complaintsipzzx.shop udp
US 172.67.158.159:443 complaintsipzzx.shop tcp
US 8.8.8.8:53 31.140.67.172.in-addr.arpa udp
US 8.8.8.8:53 48.35.21.104.in-addr.arpa udp
US 8.8.8.8:53 quialitsuzoxm.shop udp
US 172.67.137.188:443 quialitsuzoxm.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 159.158.67.172.in-addr.arpa udp
US 8.8.8.8:53 188.137.67.172.in-addr.arpa udp
US 8.8.8.8:53 tenntysjuxmz.shop udp
US 172.67.141.209:443 tenntysjuxmz.shop tcp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
US 172.67.199.173:443 appealsozvmio.shop tcp
US 104.21.47.141:443 celebratioopz.shop tcp
US 8.8.8.8:53 209.141.67.172.in-addr.arpa udp
US 172.67.166.231:443 writerospzm.shop tcp
US 172.67.204.20:443 deallerospfosu.shop tcp
US 104.21.46.242:443 bassizcellskz.shop tcp
US 172.67.140.31:443 mennyudosirso.shop tcp
US 104.21.35.48:443 languagedscie.shop tcp
US 172.67.158.159:443 complaintsipzzx.shop tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.214:443 i.ytimg.com udp
US 172.67.137.188:443 quialitsuzoxm.shop tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 214.168.217.172.in-addr.arpa udp
US 172.67.141.209:443 tenntysjuxmz.shop tcp
NL 142.250.179.174:443 www.youtube.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 184.28.176.56:443 r.bing.com udp
GB 184.28.176.56:443 r.bing.com udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.179.142:443 www.youtube.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
NL 142.250.179.142:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
NL 216.58.214.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.39.118:443 i.ytimg.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.134:443 static.doubleclick.net udp
NL 216.58.214.14:443 play.google.com udp
US 8.8.8.8:53 118.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 rr1---sn-4g5edndd.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-4g5edndd.googlevideo.com udp
DE 172.217.133.166:443 rr1---sn-4g5edndd.googlevideo.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.250.179.134:443 static.doubleclick.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 216.58.214.14:443 play.google.com udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
NL 142.251.39.97:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 gamingbeasts.com udp
US 8.8.8.8:53 gamingbeasts.com udp
US 104.26.15.250:443 gamingbeasts.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:443 stats.wp.com udp
US 8.8.8.8:53 250.15.26.104.in-addr.arpa udp
US 8.8.8.8:53 https-gamingbeasts-com.disqus.com udp
US 8.8.8.8:53 https-gamingbeasts-com.disqus.com udp
US 199.232.192.134:443 https-gamingbeasts-com.disqus.com tcp
US 199.232.192.134:443 https-gamingbeasts-com.disqus.com tcp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 151.101.192.134:443 disqus.com tcp
GB 13.224.132.33:443 c.disquscdn.com tcp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 gamingbeasts.com udp
US 8.8.8.8:53 tempest.services.disqus.com udp
US 8.8.8.8:53 tempest.services.disqus.com udp
US 8.8.8.8:53 referrer.disqus.com udp
US 8.8.8.8:53 referrer.disqus.com udp
US 8.8.8.8:53 gamingbeasts.com udp
US 199.232.196.64:443 tempest.services.disqus.com tcp
US 199.232.192.134:443 referrer.disqus.com tcp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 disqus.com udp
US 151.101.192.134:443 disqus.com tcp
US 151.101.192.134:443 disqus.com tcp
US 8.8.8.8:53 tsyndicate.com udp
US 8.8.8.8:53 tsyndicate.com udp
DE 144.76.168.81:443 tsyndicate.com tcp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 134.192.101.151.in-addr.arpa udp
US 8.8.8.8:53 33.132.224.13.in-addr.arpa udp
US 8.8.8.8:53 81.168.76.144.in-addr.arpa udp
GB 13.224.132.2:443 c.disquscdn.com tcp
US 8.8.8.8:53 uvi-9125.agenteimmobiliare.info udp
US 8.8.8.8:53 uvi-9125.agenteimmobiliare.info udp
US 8.8.8.8:53 pxl.tsyndicate.com udp
US 172.67.180.218:443 uvi-9125.agenteimmobiliare.info udp
US 172.67.180.218:443 uvi-9125.agenteimmobiliare.info udp
DE 116.202.244.171:443 pxl.tsyndicate.com tcp
US 8.8.8.8:53 s.optnx.com udp
NL 95.211.229.248:443 s.optnx.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 s3t3d2y8.afcdn.net udp
US 8.8.8.8:53 s3t3d2y8.afcdn.net udp
US 8.8.8.8:53 2.132.224.13.in-addr.arpa udp
US 8.8.8.8:53 248.229.211.95.in-addr.arpa udp
GB 84.17.50.9:443 s3t3d2y8.afcdn.net tcp
US 8.8.8.8:53 referrer.disqus.com udp
US 8.8.8.8:53 referrer.disqus.com udp
US 199.232.196.134:443 referrer.disqus.com tcp
US 8.8.8.8:53 cdn.viglink.com udp
US 8.8.8.8:53 cdn.viglink.com udp
GB 18.164.68.65:443 cdn.viglink.com tcp
US 199.232.196.134:443 referrer.disqus.com tcp
US 199.232.192.134:443 referrer.disqus.com tcp
US 8.8.8.8:53 links.services.disqus.com udp
US 8.8.8.8:53 links.services.disqus.com udp
US 199.232.192.64:443 links.services.disqus.com tcp
US 8.8.8.8:53 9.50.17.84.in-addr.arpa udp
US 8.8.8.8:53 65.68.164.18.in-addr.arpa udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 34.120.95.133:443 downloads.digitaltrends.com tcp
US 34.120.95.133:443 downloads.digitaltrends.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 htlbid.com udp
US 8.8.8.8:53 htlbid.com udp
US 8.8.8.8:53 sc.dgtcdn.net udp
US 8.8.8.8:53 sc.dgtcdn.net udp
GB 18.164.68.75:443 htlbid.com tcp
US 151.101.65.91:443 sc.dgtcdn.net tcp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 sdk.privacy-center.org udp
GB 13.224.222.112:443 sdk.privacy-center.org tcp
US 151.101.65.91:443 sc.dgtcdn.net udp
US 8.8.8.8:53 133.95.120.34.in-addr.arpa udp
US 8.8.8.8:53 75.68.164.18.in-addr.arpa udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 34.120.95.133:443 downloads.digitaltrends.com udp
US 8.8.8.8:53 screenshots.dgtcdn.net udp
US 8.8.8.8:53 screenshots.dgtcdn.net udp
US 151.101.65.91:443 screenshots.dgtcdn.net udp
US 8.8.8.8:53 consent.cookiebot.com udp
US 8.8.8.8:53 cdn-magiclinks.trackonomics.net udp
US 8.8.8.8:53 cdn-magiclinks.trackonomics.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
GB 13.224.222.112:443 sdk.privacy-center.org udp
GB 173.222.211.80:443 consent.cookiebot.com tcp
GB 18.245.218.90:443 cdn-magiclinks.trackonomics.net tcp
US 151.101.129.91:443 screenshots.dgtcdn.net tcp
US 151.101.129.91:443 screenshots.dgtcdn.net tcp
US 151.101.129.91:443 screenshots.dgtcdn.net tcp
US 151.101.129.91:443 screenshots.dgtcdn.net tcp
US 151.101.129.91:443 screenshots.dgtcdn.net tcp
US 151.101.129.91:443 screenshots.dgtcdn.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
DE 157.90.33.68:443 push-sdk.com tcp
US 8.8.8.8:53 80.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 90.218.245.18.in-addr.arpa udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
GB 23.53.172.14:443 consentcdn.cookiebot.com tcp
US 8.8.8.8:53 pub.doubleverify.com udp
US 8.8.8.8:53 pub.doubleverify.com udp
US 104.18.167.224:443 pub.doubleverify.com udp
US 8.8.8.8:53 static.chartbeat.com udp
US 8.8.8.8:53 static.chartbeat.com udp
US 8.8.8.8:53 p.gcprivacy.com udp
US 8.8.8.8:53 p.gcprivacy.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 storage.googleapis.com udp
US 8.8.8.8:53 storage.googleapis.com udp
US 8.8.8.8:53 di-images.sftcdn.net udp
US 8.8.8.8:53 di-images.sftcdn.net udp
DE 157.90.33.68:443 push-sdk.com tcp
GB 54.192.137.81:443 p.gcprivacy.com tcp
GB 18.244.161.205:443 static.chartbeat.com tcp
US 104.18.21.97:443 cdn.confiant-integrations.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
US 151.101.65.91:443 di-images.sftcdn.net tcp
NL 142.251.39.123:443 storage.googleapis.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 14.172.53.23.in-addr.arpa udp
US 8.8.8.8:53 224.167.18.104.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.18.167.224:443 pub.doubleverify.com udp
US 8.8.8.8:53 ping.chartbeat.net udp
DE 157.90.33.68:443 push-sdk.com tcp
US 100.25.52.82:443 ping.chartbeat.net tcp
US 34.239.71.74:443 p2.gcprivacy.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
GB 18.244.138.116:443 aax.amazon-adsystem.com tcp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
GB 18.245.143.100:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 ams-pageview-public.s3.amazonaws.com udp
US 8.8.8.8:53 ams-pageview-public.s3.amazonaws.com udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 52.217.41.244:443 ams-pageview-public.s3.amazonaws.com tcp
IE 54.77.158.234:443 bcp.crwdcntrl.net tcp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 97.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 81.137.192.54.in-addr.arpa udp
US 8.8.8.8:53 205.161.244.18.in-addr.arpa udp
US 8.8.8.8:53 123.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 82.52.25.100.in-addr.arpa udp
US 8.8.8.8:53 74.71.239.34.in-addr.arpa udp
US 8.8.8.8:53 116.138.244.18.in-addr.arpa udp
US 8.8.8.8:53 244.41.217.52.in-addr.arpa udp
US 8.8.8.8:53 146.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 imgsct.cookiebot.com udp
US 8.8.8.8:53 imgsct.cookiebot.com udp
US 8.8.8.8:53 a.ad.gt udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 18.244.138.116:443 aax.amazon-adsystem.com tcp
GB 23.53.172.14:443 imgsct.cookiebot.com tcp
US 104.22.4.69:443 a.ad.gt tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 api.privacy-center.org udp
US 8.8.8.8:53 api.privacy-center.org udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
GB 108.138.233.47:443 api.privacy-center.org tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 grid.bidswitch.net udp
US 8.8.8.8:53 grid.bidswitch.net udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 krk2.kargo.com udp
US 8.8.8.8:53 krk2.kargo.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 s.seedtag.com udp
US 8.8.8.8:53 s.seedtag.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.210.212:443 ib.adnxs.com tcp
US 34.149.50.64:443 s.seedtag.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 34.120.63.153:443 prebid.media.net tcp
DE 35.156.68.29:443 krk2.kargo.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
GB 108.138.233.47:443 api.privacy-center.org udp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
IE 54.194.23.86:443 pixel.adsafeprotected.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com udp
US 8.8.8.8:53 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com udp
US 8.8.8.8:53 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
NL 142.250.179.193:443 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com tcp
NL 142.250.179.193:443 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 47.233.138.108.in-addr.arpa udp
US 8.8.8.8:53 64.50.149.34.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 212.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 29.68.156.35.in-addr.arpa udp
US 8.8.8.8:53 86.23.194.54.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.39.97:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 protected-by.clarium.io udp
US 8.8.8.8:53 protected-by.clarium.io udp
IE 52.16.96.17:443 protected-by.clarium.io tcp
NL 142.250.179.193:443 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com udp
US 8.8.8.8:53 4e6bfed5207cebd2a4ee6c71e6692089.safeframe.googlesyndication.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 34.120.63.153:443 prebid.media.net udp
US 172.64.151.101:443 htlb.casalemedia.com udp
US 34.149.50.64:443 s.seedtag.com udp
IE 52.16.96.17:443 protected-by.clarium.io tcp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
US 8.8.8.8:53 17.96.16.52.in-addr.arpa udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 fid.agkn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 x.bidswitch.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
US 34.160.46.1:443 fid.agkn.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 1.46.160.34.in-addr.arpa udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 dnacdn.net udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 151.101.65.91:443 di-images.sftcdn.net udp
US 8.8.8.8:53 cdn.jwplayer.com udp
US 8.8.8.8:53 cdn.jwplayer.com udp
GB 18.165.242.95:443 cdn.jwplayer.com tcp
DE 157.90.33.68:443 push-sdk.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
GB 18.165.242.95:443 cdn.jwplayer.com tcp
US 8.8.8.8:53 ssl.p.jwpcdn.com udp
US 8.8.8.8:53 ssl.p.jwpcdn.com udp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 151.101.2.114:443 ssl.p.jwpcdn.com tcp
US 151.101.2.114:443 ssl.p.jwpcdn.com tcp
DE 157.90.33.68:443 push-sdk.com tcp
US 8.8.8.8:53 95.242.165.18.in-addr.arpa udp
DE 157.90.33.68:443 push-sdk.com tcp
US 8.8.8.8:53 assets-jpcust.jwpsrv.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 151.101.2.114:443 assets-jpcust.jwpsrv.com tcp
US 8.8.8.8:53 videos-cloudfront-usp.jwpsrv.com udp
US 52.217.41.244:443 ams-pageview-public.s3.amazonaws.com tcp
US 8.8.8.8:53 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
GB 99.86.114.74:443 videos-cloudfront-usp.jwpsrv.com tcp
US 8.8.8.8:53 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com udp
US 52.217.41.244:443 ams-pageview-public.s3.amazonaws.com tcp
NL 142.250.179.193:443 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 74.114.86.99.in-addr.arpa udp
US 8.8.8.8:53 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 34.160.46.1:443 fid.agkn.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 998d9033bf71bbb280b881452e94ef9c.safeframe.googlesyndication.com udp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 prd.jwpltx.com udp
US 8.8.8.8:53 prd.jwpltx.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
GB 108.156.39.61:443 prd.jwpltx.com tcp
GB 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 136.193.25.184.in-addr.arpa udp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
GB 173.222.211.115:443 cdn.akamai.steamstatic.com tcp
GB 173.222.211.104:443 shared.akamai.steamstatic.com tcp
GB 173.222.211.104:443 shared.akamai.steamstatic.com tcp
GB 173.222.211.104:443 shared.akamai.steamstatic.com tcp
GB 173.222.211.104:443 shared.akamai.steamstatic.com tcp
GB 173.222.211.104:443 shared.akamai.steamstatic.com tcp
GB 173.222.211.104:443 shared.akamai.steamstatic.com tcp
GB 173.222.211.115:443 cdn.akamai.steamstatic.com tcp
GB 173.222.211.115:443 cdn.akamai.steamstatic.com tcp
GB 173.222.211.115:443 cdn.akamai.steamstatic.com tcp
GB 173.222.211.115:443 cdn.akamai.steamstatic.com tcp
GB 173.222.211.115:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 105.211.222.173.in-addr.arpa udp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 115.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 video.akamai.steamstatic.com udp
GB 173.222.211.130:443 video.akamai.steamstatic.com tcp
US 8.8.8.8:53 104.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
GB 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
GB 173.222.211.89:443 clan.akamai.steamstatic.com tcp
GB 173.222.211.89:443 clan.akamai.steamstatic.com tcp
US 8.8.8.8:53 89.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
NL 178.250.1.8:443 grid.bidswitch.net tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
DE 157.90.33.68:443 push-sdk.com tcp
DE 157.90.33.68:443 push-sdk.com tcp
DE 157.90.33.68:443 push-sdk.com tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
NL 142.250.179.193:443 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
N/A 127.0.0.1:27060 tcp
US 8.8.8.8:53 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
NL 178.250.1.11:443 dnacdn.net tcp
NL 178.250.1.11:443 dnacdn.net tcp
NL 178.250.1.11:443 dnacdn.net tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 protected-by.clarium.io udp
US 8.8.8.8:53 protected-by.clarium.io udp
IE 52.19.196.221:443 protected-by.clarium.io tcp
NL 142.250.179.162:443 www.googletagservices.com tcp
NL 142.250.179.162:443 www.googletagservices.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 56ca10a312363e911e59f1c1aec83b6f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 s0.2mdn.net udp
NL 142.251.36.6:443 s0.2mdn.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 221.196.19.52.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 92.123.143.232:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
DE 157.90.33.68:443 push-sdk.com tcp
NL 142.250.179.162:443 www.googletagservices.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
NL 185.89.210.212:443 ib.adnxs.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
DE 157.90.33.68:443 push-sdk.com tcp
DE 157.90.33.68:443 push-sdk.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
US 52.217.41.244:443 ams-pageview-public.s3.amazonaws.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com udp
US 8.8.8.8:53 d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com udp
US 8.8.8.8:53 d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
NL 142.250.179.193:443 d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
NL 142.250.179.193:443 d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com udp
US 8.8.8.8:53 d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
DE 157.90.33.68:443 push-sdk.com tcp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
DE 157.90.33.68:443 push-sdk.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 d639e1363cbc51e0b34676fafaaa0a63.safeframe.googlesyndication.com udp
DE 157.90.33.68:443 push-sdk.com tcp
US 8.8.8.8:53 downloads.digitaltrends.com udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 5de0153288ecb64a6d9d6add3e3bd773.safeframe.googlesyndication.com udp
US 8.8.8.8:53 5de0153288ecb64a6d9d6add3e3bd773.safeframe.googlesyndication.com udp
US 8.8.8.8:53 5de0153288ecb64a6d9d6add3e3bd773.safeframe.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
NL 142.250.179.193:443 5de0153288ecb64a6d9d6add3e3bd773.safeframe.googlesyndication.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 www.google.com udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 5de0153288ecb64a6d9d6add3e3bd773.safeframe.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 5de0153288ecb64a6d9d6add3e3bd773.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 downloads.digitaltrends.com udp
US 8.8.8.8:53 store.steampowered.com udp
GB 184.25.193.136:443 store.steampowered.com tcp
N/A 127.0.0.1:27060 tcp
N/A 127.0.0.1:27060 tcp
US 8.8.8.8:53 help.steampowered.com udp
US 8.8.8.8:53 help.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
GB 184.28.176.104:443 www.bing.com udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 184.25.193.136:443 store.steampowered.com tcp
GB 184.28.176.104:443 www.bing.com udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
GB 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 video.akamai.steamstatic.com udp
US 8.8.8.8:53 video.akamai.steamstatic.com udp
GB 173.222.211.130:443 video.akamai.steamstatic.com tcp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 update.reasonsecurity.com udp
GB 18.154.84.26:443 update.reasonsecurity.com tcp
US 8.8.8.8:53 26.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 51.245.100.95.in-addr.arpa udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 ping.chartbeat.net udp
US 34.238.101.65:443 ping.chartbeat.net tcp
US 8.8.8.8:53 65.101.238.34.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 92.123.143.232:443 sadownload.mcafee.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

