Malware Analysis Report

2024-12-07 14:41

Sample ID 241006-arq95axcmk
Target http://youareaidiot.org
Tags
defense_evasion discovery evasion execution exploit motw persistence phishing privilege_escalation spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://youareaidiot.org was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery evasion execution exploit motw persistence phishing privilege_escalation spyware stealer

Drops file in Drivers directory

Manipulates Digital Signatures

Stops running service(s)

Possible privilege escalation attempt

Downloads MZ/PE file

Creates new service(s)

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Reads user/profile data of web browsers

Executes dropped EXE

Modifies file permissions

Checks installed software on the system

Checks for any installed AV software in registry

Enumerates connected drives

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in System32 directory

Launches sc.exe

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Program crash

Suspicious behavior: LoadsDriver

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Runs net.exe

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

NTFS ADS

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Checks processor information in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 00:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 00:27

Reported

2024-10-06 00:34

Platform

win11-20240802-en

Max time kernel

433s

Max time network

434s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youareaidiot.org

Signatures

Creates new service(s)

persistence execution

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\rsKernelEngine.sys C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File opened for modification C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsCamFilter020502.sys C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2005\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4\FuncName = "WVTAsn1SpcIndirectDataContentEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2223\FuncName = "WVTAsn1CatMemberInfo2Decode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2012\FuncName = "WVTAsn1SealingTimestampAttributeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.2\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.4\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A

Stops running service(s)

evasion execution

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\CheatEngine75 (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\CheatEngine75.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fsukrvlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SOKV5.tmp\_isetup\_setup64.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp972545734\installer.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\windowsrepair.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp N/A
N/A N/A C:\Program Files\McAfee\Temp972545734\installer.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\rundll32.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser\Installed C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp N/A
Key opened \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\SOFTWARE\Avira\Browser\Installed C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\clbcatq.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\winhttp.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\mskeyprotect.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\MSASN1.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\CoreMessaging.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\ADVAPI32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\mskeyprotect.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\dhcpcsvc6.DLL C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\advapi32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\imm32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\explorerframe.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\OLEAUT32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\uxtheme.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\GLU32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\DPAPI.DLL C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\winhttp.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\CRYPTSP.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\webio.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\win32u.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\iertutil.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\webio.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\ucrtbase.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\bcryptPrimitives.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\ntdll.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\shcore.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\winmm.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\DNSAPI.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\dhcpcsvc.DLL C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\msimg32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\GLU32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\clbcatq.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\PROPSYS.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\wow64.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\RPCRT4.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\ole32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\opengl32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\IPHLPAPI.DLL C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\SHCORE.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\windows.storage.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
File opened for modification C:\Windows\SYSTEM32\kernel.appcore.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\wintypes.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\atlthunk.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\sechost.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\KERNELBASE.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\CRYPTBASE.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\SHLWAPI.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\dxcore.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\secur32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\CRYPTBASE.DLL C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\apphelp.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\ncrypt.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\comdlg32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\SHLWAPI.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\WININET.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\netutils.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\TextShaping.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\GDI32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\wsock32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\schannel.DLL C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\cryptnet.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SysWOW64\urlmon.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\combase.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\WINNSI.DLL C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\samrecoverable.luc C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\mappings.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ReasonLabs\EPP\arm64\elam\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File created C:\Program Files\Cheat Engine 7.5\include\is-6C6NR.tmp C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\include\winapi\is-0ESVK.tmp C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\McAfee\Temp972545734\wa_install_check.png C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-CA.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDragAndDropSvc.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-da-DK.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-BR.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\transport_ga.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ReasonLabs\EPP\manifest.json C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\transport_eng_observability.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\InputHost.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\ReasonLabs\EPP\rsEngine.Data.dll C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\wsock32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\ldplayer9box\tstPDMAsyncCompletionStress.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\Windows.Storage.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\ldplayer9box\USBTest.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-tr-TR.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\mappings.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.6.0\LICENSES.chromium.html C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\gdi32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_sideloaded_ext_guide.png C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-da-DK.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.6.0\locales\am.pak C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.Reader.dll C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\winnsi.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-TW.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\productupselltoast.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\DUser.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\opengl32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.IO.dll C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding-bing.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pt-BR.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-PT.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\opengl32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\LFS.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\nsi.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.sys C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxCpuReport.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp972545734\jslang\wa-res-shared-zh-TW.js C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\installer.exe N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\is-5QVFB.tmp C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafeeicon.ico C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\DXCore.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fi-FI.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\rsHelper.RPC.RPCClient.dll C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.IO.dll C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File created C:\Program Files\ldplayer9box\fastpipe.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\checklisthandler.luc C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ko-KR.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-dwtoast.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ru-RU.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\shell32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.sys F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sv-SE.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nb-NO.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-cs-CZ.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-nl-NL.js C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-warningbackground.gif C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptiontype.luc C:\Program Files\McAfee\Temp972545734\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.FastSerialization.dll C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\tcc64-32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.22000.434_none_1630a2eb2777c45d\gdiplus.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_e541a94fcce8ed6d\COMCTL32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\CheatEngine75 (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fsukrvlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\LDPlayer\LDPlayer9\driverconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\CheatEngine75 (1).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\dism.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\CheatEngine75.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\Cheat Engine 7.5\windowsrepair.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" F:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E87-11E9-8AF2-576E84223953} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-c9d6-4742-957c-a6fd52e8c4ae} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\CLSID C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8084-11E9-B185-DBE296E54799} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E1B7-4339-A549-F0878115596E}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7F29-4AAE-A627-5A282C83092C}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\NumMethods\ = "22" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1\CLSID C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\ = "IVirtualSystemDescription" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}\NumMethods\ = "20" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FF5A-4795-B57A-ECD5FFFA18A4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7997-4595-A731-3A509DB604E5} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6989-4002-80cf-3607f377d40c} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C60-11EA-A0EA-07EB0D1C4EAD}\ = "ICloudClient" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8F30-401B-A8CD-FE31DBE839C0}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9849-4F47-813E-24A75DC85615}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D8ED-44CF-85AC-C83A26C95A4D}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4289-ef4e-8e6a-e5b07816b631} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\ = "IGraphicsAdapter" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\ = "INetworkAdapter" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5409-414B-BD16-77DF7BA3451E}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E72-4F34-B8F6-682785620C57}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C9D6-4742-957C-A6FD52E8C4AE}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8079-447A-A33E-47A69C7980DB} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\ = "IEventSource" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\ = "ISerialPort" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B}\ = "IGuestProcessEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\AppID C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80F6-4266-8E20-16371F68FA25} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D4FC-485F-8613-5AF88BFCFCDC}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f1030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 697804.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 477092.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 345421.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\CheatEngine75 (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\fltmc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod0.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeTcbPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeTcbPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: 33 N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeManageVolumePrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: 33 N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SYSTEM32\fltmc.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeTcbPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeTcbPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: 33 N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeManageVolumePrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: 33 N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 776 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 3380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 3380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youareaidiot.org