MD5 d9cb0b4a66458d85470ccf9b3575c0e7
SHA1 1572092be5489725cffbabe2f59eba094ee1d8a1
SHA256 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05
SHA512 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6

memory/6300-18-0x0000000073690000-0x00000000736A6000-memory.dmp

memory/6300-17-0x0000000006630000-0x0000000006646000-memory.dmp

memory/6300-20-0x00000000096F0000-0x0000000009C94000-memory.dmp

memory/6300-21-0x00000000093E0000-0x0000000009472000-memory.dmp

memory/6300-31-0x00000000013D0000-0x0000000001414000-memory.dmp

memory/6300-32-0x000000000A3D0000-0x000000000A46C000-memory.dmp

memory/6300-34-0x000000000A9A0000-0x000000000AECC000-memory.dmp

memory/6300-33-0x0000000003280000-0x00000000032E6000-memory.dmp

memory/6300-35-0x000000000A8A0000-0x000000000A8AA000-memory.dmp

memory/6300-36-0x000000000B0B0000-0x000000000B100000-memory.dmp

memory/6300-37-0x000000000BAD0000-0x000000000BB82000-memory.dmp

memory/6300-38-0x000000000BA70000-0x000000000BA8A000-memory.dmp

memory/6300-39-0x000000000BBD0000-0x000000000BBE2000-memory.dmp

memory/6300-40-0x000000000BC40000-0x000000000BC60000-memory.dmp

memory/6300-41-0x000000000BCA0000-0x000000000BCD2000-memory.dmp

memory/6300-42-0x000000000BD50000-0x000000000BDB6000-memory.dmp

memory/6300-43-0x000000000BCE0000-0x000000000BCFE000-memory.dmp

memory/6300-44-0x000000000BD30000-0x000000000BD4A000-memory.dmp

memory/6736-50-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp

memory/6736-49-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp

memory/6736-48-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp

memory/6736-60-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp

memory/6736-59-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp

memory/6736-58-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp

memory/6736-57-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp

memory/6736-56-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp

memory/6736-55-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp

memory/6736-54-0x0000018BB81C0000-0x0000018BB81C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe

MD5 5ed95f2fe473989033e71bcede79444b
SHA1 c66d9e432c756e6f842553c0db9adc80fa751c8d
SHA256 3a0ef7b9ecc0c0626aadde7ac1d7f9338e59d08355fc5860c83a9804bd060e6a
SHA512 a6f3eb87870cc1ac6d11d081f87910b93adca0f41f3260ffadeaec14d2540be34ebfd19fbe2bbff3cbc52d1b3dfda7e182780be5a9bedb02f9f33583d1d916da

memory/2540-64-0x000001D62FC60000-0x000001D62FC68000-memory.dmp

memory/2540-68-0x000001D64A600000-0x000001D64AB28000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

C:\Users\Admin\AppData\Local\Temp\atqcxwfn.exe

MD5 7326c0587df89e878451efb3b3a24f98
SHA1 f87c2f39db33e5ff3edaa179d3ea3a223c9a7676
SHA256 c4c0f5a6e0db5761f72172ad4ba4376bbe3a7fe4dc3c49897d30fcf6c5fe21fc
SHA512 3c217da4f04ae92f62bed53a2f0087502061dcd78b80e9f64d8f7f5c052b71d1be9391af7efb90bc0a57cebcf2011472f1feb7a6404031bd1ad8e7d751d174d4

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\UnifiedStub-installer.exe

MD5 493d5868e37861c6492f3ac509bed205
SHA1 1050a57cf1d2a375e78cc8da517439b57a408f09
SHA256 dc5bc92e51f06e9c66e3933d98dc8f8d217bc74b71f93d900e4d42b1fb5cc64f
SHA512 e7e37075a1c389e0cad24ce2c899e89c4970e52b3f465d372a7bc171587ed1ee7d4f0a6ba44ab40b18fdf0689f4e29dfdbccbabb07e0f004ef2f894cb20d995d

memory/7948-202-0x000001CBD2360000-0x000001CBD246C000-memory.dmp

memory/7948-206-0x000001CBD2840000-0x000001CBD2870000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\rsLogger.dll

MD5 1cfc3fc56fe40842094c7506b165573a
SHA1 023b3b389fdfa7a9557623b2742f0f40e4784a5c
SHA256 187da6a5ab64c9b814ab8e1775554688ad3842c3f52f5f318291b9a37d846aa2
SHA512 6bd1ceaf12950d047a87fd2d9c1884c7ac6e45bd94f11be8df8144ddd3f71db096469d1c775cf1cb8bc7926f922e5a6676b759707053e2332aa66f86c951fbc0

memory/7948-204-0x000001CBD4050000-0x000001CBD4096000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\rsStubLib.dll

MD5 3bcbeaab001f5d111d1db20039238753
SHA1 4a9c0048bbbf04aa9fe3dfb9ce3b959da5d960f8
SHA256 897131dd2f9d1e08d66ae407fe25618c8affb99b6da54378521bf4403421b01a
SHA512 de6cde3ad47e6f3982e089700f6184e147a61926f33ead4e2ff5b00926cfc55eb28be6f63eea53f7d15f555fd820453dd3211f0ba766cb3e939c14bb5e0cfc4c

memory/7948-208-0x000001CBECC20000-0x000001CBECCD2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\Newtonsoft.Json.dll

MD5 4f0f111120d0d8d4431974f70a1fdfe1
SHA1 b81833ac06afc6b76fb73c0857882f5f6d2a4326
SHA256 d043e6cde1f4d8396978cee2d41658b307be0ca4698c92333814505aa0ccab9a
SHA512 e123d2f9f707eb31741ef8615235e714a20c6d754a13a97d0414c46961c3676025633eb1f65881b2d6d808ec06a70459c860411d6dd300231847b01ed0ce9750

memory/7948-209-0x000001CBD40D0000-0x000001CBD40F2000-memory.dmp

memory/7948-211-0x000001CBD4100000-0x000001CBD412E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\rsAtom.dll

MD5 dc15f01282dc0c87b1525f8792eaf34e
SHA1 ad4fdf68a8cffedde6e81954473dcd4293553a94
SHA256 cc036bcf74911fe5afb8e9fcc0d52b3f08b4961bcda4e50851eda4159b1c9998
SHA512 54ee7b7a638d0defcff3a80f0c87705647b722d3d177bc11e80bfe6062a41f138ef99fc8e4c42337b61c0407469ef684b704f710b8ead92b83a14f609f0bc078

memory/7948-216-0x000001CBECB90000-0x000001CBECBE8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\Microsoft.Win32.TaskScheduler.dll

MD5 e6a31390a180646d510dbba52c5023e6
SHA1 2ac7bac9afda5de2194ca71ee4850c81d1dabeca
SHA256 cccc64ba9bbe3897c32f586b898f60ad0495b03a16ee3246478ee35e7f1063ec
SHA512 9fd39169769b70a6befc6056d34740629fcf680c9ba2b7d52090735703d9599455c033394f233178ba352199015a384989acf1a48e6a5b765b4b33c5f2971d42

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\uninstall-epp.exe

MD5 79638251b5204aa3929b8d379fa296bb
SHA1 9348e842ba18570d919f62fe0ed595ee7df3a975
SHA256 5bedfd5630ddcd6ab6cc6b2a4904224a3cb4f4d4ff0a59985e34eea5cd8cf79d
SHA512 ab234d5815b48555ddebc772fae5fa78a64a50053bdf08cc3db21c5f7d0e3154e0726dacfc3ea793a28765aea50c7a73011f880363cbc8d39a1c62e5ed20c5a9

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\rsSyncSvc.exe

MD5 f2738d0a3df39a5590c243025d9ecbda
SHA1 2c466f5307909fcb3e62106d99824898c33c7089
SHA256 6d61ac8384128e2cf3dcd451a33abafab4a77ed1dd3b5a313a8a3aaec2b86d21
SHA512 4b5ed5d80d224f9af1599e78b30c943827c947c3dc7ee18d07fe29b22c4e4ecdc87066392a03023a684c4f03adc8951bb5b6fb47de02fb7db380f13e48a7d872

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

MD5 6c847932d63660b0e0ad0b0a4b9780d2
SHA1 17139565a23b4a6cf1891296c8d1607ec7653a94
SHA256 ed60db47b383ab1f4f50b8542d22ce992c31f450ce9d33b946a84e0ebfd3cde4
SHA512 f8bb7521fb8f24dd12ef7e59731bb5e68cac0d75ad547216d97b6069e0ad48dc9a25c7917f760841df1604fbe43335ba039c299c3e2199eb6b1f8b53c4fd6b75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 8c21a1395766ae1b50d3f390af0c0d04
SHA1 15208bc5a61f6105441c60bbd79fdaf691c1e328
SHA256 439d4aec77df9bf6576eb45575a3bc47e9c5747fefc07a2ed8d80b48262e8b15
SHA512 6c6607b7866678d81d492241a353266980aae656908cd4181c7f735ae98384117b6b405ffbecf974ad69adcddbd10fb45e2e3abd80bf0a9020004b9d45c8e5fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 dcfb442aa95623a62fe713bb6c33e1c1
SHA1 63b3c80e79a54d344af8999adc17af2d28706a89
SHA256 348d268b4ab850b8bc555abf11fa1e6efdb1af1c6ba6f7511902cb66d3381bfe
SHA512 0a9b021ddb9eab7f5357839fdf57a0e91a7c3751903829f7fc535d7119758ea358cd49febc17d3f628840dbaf94c2513711ae5f7207a9e7527d90545dbc73df3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 94b5cb438aff2743cf8cdab9122a743c
SHA1 edc9ce72cb26e03e93f89bbc70e589781d64d1ed
SHA256 12469907a47559a0db9682c139c109b52373f95152bdba1e5cb5be1d662f99a6
SHA512 da290a6115f22ce01e586661e65887aec600607b14743bd6ff4b1901b5b3deebb73a798c33a3b0db9bfd925ccdc2a5b954d370c428608bc295461708a726adc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 66390c1ae148e79f7d4c1c9851a8480e
SHA1 52b6b198850b57c7fb361b576e55adc6d0b318cb
SHA256 dda79490b323e8323e70b5ba4f61ff83a80216393dc8f4d3f437ca4d14da7f34
SHA512 183dfc782a1d5c0280fc8b87fe0a6d892f6bb586f5ca07a80168781b698c1421daabae59121a7486c2e492054c467c35b654a958f62a6e108ed6f9b9c223d656

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 602fe26295e1fdb07a4a7c84c015f501
SHA1 51711c019a57cb4defe5ffed934a6ec6c80cf04f
SHA256 c4c3818ced09be5ccabcfe8b69c7f0d8bb9c525a0ce6737f9653fd57ce75c070
SHA512 df789546db5e43ee7d35bad9a74a2dd2d939d7d4deef538401258cce7be5a8b5ee7dd74b1b71cfa1e6e023188850013cbf72500f0c25b5c65f0b05f8ece776d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 a4c4c2528f9b3fcaa78c4e9614631ad9
SHA1 37e4bb70812ff49737d72d62f65506cb11dfa0a8
SHA256 c2357a728bb20a2ae83fdf4c4891ef64d6c426bdf6effddc5e09ce1adf6e7d50
SHA512 fbb2584f4def4918d57f69b06b9ad54f840c9bcc2f2ee82932123571196b32e5c1343696f0105f90ab6b2e57cb5fd829374dadeb8a5c6ef22a70b8b41ca35844

C:\Program Files\McAfee\Temp420790338\installer.exe

MD5 7891a2a1d8a263db846292708a8ed1f0
SHA1 4044ea34ca9d112133e3aa5aed14a7c0ea952d36
SHA256 6bf9a3e9f2874cc5474dc107a90c0484cf26c9c817a2f23a7e004b4e611180c0
SHA512 00abdd3086e0528063216fbb44b9bbd18890b7629579361b54f751e8a22e0a3ee4f05a483ac4c3188ebb2c85c45f6a5922e7f1db3beb1ca0303c0fcf122a220d

C:\Users\Admin\AppData\Local\Temp\mwaA396.tmp

MD5 662de59677aecac08c7f75f978c399da
SHA1 1f85d6be1fa846e4bc90f7a29540466cf3422d24
SHA256 1f5a798dde9e1b02979767e35f120d0c669064b9460c267fb5f007c290e3dceb
SHA512 e1186c3b3862d897d9b368da1b2964dba24a3a8c41de8bb5f86c503a0717df75a1c89651c5157252c94e2ab47ce1841183f5dde4c3a1e5f96cb471bf20b3fdd0

C:\Program Files\McAfee\Temp420790338\browserhost.cab

MD5 41840bd10dda1409adf6d83175c0d981
SHA1 b363a2922f5d69e22641bdbc3d070de324ae2d1f
SHA256 a94ff5f7d7b84a416eca7f6f42d9bd012d1051b91dc574633429bce822f51c12
SHA512 8828623e4965c88ea631010f2ede2e1c42b26183a00e50f665c37fff930956a7b4089629e24a728210fe61389dcc109386629280c3a5457e6072fe7ccd3820c1

C:\Program Files\McAfee\Temp420790338\logicmodule.cab

MD5 a56c6d0e52f42d6546dfc17d1b539294
SHA1 463071d9de6f6113d6d31890b50a49ca5af67354
SHA256 6c9941e674abe2cce976f8bb49d11235b1563281cba8736aed383f9b79eaabf3
SHA512 3f4a1211b17db79f276f9ae5ef9855f10780b2f8fce4d0308f672edd34399e6126e3f5694feb3c515d2d6afbd016830a987df28fc4390f5cfdb1d9d9b8e97e04

C:\Program Files\McAfee\Temp420790338\resourcedll.cab

MD5 05a260ee8a80494001fa1d4c7fa5a357
SHA1 029898a55602d45dc656d43585f05748f4a10e5e
SHA256 5e6b92af5b48255e96cdb4815204b597bcb01332da99f16a33239b30f9b9e2d9
SHA512 13adc543ed493498e1cf6d7087cec62e8dab689a9795101cf4df905dc6c3512effbb839e366c9abc1aadfebaff645cf31611e86f215e73d1fd6cb55178fb2d35

C:\Program Files\McAfee\Temp420790338\uimanager.cab

MD5 d386a056952aa84bdc20fc2e73075102
SHA1 7ecd4accd817e47a6b84c7e6f48eaee11fade196
SHA256 73453d0b006e9bbf3c0d47da6740dd058d456e317e694f8c617ffa80874c7299
SHA512 9f066df00221376ef5e790eb2c3cff8e70aea16604e5ede23294d1624b2d2746dbc46ada26dd355b15e02cafd2a11cf26267050fe5ccea1ba6a118006fe1de22

C:\Program Files\McAfee\Temp420790338\wssdep.cab

MD5 665c741b1f80de536088d951f0bc793c
SHA1 184f5a895a746de1a1c707cfb68d40745fef3f56
SHA256 abf588228567d558edc7adb950f5ac4067746564eacfaf6364611573bcad9909
SHA512 4929819e0d7b5ff9dc240e928c1cad96bc457d5f90c81949e6b481ab7ba3fc3e600c7a3e3b7bac435cba5626e336aeb03abe299efeb5c3c4c7fd3fc968ed3bde

memory/1716-467-0x00007FF6233D0000-0x00007FF6233E0000-memory.dmp

memory/1716-572-0x00007FF629330000-0x00007FF629340000-memory.dmp

C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll

MD5 4ea91a66a588314d28db2bd84568aab9
SHA1 ffbeed2b347f56035a0eecf5bc03934d69d2ae13
SHA256 257a14d199f6cbfcadab22e20e0a45692f151be6d3385e2bc53b761197f8b3b2
SHA512 76cb2a00eb94cec292d25088ff9950a186cc73ec2c79e42294657c22cc7c31d866526d8a464c06bcaa4a102f9d914ab470c96e4545e70dbb76293ba50c7914a7

C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll

MD5 6b8f4f525f49f76d673ddb7d8763b14d
SHA1 dc1110f8706baa9d3ebf25a503ec34442bcb5b1a
SHA256 caa333d19234f8ff90119ae0361aff6f01c74332851aae149f7f56f7c6b5a934
SHA512 d7a195eaa57f188565de096fff7c6e24535644fdd3ff0ea9a3b0b881e40d49a28b2ee30555b723d9714642331b309547fabdd13637f0d4889fde0a01774b69f3

C:\Program Files\McAfee\WebAdvisor\SettingManager.dll

MD5 e4d4d439488cb7c7cc43583016978e5b
SHA1 858a31bda072d1d9d4b91fdb7a6fb43219283b62
SHA256 e916b4f9e84660377a28f0a737349630d332931937afc0f759a8219ed6e17541
SHA512 545f961fd90f8c87b32a09fc5c091b17e98c36f037df2b89aa3455f6038485a7eee436225728f04b7612da53035f48e10d4be9f9dae22f0c012f98c6cd38156c

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

MD5 ad677f565503dc0f594c523e21c7c786
SHA1 4552aab5de1b677ce9c22b686daefbb1467a2724
SHA256 417bb7d1796f87f4c281097ea2c6e3af5eefa42f951375edaab7056249500e11
SHA512 0dbeb28011aba75b2262826ecb39cd597740aed7d0b0ba24643eedc56d593f9437355f0a953c40e0adfcc2dd16b1e770d1cebc3221c7fe438f6cfc14fca107bf

memory/1716-571-0x00007FF629330000-0x00007FF629340000-memory.dmp

memory/1716-569-0x00007FF629330000-0x00007FF629340000-memory.dmp

memory/1716-568-0x00007FF629330000-0x00007FF629340000-memory.dmp

memory/1716-566-0x00007FF629330000-0x00007FF629340000-memory.dmp

memory/1716-564-0x00007FF629330000-0x00007FF629340000-memory.dmp

memory/1716-537-0x00007FF629330000-0x00007FF629340000-memory.dmp

memory/1716-527-0x00007FF634E50000-0x00007FF634E60000-memory.dmp

memory/1716-526-0x00007FF634E50000-0x00007FF634E60000-memory.dmp

memory/1716-525-0x00007FF634E50000-0x00007FF634E60000-memory.dmp

memory/1716-524-0x00007FF634E50000-0x00007FF634E60000-memory.dmp

memory/1716-506-0x00007FF629330000-0x00007FF629340000-memory.dmp

memory/1716-500-0x00007FF634E50000-0x00007FF634E60000-memory.dmp

memory/1716-499-0x00007FF634E50000-0x00007FF634E60000-memory.dmp

memory/1716-497-0x00007FF634E50000-0x00007FF634E60000-memory.dmp

memory/1716-496-0x00007FF634E50000-0x00007FF634E60000-memory.dmp

memory/1716-495-0x00007FF634E50000-0x00007FF634E60000-memory.dmp

memory/1716-473-0x00007FF614100000-0x00007FF614110000-memory.dmp

memory/1716-465-0x00007FF67EA60000-0x00007FF67EA70000-memory.dmp

memory/1716-489-0x00007FF61E7A0000-0x00007FF61E7B0000-memory.dmp

memory/1716-487-0x00007FF63A660000-0x00007FF63A670000-memory.dmp

memory/1716-459-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-458-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-457-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-456-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-455-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-454-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-453-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-452-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-451-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-450-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-449-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-448-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-447-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-446-0x00007FF633970000-0x00007FF633980000-memory.dmp

C:\Program Files\McAfee\Temp420790338\webadvisor.cab

MD5 eb9dc6e92aaeb766ea0ddd6dc1675f18
SHA1 7ebb0b6a317cf2d3240094edf014aab8a5c71f9c
SHA256 a169c580b122ad54087903134984b54b6aa2deb76faf0f1534ff621ce7a8cc2f
SHA512 9f0e3d1c30ae3e5739c821730e5ba9deda71f425ae92b7a4ab00b29999db8d49dfb5d58ef4ed7b91ab8133ddd8fa2bcc709c8d5240c03cdee7a4c6ddf4b6cfec

C:\Program Files\McAfee\Temp420790338\wataskmanager.cab

MD5 ac05241d59f482ea308ee71758098453
SHA1 2203c08527c24f9c55e46ba700be1cf0383e741a
SHA256 d6b07588cc9f523f4fdb35b904a954ff594237f9330d68dbd7ea61751445464d
SHA512 4f1bda65555dbb4c4ece4c8e45c11de74267c373f92ff46811011894f72c72a3326e5ce96f90f39f4e94d9d9c89152e0ebeefb09539329d06b12e79f905b0bb3

memory/1716-442-0x00007FF633970000-0x00007FF633980000-memory.dmp

C:\Program Files\McAfee\Temp420790338\updater.cab

MD5 c4a33acb72e38f175643df1f4885fa08
SHA1 2f43ae32571b98209f06e477e241ace819e9a7c0
SHA256 b870afb0e5fac44d1ba71dbf40f47991f20b54f8926bd620b2dd2f44975e509e
SHA512 9488964b486546413019ea070a3d21aabd79e017c23942706c863a9a75b26e3417227e32a10a0e8c61bf3094b26e7a49dd7ed8b33b217a330b9210f3e1357e36

memory/1716-440-0x00007FF633970000-0x00007FF633980000-memory.dmp

C:\Program Files\McAfee\Temp420790338\uninstaller.cab

MD5 9b05a0c33183b3074bf15eb3e4188a08
SHA1 be04bf97d0120a4da92cc41a8044865a1221faee
SHA256 1fb7abd4977a7dc6f43113b21a4022b1097475f65cadd6d179ef0368beb28487
SHA512 1fc8be40429ea83b3f6fcc8418237613bf2d53efb044a088255026f10b91a422d61b71d472a8b6e45fa5674b08d9036c82fa92277e9bd898cc1fad89f4bed1fd

C:\Program Files\McAfee\Temp420790338\uihost.cab

MD5 d4b05b3d41b6349234b48e6c0a7ad2f8
SHA1 8d277c3eedf5a650a1ad25fc43609519aa0b773a
SHA256 93ba29bcf9b1d61cf1b8ac456141f3c2416506060741f3ee908de59451afc312
SHA512 028006c483c103ad2fad92f18fa3ce33b312380fb995d653b9a2d386d6a7b0cb42fbcc51cc8c1a600b7be227be3840ce5afb56c14679db09c27fe317c571df69

memory/1716-436-0x00007FF633970000-0x00007FF633980000-memory.dmp

C:\Program Files\McAfee\Temp420790338\telemetry.cab

MD5 656d5d8d3bccf3dddb443eeb6556dbe3
SHA1 b9c77ef1b9f64f2533086b9fc2024728b3e33034
SHA256 b09b64ea667d7638b054217d617dff83b3e2b0fec92271c4228df324124f4ef8
SHA512 6b2a29d66ec4663cdc14137a26c663a239fae440bd6a23f07d1e585fcfc4cfcbcdc8df08475edfcde012c808b67be70e30811b13bfcc0ee80b612fee3dfd38fa