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff381f3cb8,0x7fff381f3cc8,0x7fff381f3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6172 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8

C:\Users\Admin\Downloads\CheatEngine75 (1).exe

"C:\Users\Admin\Downloads\CheatEngine75 (1).exe"

C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp

"C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp" /SL5="$F0250,29027361,780800,C:\Users\Admin\Downloads\CheatEngine75 (1).exe"

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod0.exe

"C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod0.exe" -ip:"dui=fc0a75db-1ac8-4646-b578-3bf7c73d9a5e&dit=20241006002823&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true" -vp:"dui=fc0a75db-1ac8-4646-b578-3bf7c73d9a5e&dit=20241006002823&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&oip=26&ptl=7&dta=true" -dp:"dui=fc0a75db-1ac8-4646-b578-3bf7c73d9a5e&dit=20241006002823&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100" -i -v -d -se=true

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\CheatEngine75.exe

"C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST

C:\Users\Admin\AppData\Local\Temp\fsukrvlz.exe

"C:\Users\Admin\AppData\Local\Temp\fsukrvlz.exe" /silent

C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp

"C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp" /SL5="$700DC,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST

C:\Windows\SYSTEM32\net.exe

"net" stop BadlionAntic

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop BadlionAntic

C:\Windows\SYSTEM32\net.exe

"net" stop BadlionAnticheat

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop BadlionAnticheat

C:\Windows\SYSTEM32\sc.exe

"sc" delete BadlionAntic

C:\Windows\SYSTEM32\sc.exe

"sc" delete BadlionAnticheat

C:\Users\Admin\AppData\Local\Temp\is-SOKV5.tmp\_isetup\_setup64.tmp

helper 105 0x388

C:\Windows\system32\icacls.exe

"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)