C:\Program Files\McAfee\Temp420790338\taskmanager.cab

MD5 0894bdf9d21c032f464d71b1f5bd31ba
SHA1 0b60cc31217b1b24971eb39f67ba54291543fd69
SHA256 79bd696a281c3eeaf42e5373d46e9caa7993a0ca7d07bb6d9a6e034cd7f999cf
SHA512 e01a49270d2f272c0c984baf32b114a5d294ad463968fd821b82971075333937292c1026a61f135cd1eb851e2ec0d75e7766e2d61b613e40fe144ff7d2222764

memory/1716-433-0x00007FF633970000-0x00007FF633980000-memory.dmp

C:\Program Files\McAfee\Temp420790338\settingmanager.cab

MD5 abdcda6e45d446e3fac2227f1086b7f2
SHA1 850a5bc7abf58be91a844ce0f4bd91a587978d2e
SHA256 eedb70f956d92e3e2d7512f59c8f00637ba8f6dbc38ce357fcce0043a262006b
SHA512 d64f13a94f874cb48c6dc6b2c9ab0308df81de1a4d647891961e17da7e5f9da6c2e24e8693307591f9a171c5789816aaaf73727398bde4773e6ee973323018d8

memory/1716-431-0x00007FF633970000-0x00007FF633980000-memory.dmp

C:\Program Files\McAfee\Temp420790338\servicehost.cab

MD5 c8a4a500b1930513d44af040a04c3931
SHA1 0cebba3d1012035c4799e97457c4e7a6f118d836
SHA256 a2ec67d5b61acf73159bacdbeb4bc95ffb5a51010ab5bfbffa8600da03180de0
SHA512 cbe176ee7968ea8d84792f0abe78b049f455902aba5a7c87d3ffff3cd679749d417084e27c88c1dc8de36791ac0ce3b09e0ae9818555e1d0d69deccfc58ac63c

memory/1716-428-0x00007FF633970000-0x00007FF633980000-memory.dmp

C:\Program Files\McAfee\Temp420790338\mfw.cab

MD5 320a057206bdb5a7ce1a6cf9e7502557
SHA1 b851e2d941f013b74f64e50130481711460fd3a3
SHA256 9f5c0192d1e924a9e3ef4590ec4f2483bd59da98227bb24970180b000759055f
SHA512 1393d881255bd5c7562cbc956f112d2945af6fb53a3e80744f58702211df72cc549ff02d824de3f681f38b2dac45367db3f74d12b94328e4f7942d6c2b213bac

memory/1716-426-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-425-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-424-0x00007FF633970000-0x00007FF633980000-memory.dmp

C:\Program Files\McAfee\Temp420790338\mfw-webadvisor.cab

MD5 0f79f075560c6c91116f4162c268ae54
SHA1 b03607d04958038477fd4dd5adb2a2dc0632d6ca
SHA256 f89ab4291eae4b52e1adfa639f1776fb95ed411257a67b274e1f727e859bbc5b
SHA512 f7966211c9e24eeb495a01d8185740a60634de0dfb19e1e5e78ab2c3184086ef256b68f3ca0eec7475302c13eaefe13aecd9d123fe5f3486661de3df51dadaa6

memory/1716-422-0x00007FF633970000-0x00007FF633980000-memory.dmp

C:\Program Files\McAfee\Temp420790338\mfw-nps.cab

MD5 b9071741dd0de141bc57f3c43a911202
SHA1 9cef3cce37c8094a8609e39908fda7c8ade5b59b
SHA256 ec74a91cfb9d3ab75b0c33fd9f92140d00d2ff0a52d5080a6aa4dcef6834bfa4
SHA512 9e665f265f75e010ccfddb013c73e83b1d8b04eddfbc338deca8c982d5faaf4bbe2a9dc872e3d4739ec9ac29f0c74aa650effeea90d3967c8fb75d4c56032ccc

memory/1716-420-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-419-0x00007FF633970000-0x00007FF633980000-memory.dmp

C:\Program Files\McAfee\Temp420790338\mfw-mwb.cab

MD5 eeba6fe0bf59eea07384faea7b8b57e7
SHA1 8a7bc85e488c3063ad6fd644eaf66942d28be34a
SHA256 d2c592dcd51c0ccf979634bb969eda7b4b3d69d5e9b225fe15b5a0a9a8a0a45e
SHA512 8daba71ee57042972f796afecf3c7020020a4951bc1b9fd4c867935c6539bfd85e78c794e27e99912aff7d0d2d0ddb37e727de1955fd044dd36dc8b8364a9837

memory/1716-417-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-416-0x00007FF633970000-0x00007FF633980000-memory.dmp

C:\Program Files\McAfee\Temp420790338\lookupmanager.cab

MD5 a447b6c857ae29a8b8f2e3bff007df6c
SHA1 f3d245b7ef702290c82f8b6c35ef973bcc2acc99
SHA256 55fb14f82bdb042f9a231dd069451112a2a792e711b96e593e264652c87e3b90
SHA512 458838d2f2f9f5f4145db622dc44694a05caec9fb9d61fc7b600f108dfa5b0343dbbd99dd0a92ba938819cf4c5eb641c939cf9616d69f8ee049b8ae750e51d46

C:\Program Files\McAfee\Temp420790338\logicscripts.cab

MD5 c1adad2f314d114594aead6816ea02bf
SHA1 be8e53c61500376514848d007115293c88ea9b6d
SHA256 f27e1c439d4c9ca4296b7c463ce76ea15870dbb8210c58ab4ca5f20d01112f7f
SHA512 b6b5f50b81c24d801205ae9234ba5ffccdf25fe6c557fe284c83d80c7d0eac9e4f6ce5d3b2804484626269166f418476433101ab916bbfdde6535cefb876caa0

C:\Program Files\McAfee\Temp420790338\l10n.cab

MD5 fca9378018e30742bc2c1fdac03fad41
SHA1 46f9df6312920424d3f20914dab59874551f57ba
SHA256 df2a4c968dce5c9a03ce10e2d0ffa243fd20b94e0d1f60d49a2709353efc4a02
SHA512 0d39532169b19f240779129ecc49b4e582373350d51b73f3cfc91cf0b655f7845df48c57a219391926cd3105a5825f55a14db28c76be9ed9e8d9d4bfc5e54b78

C:\Program Files\McAfee\Temp420790338\eventmanager.cab

MD5 cb3c3baf9d0f30958c3b9df32352a058
SHA1 ca427e00cdaa32f39fb4a6df8ba1aff5b8200f16
SHA256 054ef467f43e73d3c5687966e8a2be5fe41ed099875ba179ea6a446cb8b75ee9
SHA512 9567c4fc176e31a5ee06769f103c8d4d03ef6b873827b3efffc09c4329620c1d817ccf641004c419e4438f69820681b223a185ad415991be3af70d60f70ab3f2

C:\Program Files\McAfee\Temp420790338\browserplugin.cab

MD5 253337eb5d13a9f79378de0904b0e448
SHA1 5dcf4b41d3ec3eda26e7e25c9221643b62468962
SHA256 05c9b53b895f9c79eb9e429f2bd11651a4b51018b9151fefe41d835212d515f5
SHA512 b7e2d2eb1dc29e1f5b87f73133ead258776aaf2ae21ba43d21d1fb91c61079cfd649be6c1aa2c2d9aa9982a1ba86978df18f677cec7b15919b1f2d44c888eef1

memory/1716-408-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-407-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-406-0x00007FF633970000-0x00007FF633980000-memory.dmp

memory/1716-405-0x00007FF633970000-0x00007FF633980000-memory.dmp

C:\Program Files\McAfee\Temp420790338\analyticstelemetry.cab

MD5 f9424b351f5fd545d96ccc3458777f3a
SHA1 fe13b0160e4cf4340952b4ce120ee4cc4ade29e4
SHA256 b7cbecfc093acfc824fbddac62e091b8bb04a1d0b59060e34cf715e1d93ae1c8
SHA512 dcc46a38db86aac6ba7e1083a7a5c0c9ff4aa91cfeee5c0a7ae6eb7f369521d8d575fa4261c3153a56777c851122139e781efff3ada9a1879450abd09702677a

C:\Program Files\McAfee\Temp420790338\analyticsmanager.cab

MD5 5be9597eb624a4897d79402c4cd34b6b
SHA1 0998b43ef247820ddaf7655a3ee527a64b8b41fd
SHA256 4d2c613e6cdd7ac00025b5da1329d52d63628257ff44a1686ac230f25cac2862
SHA512 524937dc6ccfa241f96dcd7c9e9df0be6d8faa680d4b641b8a49cc687884b7e5b3a6939e516e3486c89a3a706f0ff5318581eb05edcf84b8740ff64baf110b39

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 ab0c6b183284159b25381092acaaebec
SHA1 33775b860c71d7f6b94050c0d26517103a4c7a4a
SHA256 8cc09a9dad9a3731ee3f84d5d78ec1aa3b2beecb16e1f8e111f61a6ae6a2cf26
SHA512 d99a3d5bce3fc8617a073001e2f6de15dba6cbda48b4d65651bbb72902b921258414c98ecc1a092f59b2ccca8960e9456c66d5af0aa3fc1756c316db98e5a352

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 97e10d9b1d0fbb21788d3a4dfa174fe1
SHA1 6aa3234f1fd17258e236db69394421b2ef4411b1
SHA256 e3d68fad25928758489b71bb0b10ee7b6419c5fb58458d3663f993eaabf633ce
SHA512 abf67b2589cfa7bb6a2017fca101633a7fe92561b09225c0be62e25945a91e20e56ce2c8b088714da9ec62fae4169b473b449248b036d5c857d04bb06c4c8c02

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 02ca745f466e29c915b4625306e9fb35
SHA1 7bc12e3863ce2d3b774c2d009cbbadb8320e1a0b
SHA256 feb53c46b52de3e0040700ba1b737f76756efd08c21a01e3aba08e61e3a757bd
SHA512 4ca6ce3ed53fdadfd41c097ee5f5c04fad35c668fb052edcca7ae271275e8134c5b4feed2388dd3cc7ada6a228d6b65aa8107f84b89d2665ac906760b600d59a

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 bd4e67c9b81a9b805890c6e8537b9118
SHA1 f471d69f9f5fbfb23ff7d3c38b5c5d5e5c5acf27
SHA256 916f5e284237a9604115709a6274d54cb924b912b365c84322171872502d4bf8
SHA512 92e1d4a8a93f0bf68fc17288cd1547b2bb9131b8378fbd1ed67a54963a8974717f772e722477417f4eb6c6bb0b3dfba4e7847b20655c3d451cba04f6134c3ab5

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 5a000179a02fc2a0edbef08edbfc6958
SHA1 90f708b3d4893d5fba55423728258c15bb907e7c
SHA256 f4396a11c151227663fd5b2c72e43ed6341db16f509143a879a8c7b4926b5d9e
SHA512 d8edc1c1c69b295593d812c85243fbbb3408f8629d3ecbd19451d32580af1e1ab9957a38676beecfc516ec75638da69645436d81961b638e4e580a510230ef01

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 da82bfaac15959bc9031245be652ad4d
SHA1 25ae3e2be723fcce4089ffb4b57d7d99685b91ab
SHA256 57e01c9280048e164de0631e0dd63b230192b812f13b6f296cb97bcf9d793b41
SHA512 c691efa3ff3ab91466aaa53c9f9e8f22bc48d4fcdff2b62a2bdb77dd85f2d0141ad1f30f19b3cd602ee38e75f83d9c7373e26d62cb73309cfa3912160474dd11

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 229ae5be82d4b5dc59f133fa3cecf088
SHA1 11a19946619ef68668e0221208ff024e55a42acd
SHA256 190d7923c239f63a2b278e823b63dca3dea73e4b089601343e36cca894afbeec
SHA512 0824c3840628f70b42159d82f8a93dbe5db219c944599ebd9734a40e89e3fee849998446eee0dedd1354784b6a40718fb4fe48a53d85312539f42f4d0aa46b59

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 f87610be28ed3ac50690109053805a25
SHA1 6b65a10d2f80c072ee11bdfdfcf379d5d6effe21
SHA256 a61c24bc0e63e14f2089fc5aa0d0f257b6ba529661f14a37763cea084fb3e029
SHA512 c8d4c5b97809e6c8fe4de759d3e7d283c4db2076c6b25679452cea735e02c2ee45a5bed9d749caafe4e088bcb63b803b51083dc81f15bb88d42b83454034fafb

memory/7948-2939-0x000001CBEE730000-0x000001CBEE780000-memory.dmp

C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

MD5 00b6cab6ba8e9d5197b17f57596d4f49
SHA1 78f50610b982ca2ad8bf0043d67c5ba975e024ef
SHA256 b30c10b3bd2119bf9b3e420a1b26542acf801ddfdf46480ccc11e9d81e958dea
SHA512 8df4866ba40835761c7fa4b6d857e7f83a910037e573b7dc763df44eb7b2da7c86c52964d27104ed333e00324aa7f09d343beebe6fa8b4d7129ad3ae19eadb4d

C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

MD5 b18e755939ccacc936879f4c16aee4c5
SHA1 dc8018d8258d0768dcb39f0aeff57eb1188d69a6
SHA256 ecbb51b5df9f788c130e71ebb9881e26ab814c3f9f521164f88aa4f521aba2df
SHA512 bf1091c478bc278366175bf7e485cfbd63e5b50cc0073c043166ecebeeb7ca878845fb2ac64add35d7af654db3671b55c2daf79f4084089ba8fbe92cce5e68b5

C:\Program Files\ReasonLabs\EPP\mc.dll

MD5 b1e90962b3fa14291312e7f82b0eab9d
SHA1 3fe9ed4bd9ca3cc0ff34130a71d4bf44b4b59933
SHA256 0ae59059eb797352185e590151f876962e797a78acb8ebd3ddf6400dfd6e0264
SHA512 1443594d548ffdf75ce765486bbe99679083895e03c1242af0d9ad9eeab8ed13dbc3488b872440c5b56ab101318383aed6f25cc659d85f662a0f5504a5831d38

C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

MD5 c1ee566d9d2d4c41109c73e2b7fed42c
SHA1 68f9c35a9a5cdc396f09a94425c4ae87ce9ee3f2
SHA256 10540b6e26547eaed68893f6a0e66cdcee41db69dca3affffe0ccd0c9012d2b6
SHA512 6b8d1fae02c5a3a4be5f653c9de50f89655050827d13add3acd8bc4d5a28072cd7aa8d618a356aa60b0cb5effbfa3eb82ea1e2fc00921b20b4fafd63807c594f

C:\Windows\Logs\DISM\dism.log

MD5 731123fd6e742ba3bba0b83b3eeeb296
SHA1 495c7b87e86ae374d4db81da6f8733112920acea
SHA256 d30ca42361e7b3d6ede180da3c3e91007ab11f2efecc67d7905acb46b7b817b3
SHA512 b408af0dc7a43a2d8ab8480de37ed12c50a3041f7e2f965ff19e0bfa15f44d14f8822a44e2bec229011b696aa1c036080014a860ab4bea10d4fbdec76b101e5c

memory/7948-3146-0x000001CBEE920000-0x000001CBEE978000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\574d6088-6e86-4e70-805a-c4d7982b750d\UnifiedStub-installer.exe\assembly\dl3\b524ba64\048d4958_c5eada01\rsJSON.DLL

MD5 422a34a07bf00303012c8f130fb51aa6
SHA1 6e60d28383cdfe714c097ca0c85d3eeb73e2bb00
SHA256 cf155a5acf93578eefa9307a8ab6268f4ce37d493fdf4263164fffb96a92ce68
SHA512 6c190c83359d0f99c3b680bbbf0556f0151c7304e2cfcaa44e5261629ae1488692803aed11bd3b571bf0ab7227d054c57a63e62721f5b26a360c755c5f6474af

memory/7948-4782-0x000001CBEE980000-0x000001CBEE9BA000-memory.dmp

memory/7948-4802-0x000001CBEE880000-0x000001CBEE8B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\574d6088-6e86-4e70-805a-c4d7982b750d\UnifiedStub-installer.exe\assembly\dl3\d113c539\27b64958_c5eada01\rsLogger.DLL

MD5 870d12c755207b5e1b95b5a6dfe2ad27
SHA1 85f9fa6a3d0866c323fbc9b337ea39e5aca4cd56
SHA256 e71e353a022573c8cb3fa92e98c5b7a60c7008aaba90c2b0e4b6e33cdaf8ef40
SHA512 e26ea78f3e0f4ce52155204ef50a7a26069602cb4870a91d4a1ccc580b90bb2f0ffeb6e23619fbb13542688afaa0be998b05aa984993363c7464415c1f1da784

memory/7948-4829-0x000001CBEE880000-0x000001CBEE8AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\574d6088-6e86-4e70-805a-c4d7982b750d\UnifiedStub-installer.exe\assembly\dl3\bd74eee0\ac092c58_c5eada01\rsAtom.DLL

MD5 18be5ed564d1fda8fd535137f3aeda9e
SHA1 0fc2a790fd3ecca41e385a36c8771903756c2c76
SHA256 18c388e8445141b41c85c567f5fd23ab4a566531dc0adf79d931cba3c58eb5ca
SHA512 4fb25c819c1a7566de6875d17ccf21268a5bdfc49517a9077be4672fe4b68af330379f46fc850a3d7c5d40333d81ca6aa4c5713542f2d0a7d93a90bdcbfa754e

C:\Users\Admin\AppData\Local\Temp\7zS02D5580D\574d6088-6e86-4e70-805a-c4d7982b750d\UnifiedStub-installer.exe\assembly\dl3\661f8ce4\47dc4958_c5eada01\rsServiceController.DLL

MD5 a2125e3a8189aef14cbd8cfe059fdf53
SHA1 b1b6db623549e11ed28058aceb6b8105f999b8c0
SHA256 337b6d848ebffe68a149103d31dc3a78d10e24ed66d8dddce3e7a9ff91da76e4
SHA512 876d76bb5d4de73181bf14950a5b65e909131040794eb8c86a170e0f17890488adc1a39eac3175dda9a244fb8bcd189608792b8bc3ea54921152c178ddcc86e1

memory/7948-4864-0x000001CBEEA30000-0x000001CBEEA60000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngine.config

MD5 8f0226643e7cd6f7985447cbf71e9031
SHA1 ae0df1350d61a0cff8dcc42c0f61d256f31b2efa
SHA256 e69de3a71a69107346ac4723fe3b1d43910696bb98271380ac58abde714c5fc2
SHA512 f98ccb69c3aa0c80cd83210a08296421d8e2cbe801b7199f1d440afbfdc8f29e20e9bbfe509471450b4b25903433b3592b58d925b67511bc71df6a67938b5901

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 0a0fe9a478456a42105ea6e7e94c62c1
SHA1 400c436c6450c5b8c43ff2c947088d3832c81e56
SHA256 1b640401b647ae6ba99db5506e60c751e0fa7cb54a81cb49b627c699167b96af
SHA512 483405b5aa8276f699b6b666dd346c4eb3c4675371d0bc9c1ecb2ac2f3d62e37ed54b9712d185c8547416be6522e0ee4b4ebdb8dbb9e9923af1b3ad775a355a2

C:\Program Files\ReasonLabs\EPP\x64\elam\rsElam.sys

MD5 8129c96d6ebdaebbe771ee034555bf8f
SHA1 9b41fb541a273086d3eef0ba4149f88022efbaff
SHA256 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51
SHA512 ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

memory/8848-5065-0x0000028857C60000-0x0000028857C8E000-memory.dmp

memory/8848-5080-0x0000028857C60000-0x0000028857C8E000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 b2ec2559e28da042f6baa8d4c4822ad5
SHA1 3bda8d045c2f8a6daeb7b59bf52295d5107bf819
SHA256 115a74ccd1f7c937afe3de7fa926fe71868f435f8ab1e213e1306e8d8239eca3
SHA512 11f613205928b546cf06b5aa0702244dace554b6aca42c2a81dd026df38b360895f2895370a7f37d38f219fc0e79acf880762a3cfcb0321d1daa189dfecfbf01

memory/8848-5093-0x0000028858090000-0x00000288580A2000-memory.dmp

memory/8848-5094-0x00000288580F0000-0x000002885812C000-memory.dmp

memory/10820-5102-0x0000000002820000-0x0000000002856000-memory.dmp

memory/10820-5103-0x00000000052F0000-0x0000000005918000-memory.dmp

memory/10820-5104-0x0000000005240000-0x0000000005262000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pbnrfusn.01a.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/10820-5114-0x0000000005B00000-0x0000000005E54000-memory.dmp

memory/10820-5115-0x0000000006180000-0x000000000619E000-memory.dmp

memory/10820-5116-0x00000000061B0000-0x00000000061FC000-memory.dmp

memory/10820-5121-0x0000000006760000-0x0000000006792000-memory.dmp

memory/10820-5122-0x000000006E5D0000-0x000000006E61C000-memory.dmp

memory/10820-5132-0x0000000007350000-0x000000000736E000-memory.dmp

memory/10820-5133-0x0000000007380000-0x0000000007423000-memory.dmp

memory/10820-5137-0x0000000007B00000-0x000000000817A000-memory.dmp

memory/10820-5138-0x0000000007530000-0x000000000753A000-memory.dmp

memory/10820-5142-0x0000000007740000-0x00000000077D6000-memory.dmp

memory/10820-5145-0x00000000076C0000-0x00000000076D1000-memory.dmp

memory/10820-5146-0x0000000007710000-0x000000000771E000-memory.dmp

memory/10820-5147-0x00000000077E0000-0x00000000077FA000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 43fbbd79c6a85b1dfb782c199ff1f0e7
SHA1 cad46a3de56cd064e32b79c07ced5abec6bc1543
SHA256 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0
SHA512 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

memory/11152-5178-0x000000006E5D0000-0x000000006E61C000-memory.dmp

memory/9308-5188-0x0000011719AA0000-0x0000011719E06000-memory.dmp

memory/9308-5189-0x00000117198B0000-0x0000011719A2C000-memory.dmp

memory/9308-5190-0x0000011700EB0000-0x0000011700ECA000-memory.dmp

memory/9308-5191-0x0000011719730000-0x0000011719752000-memory.dmp

memory/9808-5193-0x0000022252650000-0x000002225269A000-memory.dmp

memory/9808-5194-0x00000222542D0000-0x000002225432A000-memory.dmp

memory/9808-5195-0x0000022254270000-0x0000022254298000-memory.dmp

memory/9808-5206-0x000002226CC60000-0x000002226CCA4000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 0dd7ab115062ec8b9181580dbd12ff02
SHA1 28a9115deb8d858c2d1e49bec5207597a547ccf0
SHA256 2fe9b5c64e7ef21c1ea477c15eff169189bac30fd2028f84df602f52c8fc6539
SHA512 2c1a4e5ebf7ab056d4510ea56613fec275ca1da8bb15ed8118e9192fc962833e77974a0363538cebf9ab2a1a1ff9486c3078d14b4820c2a8df803f80f94e19f1

memory/9808-5196-0x0000022252650000-0x000002225269A000-memory.dmp

memory/9808-5220-0x000002226D080000-0x000002226D2D8000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 705ace5df076489bde34bd8f44c09901
SHA1 b867f35786f09405c324b6bf692e479ffecdfa9c
SHA256 f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950
SHA512 1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7

memory/11256-5224-0x000002B024E50000-0x000002B024E80000-memory.dmp

memory/11256-5226-0x000002B024EE0000-0x000002B024F18000-memory.dmp

memory/11256-5227-0x000002B024F20000-0x000002B024F46000-memory.dmp

memory/11888-5347-0x000001546C700000-0x000001546C72A000-memory.dmp

memory/11888-5348-0x000001546ED40000-0x000001546EF00000-memory.dmp

memory/11256-5349-0x000002B024FC0000-0x000002B02502C000-memory.dmp

memory/11256-5350-0x000002B024F50000-0x000002B024F82000-memory.dmp

memory/11888-5351-0x000001546C700000-0x000001546C72A000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 1068bade1997666697dc1bd5b3481755
SHA1 4e530b9b09d01240d6800714640f45f8ec87a343
SHA256 3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51
SHA512 35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329

memory/11256-5362-0x000002B024F90000-0x000002B024FBA000-memory.dmp

memory/11256-5361-0x000002B0250C0000-0x000002B025146000-memory.dmp

memory/11256-5366-0x000002B025B60000-0x000002B025E06000-memory.dmp

C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog

MD5 789f18acca221d7c91dcb6b0fb1f145f
SHA1 204cc55cd64b6b630746f0d71218ecd8d6ff84ce
SHA256 a5ff0b9a9832b3f5957c9290f83552174b201aeb636964e061273f3a2d502b63
SHA512 eae74f326f7d71a228cae02e4455557ad5ca81e1e28a186bbc4797075d5c79bcb91b5e605ad1d82f3d27e16d0cf172835112ffced2dc84d15281c0185fa4fa62

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState

MD5 362ce475f5d1e84641bad999c16727a0
SHA1 6b613c73acb58d259c6379bd820cca6f785cc812
SHA256 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899
SHA512 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 6895e7ce1a11e92604b53b2f6503564e
SHA1 6a69c00679d2afdaf56fe50d50d6036ccb1e570f
SHA256 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177
SHA512 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 1b71a0a9e018df0de266b08eb592e3e2
SHA1 462d30cedbbd1874f2c9f8163372001f65d983eb
SHA256 66b5ce2631eac55e8df5e51ab6fb657c5a21b9eca32756fe2f59bd6b8f011ab3
SHA512 d058b5aabbaef871cb9363d3e0fd51683a336242079d529459403f3b00e061159db835c69915461e532981f425119bfa4e242433152716226bd2f9f193c67fad

memory/11256-5394-0x000002B025060000-0x000002B025090000-memory.dmp

memory/11256-5395-0x000002B025910000-0x000002B02596E000-memory.dmp

memory/11256-5396-0x000002B025E10000-0x000002B026179000-memory.dmp

memory/11256-5397-0x000002B0258B0000-0x000002B0258FF000-memory.dmp

memory/9104-5398-0x000001E568EC0000-0x000001E568EEE000-memory.dmp

memory/11256-5399-0x000002B0265B0000-0x000002B026836000-memory.dmp

memory/11256-5412-0x000002B0259E0000-0x000002B025A46000-memory.dmp

memory/9104-5437-0x000001E569900000-0x000001E5699B2000-memory.dmp

memory/11256-5441-0x000002B00C560000-0x000002B00C586000-memory.dmp

memory/11256-5440-0x000002B025A90000-0x000002B025ACA000-memory.dmp

memory/11256-5442-0x000002B025A50000-0x000002B025A78000-memory.dmp

memory/11256-5444-0x000002B026180000-0x000002B0261B4000-memory.dmp

memory/11256-5443-0x000002B026240000-0x000002B0262F2000-memory.dmp

memory/11256-5445-0x000002B025AD0000-0x000002B025AFE000-memory.dmp

memory/9104-5446-0x000001E56A020000-0x000001E56A310000-memory.dmp

memory/11256-5451-0x000002B0261C0000-0x000002B0261EA000-memory.dmp

memory/11368-5500-0x000000006E5D0000-0x000000006E61C000-memory.dmp

memory/11256-5511-0x000002B026370000-0x000002B0263D6000-memory.dmp

memory/9104-5512-0x000001E569D30000-0x000001E569D8E000-memory.dmp

memory/11256-5513-0x000002B027C90000-0x000002B028234000-memory.dmp

memory/9104-5514-0x000001E569E10000-0x000001E569E26000-memory.dmp

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

F:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp

MD5 3b1ec0ce9c80815e263b14a7c0cbce34
SHA1 fc2809a8b17be8e2f3489284c521df3c6e1ed7d0
SHA256 7bca6765c36236563953edc64a3f917764dc2a458b8ccfa17aa8156d09cd0215
SHA512 c5ee74dc93b4525dd6b02e9f1d657699da153a99741759decc575934e0084a4216c1a4ac11575dd8fe3d4a740b0e58b9f60f56feb994c77b80e541d61233ad0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5457c56df6f5c83a4add1de5ed0d8187
SHA1 76fd30203306bf7d8868b6003003f5f98f572433
SHA256 84e86322d092c2322606fec31952f14c1e826a5496c6b8149370aa0cf6c8efe1
SHA512 1e7fa6f081b0e5c3bd2ee887e08cc0d23eb30ed826d74c2ab3987b238aa0438e9365778a661819b9cb8e3c58edc6b5ce631a81c6e0108b6d640cd768de8dbcf6

C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp

MD5 8b314905a6a3aa1927f801fd41622e23
SHA1 0e8f9580d916540bda59e0dceb719b26a8055ab8
SHA256 88dfaf386514c73356a2b92c35e41261cd7fe9aa37f0257bb39701c11ae64c99
SHA512 45450ae3f4a906c509998839704efdec8557933a24e4acaddef5a1e593eaf6f99cbfc2f85fb58ff2669d0c20362bb8345f091a43953e9a8a65ddcf1b5d4a7b8e

C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp

MD5 2a69f1e892a6be0114dfdc18aaae4462
SHA1 498899ee7240b21da358d9543f5c4df4c58a2c0d
SHA256 b667f411a38e36cebd06d7ef71fdc5a343c181d310e3af26a039f2106d134464
SHA512 021cc359ba4c59ec6b0ca1ea9394cfe4ce5e5ec0ba963171d07cdc281923fb5b026704eeab8453824854d11b758ac635826eccfa5bb1b4c7b079ad88ab38b346

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\ReasonLabs\EPP\Signatures.dat

MD5 a13b2ea8fbdac799da1f4d8ae5685112
SHA1 2a9e4d67bdeb4bc65ddf005120fd2c6100c4058b
SHA256 33d020625a6fe18b2c984dbff6efbd6a6157b0cc5449cca1687845c1438450d1
SHA512 00c9137c79b03c0857c83681e517cf42984318cd95d131d22cbee1efdb0394e0bedd64ff79d7bf2427b7b9c4ed9b8b8da9e4d4c50f833a5ce256fc894707b946

C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat

MD5 3d5a092f97ca28e990483f643d613891
SHA1 b7bc1c83bcfa801cbc60b597afe26172bd3bcd3e
SHA256 a7cf36e18a7c07e4390c7b4b5e163fb642442b07dd491535eca890f7b040ccdc
SHA512 6cdce0186a875acf5dcc6838477ef60396cb19cb0164d0884bab8456960c167a93043ff4d0d32b7d0afe8d83219b0fccf8e8c966266ae0a3fbc17e4cfb3c2e82

C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat

MD5 298385f96578d6dfa04bc40cde21e1be
SHA1 ee7268b3d9c6f149c83c471948ed37c1c5bc46ab
SHA256 998e75d968f22b63f5c356d4b13036b3d497b223f57b48ca553ffa9f25464941
SHA512 e180987b311f7e72ff00b2f4520e848116e72fd5ea2cedf5af10cc78d9d7f2813dbd15704c88ce0f009c9959b2d1142a6bf4e2fba1b9c227c11724397d1e15ee

C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat

MD5 8c9eae09192c0bbd53cf0bd9f4891b0c
SHA1 6dd2a82b985b82eb34c1b00af5213d6e9ecd0175
SHA256 d6aa2e414099fd7a3c083a478a0db12e314ff33cbae07564cedef5cec9e99628
SHA512 59cfc80a2017c2ca1b257662baea1012793bd554dac13e75e7caed0fea9c8a782584bbed970efd3fec196bd1dea7e0b004d6b53dc2874a969ff97617b407a18f

C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp

MD5 55cb5ecbfd4f28299765b8d8994677cc
SHA1 04ccb36d458d9df9d5804440d0a6e9d8ca706289
SHA256 af48e00779cfa338dc3d23f0aa8da1551f4493663d9bb8edb081021979b37942
SHA512 6e82cec4d6ac962078b4bbd1d5222dc7b96da2c3a8480fcbfc0492d329c46bde07cfdab812138fad758a77ef8d913022c383f161827d29f7a019c24154a583e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9f8fc4ae-354d-4169-befb-960bb8637ce8.tmp

MD5 6e84a197c301f80dad21d41dbb6438b6
SHA1 de88e85d7b293e2424d2cf1ad692aa88f050a599
SHA256 29dd4bc3a3e33e45adc361ff03a960151c44e26d97b643bf4212aea426a57783
SHA512 ba5fd9818f43af18317298191e18852dcd2cf6f1569d45b44951383b73a9e338c8b20fca37d053cd56404a38f25cbaa1c9b7a7c9b603be2d1b6e3216c92ee262

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 89dd9439cd2fbe73add6f3270cda8225
SHA1 22cb3777705bf1f07f6004a215ecfec64d2cce11
SHA256 0dc9ecb416d2afb00d56c201ec9ca644826930dcdabbfc2ac438a4f527a49689
SHA512 43a17bac38d75b6dd10d687f1052bfc6aa3160e7a8e7a3f76ede57da8306fbf26f2df46c5cb9c943d05078652ccab0caf72f6dacf8df3611fec893a7ba0c5422

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 b5472eceddcafba044949e9c630c7f43
SHA1 824dc8de7cbb74f55d229eeae0dc3467f034226b
SHA256 af8e3931673a6cf8b867891448c3107523b2304bfb3f275702a37bd0a28d165c
SHA512 c89a88863983537908609aad7b33c0e315bae968eacb5b3085955dbd88193f3eb7e2ddfa14be07b1eb2ac93b3aa3e1597bf794e99b694fea7acab910d73ab4b5

F:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 77138e2662cdeffd61cf6210ae3fb8ca
SHA1 a085b99630efc74cedd0be9a0eeb57eff7b3850f
SHA256 68c83685da55573ae966db3113ee513dd76ba489024373968e527bd44d814724
SHA512 a4621910aa3ae4b5dfa558e69d0270717341467cf067d9397e2bbf118f789c87eef8750ecb25ffd9c60f51f35ceb40b211ce9a738116c4dfc06e543ac90d1bcc

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 e12b5ed58c201614efca3da018d6de4f
SHA1 36ff19687efd016d1f00eeafc6af19df933c186c
SHA256 c7bdffcb3062d1340b18f3c01d630da32469c3adbe3d144d4368e12894b166a0
SHA512 4428594e703a15b0979766e09637d1d29be0579457396986cf19f49c1929d7b8b051040798cd0a1842972f0f2fa57dd76db78339c35b3372e60b4e35c72cfdc5

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 22c036b2ede16ed7918f3a8bbadb5ced
SHA1 7ae6ab04470e29eb73011d693ae6ae14abeee168
SHA256 8b55ca6604def2f37271c977257f3ea18137ce84742a25e0a3804b8209eb49da
SHA512 c81b9d6c5cec8aac480659e6642cf57e600e9419f0a3e69ed88e895b35555ec2f85f12065cbe26d291e17ea25e847bb7ce9a1d11f64a8eba1e4ab7c9adef2b54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a14ae64017c536678b5a1d5fb6a31f45
SHA1 ff32bc267ff05340dd389c127e6c03a7d48b951e
SHA256 933ac01bca356f590960a78e19832bd2ea3abb8551afb3bb867cb8689f410678
SHA512 538b37cfbe10ceb31d384644d72efb633abe036ab8f67906916028f18968861a265f2437a8047b9b391dc070029b338ecb0ee17dc2e636529088c3805265a084

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 b2e3ba2084f827f2e46a917983363f0b
SHA1 41fd27f8688b7a755abc0acc72a2a6a0e1045c78
SHA256 7daa3d35584a7e87c3e8e3afeb436d088209966471d6c766328087823f1f3e73
SHA512 4aea989bda6efc91836264f04f23fb3760764e3ef7809f618ad949c2e64b5a167fe5d054607535ec22fea4942d9ddc5ea7f70a1f529ee23633c1cd275d90e508

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\672aa2cf-0091-46d2-875d-1cfe264f8caf.tmp

MD5 97bdf2e6419c66daae2a33e6644aafb2
SHA1 20c82d21debbce64d1a3e630e2d4ae492ddb3b45
SHA256 6bffb5c61a00895f569fb4562ffea0e6f2dc810862bec3cd2b282eb1aa928431
SHA512 4aa13f54bf173abb6931e0fd2996a37724b735ff04ddc5ac1d317ab617e516d3c7fdca27b8729d950d842aa0afdc83e0f5aefa0ecad5b6e8295907c1e776a2ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 893e053b06b5de1d41d715022f9d66e2
SHA1 a00b7c056db7ddf77bd28c2989557c3bbfc1fa23
SHA256 0ec16acda2162edc5f300cea7fd6056506917865983c0f11d1c869e2310808af
SHA512 4fc57c9d37d4a9dc8f7e4d9e27064d13b24f96a1886f078f8d35dfae94ab3c39ecdba9755c1b68834cf138a07894e82c568c14f354e61e9cff39690985bc9fc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 6da9dfdb89ba3ec2627fd43539d2b470
SHA1 137ab868adddf0c91fdc9a3f1a4f10914abc1368
SHA256 3608b836b7fd0e9917aa816d7d4f107bafa1d2d97cb605eff256e6a4604ec688
SHA512 014310464f82e9b6e7ad3fd64a41de27b14282172c9e8c7a333565f500c9a5545a9be3c1f8a83262066f63d04d1ee3c325e4b9b9d28738cbebf822007f910d44

F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.34.0\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.34.0\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.34.0\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.34.0\GPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.34.0\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5ad14d66122046d5fb37922c016364af
SHA1 b1726a182c58e72e07705ce757191bec43719a93
SHA256 0238a3095d6bce48eaca835de16804fd0398180920592108feb6bbaa88ca17b3
SHA512 7f6bf9037e15a5c2161065d501e4dade03c2426ffa8afcac2014b45feaffef1dae63bf94a310fbed2e9dcd0853dd4d8f7f68c7ab5999982b5196e12d1f03b9a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8c85e7f879417567b573004a28cb44fd
SHA1 a5538a1503d3b038e1937078c4f5471495235e79
SHA256 839cf01675e45ba12b0747f35aea1c28ed05bcfe5eea028450c85eab36353f68
SHA512 2d83b25f745e0ae8dd05904c8fd19f4f20fc4fef3d028bc02c7dfd655fe383cf51362dd23d731a94edb2ac28136932dedaf11c73772c0219b20eee5389fe2c8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea0b5ba4414878ef156634a9e9dbfdb3
SHA1 f7ce14c2b319442091ca7e3c3d5d180bccc07520
SHA256 517ff5fb244bb743685b85c347ebf4aabf3fbc60d00252e52e2247ff1d42b8d9
SHA512 11772b855c654f785e3a4e001289002ac0147f6b26d376adacb5fb5b3ae346f486e0ef3bb8c3b07496160a96bb53c194bc429fa76c237a73263f85e235e9ea16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 511d1a5068b950709e7ad1d9ae3f0039
SHA1 0008291b02080c4f4413a05ba47b46f0d02ac4e4
SHA256 247e77e78d9ad16b2490814515a86e2ee18e09bd2c3920a64149c064f45ccb92
SHA512 5612e9e0b91053835c46f33e828fa67bc5f575bfc7276a6820b56200afd0057e3fb6d439a4de63fc870d0378de2e762beb4d08cbd12c39a265f5c37e0be2dd48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00014d

MD5 d7ec0f87774fe13a374fd922c678c895
SHA1 2b2f5fe4f72ce686069368b7c7333f5e54bafeb7
SHA256 799cfb2e7f686ebb6d7150d6ccef07466738529ba538e91d8de4bc4a478de6ac
SHA512 02faf8f8677fc3147fc3132bc22f36e120e5ed8fd4d40ac0b32509b3f2f1f5695b6c1604f2b5d4612343c2ffcf94f601dfa8cf617fa3b06d4da1fc798b0220f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\d62f05d8-39a5-4f60-b769-4e82abde25d8\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\index.txt

MD5 b86f8fe970cc69cb6ef0a19af79ea847
SHA1 36169efd4638ae69434aee68e71c30a275aea5e1
SHA256 dc3fe778aab2f1384a4b17ee2879a40cb097b936caabcbb9b3a025f20c6ae9ab
SHA512 7cae05fc0561022b1d82c9bf885ee03979a84343700a28f597d5beda4efe04fdcf42ee690a5dc0eb5710d55cee06103fe0f5abb13598534d6577376a09ca6ce5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe5ffe10.TMP

MD5 701a54767d381c83d35642356414822a
SHA1 f590f680f7595b5ef2f3d94848209568e6e1cc51
SHA256 8d5af9bc15665f39fc9edd79629be3d0cdb3493c6d903d0c07a92ef0a64739dc
SHA512 aa97afddebf05e0d41739a9f79c9c63534b30cd97adc92e73a7db71fcb00bd714d1e632176b8685d2255ecebebcaeae0c013229817359a1306be2c066600234d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 82aec170c852c55cad7a125945bf3769
SHA1 0a393cbe7ddd321d88d55dab0e097624d6193f11
SHA256 7bd32dca09ac7fba0aebf5180fd081793c8c91f8a227a3fa689f5be2b7f7cb94
SHA512 b305700aa1594424687d2d666a69f6e4f419c9f1f0e8aa91fb10fd7e3ec1d76f239d9e401a4eec0430e1d81875f2da0e3fa3ad2c998ec263f6f607990dbd3e27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 03215b7a34ce1f035f7cbc1bd066d420
SHA1 e75cfdc885472decde5e8085fe062b8ee2afa1e0
SHA256 dfcbe9513bf3204a067c188619133222f94479f2e2400a16e2bfe2c0e133d6f7
SHA512 b835fab04376c8cace743c6783d10c8a210a26b95797a18ae4c2563217d6f3de53e0d3d5b52fc1d32391a0ac7b3339a7c5fa9d4dca7966d86f4c37f9420f7f98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

MD5 b6f7a6b03164d4bf8e3531a5cf721d30
SHA1 a2134120d4712c7c629cdceef9de6d6e48ca13fa
SHA256 3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39
SHA512 4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 92ba26914987fe46a715c4512a55f6fe
SHA1 483f38d61a8f617fef84291058d748f95f17cb28
SHA256 1e87b4b097791a702f2d62990aae085db61b04f0550a5edc882f5089ef23aca6
SHA512 ef60e4a87281c0df7406bac5fc438b3fd8dcc62fc05e9606840d9c81c3d7341c3a03d797e19848f616217e028c1eba064f0e4d17a782bcf4dd6f0ee9f25f001b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 28d57e9b29c0f263be9ebe53ab33e227
SHA1 5c7c0b7c88fd68d2fde617291e23c6a879a74ee5
SHA256 cc1ca6ac82dbf29faa1177238e7c10697365813c87941a4e1f00d85fd089779f
SHA512 b8ecaaacafe5ba6fba587bafeb065694f4c7e7c291d448abaf267eb3a02fa09f89e932c025c8bac489c8665fd07d5195792efd82d5292e5ccc82d275483e3981

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe60238a.TMP

MD5 8a2c7c0dfd1456f7faf6976e366bce9d
SHA1 564f2271dfb00c2455f609baf29fbf7b60c2249c
SHA256 6776bbfc20674085c9c0267982588b89bc726c7b92c80d02d22142eea872c9f0
SHA512 492aa2331e6f462ce45da15a65f1f6cad8efa050cd0dcb17356e84964ae25739d44ad55c5159e658e63801daa15842b7e24b5bfe1a4249105dba39ac9616e99a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000163

MD5 80f1c7472825e6dd19d7ab65b0984ffb
SHA1 76af1427993a5d699b8441a32d751777a91fb0ef
SHA256 cc6186b5115525964b454ef070e9034df1d919d806314ee6a2203a2d66b4f7b3
SHA512 b0be05f9536efd3ee010afef24fe879aeabe56cd52c877cc23980b8c1742823834f2e9e8c000a78d79b077d0f257dc30bff10b5eb5bfa6d2cd684405bfec7c0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\37cc1d9f-3c80-4f5a-a4c9-e4ad14bf21de\index-dir\the-real-index

MD5 7810cd47b4b22190ec27dfc2f518b48c
SHA1 11cc7d033029e5970b37e615e6a88745710d43ee
SHA256 98c8f36b61281d64266c50cb8bf93c9fb5d2b7efae5b9e6baff9ac5a627d4753
SHA512 2490d34f30ee8507a63e77d51a21efb19ca0d28728e4ecb2b7527365636779da203e65c262d0f016482afee6308c6d94126163f6adf0ec92b7987d261b6578f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a4e9b9e5a57a28f699427a96e06e9078
SHA1 103d25e62e545c0227e2daab02a579cce236294a
SHA256 6aa8d05e2ffa5184807f00a0169ffeaced3e7e948dd51368afb173afaa31a973
SHA512 35459e7d2a1676c3edd6453d4bc4e44aa2c40dd08229bb613a724f24ced9c50e0c84dfb6e621b36b3c36807b016b6a1293b15da68231332e6ab4fdbcff56114f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

MD5 aeb54e31e3a768daa1e73668387dc81b
SHA1 5ac90b46f24d02639db881638fd6f41b481eb125
SHA256 b0099da40f552db8192ab3aac08797aff291d88c91994701fbd9dda1c3cf85fc
SHA512 5749b8ead822af88dc390329b06d90da3f29202fb2385c9c16312b6950805dd8069670ba91373dd8317a4472b88634e0b63d0b616fccb0c300c11e64dbe6a4de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fc8908f9950f727d6646966bce1d3be4
SHA1 a1fcdb7d80472d190eb60412b167b80f24a01fe4
SHA256 5cfc7f2381e436b09b9aa00baaf163d7206a1f3cdad598e938e0871a4c80c979
SHA512 d5e3c9e0141cdc0952cbd23dbd74bc40c21c9af7fbc44ffb5944f355ed0d208eeb0f71b1c2579bbf3bba89df02f1dd152c2b5006fc8c796fd1320adf791ea6f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc5d1b41c07e273144b14f9dd2a79f70
SHA1 688d288bc94fcc49845bf5f5f526684d8c48641f
SHA256 dadce2566455d4f939a55637792d0c707696f5307615e9883ad05467ea27b0a8
SHA512 364fa2cbfc45223e01b754e2c0104a2ac4c4ecd9be96e1cc6d3dde99757ab00d7b5159a7508ce97d0266a8360b94d973f4c90b89cd3016650ed596fc4654d19c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 088559f3ddde175117958bd71389cecf
SHA1 d387a74992b0645207f5fd7bf6dfd31a24c1fdc6
SHA256 60b1e2d15deabc41d6b376749465b9184b828aed452e2a3daba556ecfc2271dd
SHA512 6c81082d0e3e2a495fac67b84d340ded03ddb1e8ec3012e35dbe0a571d4d9baeecee66a0f43fc82253d943d7407d26ac5b98901a48597b678f5c162664d450b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000020.ldb

MD5 0d677c21fe0c9b8df94b5dc3c655c774
SHA1 cc4704b3e245317e1e3870e89c100182be59c353
SHA256 456f59ab4c0818cf97700a321fa80b1d30662ea454af50f1b503605295a62685
SHA512 e130a76d0838785bfc545dae1ad78b10a01a7278b1672d94974288625f982079f45b261fb24e9285398f76d7828f6e2319ee065ba3cfe31e9d9001b288687b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000017.ldb

MD5 de38a907f558c0bf62a139b6afab105f
SHA1 aaf1128da8a51f5d06353380c6a768ce384368d9
SHA256 d2090ffb2cc0f369bd1b7b932c5bc9e29bb602aa2995f1d775960ba12289123e
SHA512 9c5092e9e00014489644fd39b328fec3201559c2fc9fd2f4ffa71825dc6cd620b7a24c9c79946669575191b10198f3cb547e7a6078f1d0c6122e3f7eb3b5e9af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 f2901b1cd45e51a9eaae7b4c8a4943ad
SHA1 8340bba49f73d033a2437bf0f26c016c90ae0268
SHA256 e6fe84ab12948abcf5f81c58f81e35cd94fa027e2eab0075be227fa4799356fd
SHA512 669e3b86691e914ba855cafcfed24273cb761283d5b83a1ef644739ed3b34751393ee4071a43a0ae661cc125ad253292213211ded97066e6257be48844acc6d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

MD5 ba72b9444881b7012cde647fe3d114e0
SHA1 4eac17d30d88b6e2474d7a6a33ec4074725f524f
SHA256 174ea5689df9ae876f6e6f7cb56e506be28cd8e7d5f4c9a176b0647baffdcdf3
SHA512 23650cfb7c82004735b414ef4fb93db3c107599426e2a503e423eb9cbf788636d2323e312b20a1bf6f7c92bea1bfd9099ae88236090f4c96e03d8db98cc3cee9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000018.log

MD5 937dc7798287e7a2d2f2429cb8604863
SHA1 27514ae7092b7dfa24143bbddf7dd717a007cfd8
SHA256 8aa09d14d9deb6ffff31c3f5f03ec7e389110e342ec9ab20ae868581c2856f95
SHA512 d484dffaa80fa6d4601f6057b2b116a9713b1be93462d0a8b43454b9daee1ccd28e6a433a078471819698a456255c99ad9ef700d83b797a8e714fb615faafe83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 772baf117d781c192c2e9e574b47516d
SHA1 94028f65123f5aea4e102ea0a8274e1d20090219
SHA256 b87bd2976d88508368e0f9b296b58b5e44d3516cb709fc1a931fb6f13e1d6c55
SHA512 efb6466ef8d5fc93b3830fb2aa37692b93291058195bfd92e5f9a1ba5eefd5b404937f8b7a03295718f53c40ad4d738562c52b72832fc6455327ba3b433a0224

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\37cc1d9f-3c80-4f5a-a4c9-e4ad14bf21de\index-dir\the-real-index

MD5 25ea5b7825307570a30103867a57bfad
SHA1 01dfacf19ba3a92c31669e7ec57d754334693fde
SHA256 8fbe4753518ff2195111a4ca0bf6400c8f8597f137a25e65d22a7d42a25fbb75
SHA512 3a1e67ca75fb9462790b1fd26237993cf267c50c6b8737c1c4d19b13149f7421d559694f17c4d403918552706160d6c657e7497c6072d058c65d77fc79aea912

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8804acca-2cb7-4bcc-b823-950f0fb8d878\index-dir\the-real-index

MD5 7f1bfe42363287762af8131d350a16ad
SHA1 968790acf0688c8a85e39b968875a51fb2fbec95
SHA256 fcba7a4215dc368ec8b262f4a27c06441fca8e3ff2038e77c5b8c1bd4c38a97c
SHA512 ec2c2383226f153c786890df65f97295d1db4d764f380416eef9f579351582816ffd00131e6a123d3d5ff968814601a44340777a3bf6edc9b5fc6c80c5834c81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 88003bc12e03d0fd233542af5db4d2dc
SHA1 c866a7a425b40279d6f4a0cc18321b34bb4ea828
SHA256 9aa1c13e9641c2e214ba255fd8bfeef65372124ed6d509fc59a8d8958e3383e7
SHA512 a00971c2a8a8826941024ef65a5a50f1470fe07f167bd923475ac383990c3d86f57f5a5038d0d0a8f3d252cc713962c61a9bfff433b5c760696e62d9a6547286

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\50bfd696-4fb9-4e87-ad0d-289b5c5054a5.tmp

MD5 2dff7c8835db1b4dfa8bbfece55ce6af
SHA1 25f34ccc98b249fcbf8eb5be0fdc61167e4992bc
SHA256 267f651b828a665f046723dde0fa0b7edca7d454e90e3c54ac12ac8164e59ebf
SHA512 49e4560e8e9c915952235ae3f163dbab6cfd58bd7f1e4d31f54bd7a53beaf38f09cb35a1073b86addfdbe0a467e0494ad4bb542744ce0da3d5ab2d42d9865d92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0caff18c0815857c9e8119aefd3fc4c8
SHA1 935680639cc74977010dff19f0f8b1e50a2604c8
SHA256 4405672c433c72451956b5e35af58dea2f8a9671d75ffe64fe37b0b2a00bed82
SHA512 cd5c3d696914461d9f413d2374a8ed46e02ae26392a4485c47410bd9052b742143306f479c51ba367cd6add52043aab933e1e6d96c4fb0ea53fadaf98768336a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 55e0a4852575b704277323ea11e85ab6
SHA1 b31f2c2f4cf11b062488d44438eac2883ebb79f2
SHA256 4db3ce9cd63a41a94123f9e12a1c757e5720ffac856e30fd36bcc44d99e2f3ae
SHA512 5b3836d3178e8ed30149a25af11994f9e234c08743482195cc87d074196f4345dbd5a4a5ba1b864c4bcc4bf8909a791648963697db57314e1d1070c02cdd387e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 d80b9bbe3a4fa401aa6a6991c6de544b
SHA1 c9199ac54b5d7e2e694a4bfcc87e26ad67b1079d
SHA256 a15ff5c1fb89e8b61397219193ce78369f99ce70986b1c24d357f93ec77ec4b2
SHA512 9c7ec7a6517c7982244201567f28e1eb72b440b82c2b426b8789824fb93f4c6cbccd5bd563792d76d8d95d50f6e3693ca8ef28f3f944ac46dbeaa2d3da9d047c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 17931a27b0f913fc448346b1f709e4f2
SHA1 d26a296b8eac591d7ea89dd3ccad59da9dad9605
SHA256 e04a87869e93675a4d9556dced851fed7a5e704907ee5bca33cb261d7bc6a1bb
SHA512 51aba23d4c387f88f80bd1edd24b83ffa467f7bee178e642a3020129c085dc4cf13bf50fb85b3e0a6a86016f60142c8c2b884020a73b1c5c2ba1a9661c9c9434

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 50e498f8c65c9b905d04288018a47840
SHA1 a148a61183d3cd3d15d3ce56af6c16d0dc4d1700
SHA256 9848f5c1fc710102100a80cd2af78c36773832ebaec59618b89cc9c66360ad14
SHA512 aa1a9f5efef0c558d756bf8fccef9474d203540cb9cb1fbdd0aedd2242e9eccb0ae17682f44a61d63c6172550dd9dbc76f90ad284e461fb65c7a28d64c876067

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\15d69f3b-5fc3-45af-9641-313c908de49c\index-dir\the-real-index

MD5 051f29fcd4dc8063483e3d5c71317aa4
SHA1 c0396c0e571ce1a401a121a928e8acba0e58ac76
SHA256 6c0c0e27dc3c660a19f9e80c4d99a4f53f9aa82a70492ec695920981c66664cd
SHA512 9429c745981bd6ebdb831329f48dff3c480d23682b4a9b668cea414f761e1cb6c316e7a6b10ddd755d649621f57c77b80b0c99a6adfbc6c6bc8982d06eaaf215

C:\Users\Admin\AppData\Local\Temp\49866a1d-0ee9-46de-9ba2-9d032a72f464.tmp

MD5 f4ede4a1358506bd0e2b11078a500915
SHA1 2be5b0df38a450df89a5c80dfd9ef6aebdb99d6c
SHA256 9cca480e3fa5e8cddffe5674b151640d93571f98da0a2401e3289b6169789d1a
SHA512 cad7e147fc61d4f3ca39457f359d8876e78e9a845733b06ddda6b261bb4e849661b0227248812dc5a2d30bfbf8d44d685dde2cc3a6be09337072887afce8c0a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cf2e2df9c6b7b1b6b8891f998be371c6
SHA1 48dc8dbbf2af227fbf1eab807210196a98bb123e
SHA256 5f44e68150fe93352e2d894675364b3a43cdeba3ffbd1e35c4d35d7ff81eb5f3
SHA512 15b08ae792d9da6c4c226b73655aee36674b7434169d4e73ffbeb91b3a8086d5eeaab49d955911c473c907b8dd0152ca43aa99024aaf419f8489447a95b1e68e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d7848ea4bea1416b3a2f59bf8d479c2
SHA1 5d1ee83249a66ac2b92f1e0ae08713bf2da7961c
SHA256 5bfaa6053700b659ee270d3ed31bb2436bc7e785ba895d787f670e23688edb6a
SHA512 49df439f28ab9b3eea29b2aa953a460636b84b69c2f022106a3115b7796c90b32f718d3d5f8761e7ae59774eb92f4577dd05981f9a599102b2a87ce3e8849116

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c56326a7b3226fc770fa24c84aea75af
SHA1 60fba41df210be2505ace602bbbeaea5f5a3f392
SHA256 2195909f358d6afba67483bd753495dd87f63238cde2edfd02bfdaaff65d7a4c
SHA512 22a893cfd7504e4e684eb38d2695b895053757a1f81fed17f2a5a3b5a404ea571d382fceb78a7bf27bcf21dd32d46b21e6d2ad5940cd349a3d6042dfca1e3571

C:\Users\Admin\AppData\Local\Temp\syncopator.gif

MD5 aca982c5178837a4175c060f5cc3f629
SHA1 78be2115e72a7cbc4912649dbcf5fdeaabfa39f1
SHA256 0fba7825be895eb1f1ef99653c86ac36a59369ab628513ebf0149250836798a2
SHA512 94bf147dba900090ee753b6639aed5174668c45f282fdcdd8cac0547fa4150a4364f43a582d5780a5e71e20d465336aeb745882dec032692f83ebceb7782088f

C:\Users\Admin\AppData\Local\Temp\WebUI.dll

MD5 3466b1db2f18f460d0355554ee408275
SHA1 13cc9203b7161d4714ceb27f7110e66f80058360
SHA256 2e20a077ab2deb869d9bb2ad0569014f3d6e12c53dbce37f88d83b04f774bd66
SHA512 e018356e86e613fce0a18e20ccc7a19ca9765089596aa496d154896f1faa652f25fc017908658deab6aad6f16c36c8a9265de4bc6332aaa2309cb832a3fc67d1

C:\Users\Admin\AppData\Roaming\readerwizard\cotise.dwg

MD5 24049b25f1a168dfe24898912052b1e1
SHA1 a0874a84bad691e52713a2ea4b05a1d8193f145b
SHA256 836cbae2921810f37db00ac96bb32d853e07014d39f55d80446246acb879d458
SHA512 ac3f9b76bc75b49eab50ab41dd3264ff02efd49aa32c322c464f13167ee09d66cacaf5dada0537f05db26a1bde723068f809d9b64f4f26b2e2a70b6f2d0362fd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 bd4badb3f5bec50073b1a79d8178ea84
SHA1 3729967bcd302586567b8111485f469b9b002045
SHA256 30146f1f7f45c4edd7532e63402347ec698aed7049cbcb3118052ee2d636441a
SHA512 a4805d05e40565d732897a7f72d57f34b3ba30691cea7e41c66f1b4aecf623c826f0780805e28946e6e7ca81bc2798997a18da93257ff960a505b979c54eba29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\index.txt

MD5 2c6d36660171f244a2cbf4ac9d493df4
SHA1 a811dfce6f88f5353099e76bb805b5dd7d424551
SHA256 444aaa298fa23322c544889549129abad8bb4ba00eb26baef51a2caf34a8e084
SHA512 d1feb7d7f38d1535d85e424f95cf0e9583ee920b713b573a0a0046a17bb3b2118bc6e9716334fb14a016f9ed5df40964e8d06dc596c8725b21d0c8ecbc0a2bc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\37cc1d9f-3c80-4f5a-a4c9-e4ad14bf21de\index-dir\the-real-index

MD5 ae2093323118951245cca54585b92d07
SHA1 53d52ecfab5401007a27b163be0adb1ef49e766c
SHA256 72858bd861e63d4bc2f65b4d217d98f3692e6258f9a7ac91394efac577f0d3a4
SHA512 2af23781f65061c1bb157baf5fcf98dfa9b13d1300c455a89cd7b928506340b37f178f95cbe365fb8da80ea355b007c096957c7dec7659124d7ad83904e848b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1b6e81beee8f9cd6147d743ab8ba43fd
SHA1 10bf0eb361a839377b14ee90e55e166adbacd0ac
SHA256 c0f7f488990018c268a3d6c94f933b7c51f492056cf388a37858d803a5ee8bd7
SHA512 97eb700bec829f3375ded56d50e77aeffe05c6539de6e9cb8df5e261cfaed1f0abe359904a080518e5b32402d3f4872f2e0fe2fcf4b254d3367a9c3499a6ed8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 49f9d3a5d639a7894179063367292280
SHA1 579ff4f365dd0c273f8ddf350778d2995388bb4b
SHA256 0fe654bc4b5d15e8b4b99691f913e0002324e5cab3ce2d14f41c2c0db5e8d7c9
SHA512 4192275b9f7e67faf144e01a4faf601c19aab1c4d59a48519d9c9525a66259be5447816ef8a58613d6f37ec90a9fb3973bd7cc7645bae5c23cb15f447993f3b2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 59ce80151bcabac985b546b8d458bba2
SHA1 acb34a42c0ceded106de85709a7cd13852f9b2cc
SHA256 90a406dd3bd07c5851cb276d11ef7416100aac45478ddee0bfa3548a5faec038
SHA512 b8cf64c089175d1a90062a96d6922792fce72ef0ff6593f2d9e4a0d3816533a01d5904052092e49a5d29ed80811b37c6b32b39f2f554daadb29b92006ed15f0a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 3fc12846c053994b834eddfcb93363aa
SHA1 b69cd25efacf4f2b97ab3d85fdabf7c41872e96a
SHA256 9bcb4814ab096c6d3c137ac14dc5f701d9f17080ca7c8f1c35e38ac83c9c250f
SHA512 3026665dc28b23c0565f9486d7bc1cac819c1126f8cb2a83202f77015b901b1192e87494d160977f70a11da75fb29e029b9cd4b26d0d866d0b04c05015069ba2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f419cae3f27d8b2505fe29f368003aa5
SHA1 9efafe5a54bb5978473648382aedf126636d1116
SHA256 0f50d7d7063c8b5bcd0d5e7e5825ba4c31661644a41bfc3c213f2bc0e05fdcdc
SHA512 00b3b5907fd53c203eac249d06be99df0fe96ad2ecda27998a00162ae21f542ed45ae585b5f5ec6eafdf4c9b29a3d537d0aa2f766f8496e473b424b14e88b5af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\37cc1d9f-3c80-4f5a-a4c9-e4ad14bf21de\index-dir\the-real-index

MD5 28c7a3817c9a016e51f51119b2e8918a
SHA1 1189488753ec21592bbe8db1ab58515c650680b1
SHA256 5df7888616af10139ce8caec0536c4eb6cec36d51228f3c9e8c0d202a868665c
SHA512 96ae6571bf6fbcc169edb4d57328f4b4ab3f90895524371ea511d16ab6e474dd6b6441b76874756c79ea0f5d04aebcc4eef9a77db433918731d91ce43addde08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8804acca-2cb7-4bcc-b823-950f0fb8d878\index-dir\the-real-index

MD5 ae5a4dcb92352df17cf2aaf1cb06c5d4
SHA1 0252a44be8970c7aae3dca42bcb96b5e5a5d16d8
SHA256 fbb5ecc63af3432ae178bb0e855460cad0eda85aa4e5e61ad1e796bf38abe253
SHA512 af95df66197b7ea3a20f5367baa0c6cb071725d436a726f1ec28eb18557e47c0ba23f47f7b53b335a87be0a6765c781a1a801998d2307102cbc0252358bb3e74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 726334cda947eb04fa75aed9a4249765
SHA1 16065827655c2aff09b336bacd480daf447c768f
SHA256 1f9a1cafa619437d8a5520019fb4658b71dc6206eba19d2c85deb8c74a40b818
SHA512 798b18cdfc2c879af6fd28ee7f332a3603df95138436cd7199bf5b54833cf770518041e3015ac21008b789a722394820556c0525bfca9248555ca5683d1e4e17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4493bfd86806e9877a3c5367c164dea7
SHA1 7a51790d942a2e8b2fc9d83ef261833a73e0971d
SHA256 d68e5a8eccc1f1591bf1f158c2ff37b09cd96be1aca91df83931c0f0c5a93f75
SHA512 1d8f02716755ffaef459e431907a42e6cfab4646ec1ae42a21ddd68bb00c60e66d3f680dda2df2a5c37eca56d05c1d5a67889e98537a8b476e56b044a2dce999

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 78653677a51888bdd6a6f3b20fe354a6
SHA1 4805a2bee67a81e455e69f986acdb9ad3da0629c
SHA256 eebff54e2fe6332c070af421a6c4a6303623f6f9fa9a31fd1443a2e5e23330d7
SHA512 192ec669ebfb5130870a983ea5fb537cda30744ffc05c751c2f5c1d11f4f47d42a57e5917cc3bf7d7aa26c08335372d716d2faf782d1918ef8f11186ad39a641

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000021.log

MD5 50bde034e8c38c3e3e58ef4c97e400c5
SHA1 552484c73ce2c0a5aa070203247335309391c8d2
SHA256 3fdb37228324d475882a877e5c5e6b520954b78febab4fe7e4f230f83c0ec151
SHA512 54a7085be4aa0e11679dc1e3946cbcff6c573aa3afcc3bd4971f8f23134b8c9bdb2969c1de244099dfa875a63ac787359d2c087d5c9545c8771fc288e2dc1cf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

MD5 2290b4ae198fc9c8b4c75b4c571dc79b
SHA1 f80e3130b74b6279e6d00231ce7b074aa4296d69
SHA256 4701855e1f61142a6272de2fe9ad924cbf0e58c86f63550b246cb50f53e1003f
SHA512 891542983a6b78665f7feab5ff6deb81944f105c48be987a5b8545e1e1e4d726d1587cd5054f86b7df87761c2d98b4f2991aa7a8d9410aa8c505d706f401398e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2170d79c728c8e7a5f6823ebced61305
SHA1 3a4c5f8bd4f6254bdcbdbdc3d54455887d4d3745
SHA256 d405345b577d0dcc44e0e63af520f14191e073f869cde8605357387d273f1fdc
SHA512 153605e603cd0c12dc84b11356328a3d84742bb023f1c33eb2e8de76b8dca87a7a1fbc221d4002f60190a3ed7ace022c32690c848900b077eba2f382f4ef3f54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 ef6e5b43d7bf7c542d97de6ec8adf104
SHA1 d9fc57503c146850117ca8b3284b0078480889a3
SHA256 9bcc48c55075f6911f79b403c81b50e8e07dc969cba6b2985cd5afe2aa1e1547
SHA512 39f48a55135f5bf5d0c897b83df59f746ccfd613b31b67a3cd65e0a065565657be8739038d5d62ee462664feae718e9258e122612dbfbfbcc851a78e4708c9ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

MD5 5ac2f568c3fcc81cdba247c49f782fca
SHA1 7247f19739c819e11acf8790a8cfc9f9638b27ed
SHA256 d25aee83d6183299b1d8d010f3cbf7ca823d4d0466351f0cbd0dddf666761f96
SHA512 1d532b31744a68eb44a7e365179639a0be0db31ac7249e80140b4ae6a82eb834a0e29db9a9092328f1147615020a6ed25b9bd8991c54c312c3e087f1229e2e74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 93f02522c3565a5d47488aaf2b996e63
SHA1 5262051046b9f56b71fff5dbfb1a371e53f43c61
SHA256 156f6c6c5ae17c3262d68e5bd666e395abc3e3e2bff5339cbb20edb135468f69
SHA512 801bca27f2f7fbb59cbbf81e42abc8fcdffd857ea6498d23c7e3ef2398fbd7150a9e38001dbc61464f74871255fbbde14906f202f4e95062adce18d670354e74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000214

MD5 ddf9e6b63630bc36d67d1253a926ee48
SHA1 63d5e02dbb16b05885c20dee9541bbc6f939eee5
SHA256 228220fb6aa57f32c5901e60f1a2e17ebae1a6d411ac4c33259cfc870070ca61
SHA512 c71a5d5b8c56f7990e70cd0e91f7dab1adf8be7173ff192f566ba5da2cc4bc7e9cf3f5382e9b64dae63b3ec66d2186e17f6ecaeab864152bf33faf9a90578d41

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 4c374e94f33fa1cb3d08f10289dec81c
SHA1 d4ea42d34ca71c0ce3d0fc54d3ab3f0adc5c80af
SHA256 7e59d35630d427f4f21d48b39df5e2a02180056e8615755234b28f6256864d02
SHA512 7922eeac7538e0df3ded52cfffce4af0cae0e03cfadfec7b34931248a5f216eb31866b0a79b19a84ff37141c1d039f3711d62d2ab25ef4af5d115e2e038dab9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 02b2a101977eb0663524d604b54ebe11
SHA1 7ce44d4512ec4cf429cc97ddb6693d6816f9ef5c
SHA256 f313335afc1792d8a45552bd04d68dfd42ae02a706e7599ea0c66e593f39396c
SHA512 d6badd806fcec47cd9a6856a16ec5b158e8e1d4fdf51b6a8f620f28e581a0804c147120b626f452a036c4faeb6cd60160c2c516d625a7d4cfce99220ac9c8a02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000227

MD5 ed73834cc74913fcb1da866d31851aba
SHA1 5caf803048b5f65cfeff95fd9c59fb2c776ed2dd
SHA256 18dea76f200b9c636a8239e1a08c7399e47295def1aa42ac95665234e069a7e8
SHA512 110b7511313f263b7ee3767f75cc524fc4155543847c2dc6ce8680a33244038d6534c22262cbd63dbd64043204709f499275d327896ed3c824140c747d38c41e

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 f4ace4a56b2fd4f6d95a72537563bcf6
SHA1 a2d943e838ce95c402b882c0f321addebd5cd836
SHA256 1415ba64c6538d5c5e1c1de18a13394e2cdd1c9df29ac32924c80521225a83f9
SHA512 76c665299b7121e93c740143718f729437d4ee4592db0cbdb295e0600213264afa1ee9207821862d60e52e1edf6ed41fcdeacd449a5605add96cb33bcbd9d2c5