C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe

.\UnifiedStub-installer.exe /silent

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\installer.exe

"C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp972545734\installer.exe

"C:\Program Files\McAfee\Temp972545734\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe

"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP

C:\Program Files\Cheat Engine 7.5\windowsrepair.exe

"C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s

C:\Windows\system32\icacls.exe

"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"

C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe

"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3684 -ip 3684

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3684 -ip 3684

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 1804

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml

C:\Windows\SYSTEM32\fltmc.exe

"fltmc.exe" load rsKernelEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\elam\evntdrv.xml

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff381f3cb8,0x7fff381f3cc8,0x7fff381f3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10808 /prefetch:8

C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe"

C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"

C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe

"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

F:\LDPlayer\LDPlayer9\LDPlayer.exe

"F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="F:\LDPlayer\LDPlayer9\"

F:\LDPlayer\LDPlayer9\dnrepairer.exe

"F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=852568

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe {51B8BE2F-E288-49D5-8C31-1706D2A0FAA0}

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

F:\LDPlayer\LDPlayer9\driverconfig.exe

"F:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7fff381f3cb8,0x7fff381f3cc8,0x7fff381f3cd8

F:\LDPlayer\LDPlayer9\dnplayer.exe

"F:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.ninjamuffin99.funkin|package=com.ninjamuffin99.funkin

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D8

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff381f3cb8,0x7fff381f3cc8,0x7fff381f3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 youareaidiot.org udp
US 103.224.212.242:80 youareaidiot.org tcp
US 103.224.212.242:80 youareaidiot.org tcp
US 103.224.212.242:80 youareaidiot.org tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 242.212.224.103.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 103.224.212.242:80 youareaidiot.org tcp
US 103.224.212.242:80 youareaidiot.org tcp
US 103.224.212.242:80 youareaidiot.org tcp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.167:443 th.bing.com tcp
GB 92.123.128.167:443 th.bing.com tcp
GB 92.123.128.164:443 www.bing.com tcp
GB 92.123.128.164:443 www.bing.com tcp
NL 40.126.32.76:443 login.microsoftonline.com tcp
US 104.20.95.94:443 www.cheatengine.org tcp
US 104.20.95.94:443 www.cheatengine.org tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 104.16.24.14:443 c5.patreon.com tcp
US 150.171.28.10:443 bat.bing.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 104.16.25.14:443 c5.patreon.com tcp
GB 142.250.178.1:443 7185419632ac4780e62e0dcf4fe8dceb.safeframe.googlesyndication.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com udp
CZ 65.9.94.50:443 d27825u686rxd6.cloudfront.net tcp
CZ 65.9.94.50:443 d27825u686rxd6.cloudfront.net tcp
BE 18.239.190.6:443 d34hwk9wxgk5fi.cloudfront.net tcp
BE 18.239.190.6:443 d34hwk9wxgk5fi.cloudfront.net tcp
CZ 65.9.95.119:443 shield.reasonsecurity.com tcp
CZ 65.9.95.119:443 shield.reasonsecurity.com tcp
US 52.26.104.76:443 analytics.apis.mcafee.com tcp
GB 2.19.117.95:443 sadownload.mcafee.com tcp
US 54.243.47.129:443 track.analytics-data.io tcp
US 54.243.47.129:443 track.analytics-data.io tcp
CZ 65.9.95.115:443 update.reasonsecurity.com tcp
US 54.243.47.129:443 track.analytics-data.io tcp
US 54.243.47.129:443 track.analytics-data.io tcp
CZ 65.9.95.66:443 electron-shell.reasonsecurity.com tcp
US 54.243.47.129:443 track.analytics-data.io tcp
US 54.243.47.129:443 track.analytics-data.io tcp
GB 2.19.117.95:443 sadownload.mcafee.com tcp
US 52.26.104.76:443 analytics.apis.mcafee.com tcp
GB 104.124.169.75:443 home.mcafee.com tcp
US 3.214.141.241:443 track.analytics-data.io tcp
US 3.214.141.241:443 track.analytics-data.io tcp
US 52.26.104.76:443 analytics.apis.mcafee.com tcp
US 104.20.95.94:443 cheatengine.org tcp
GB 172.217.169.3:80 c.pki.goog tcp
US 3.214.141.241:443 track.analytics-data.io tcp
US 3.214.141.241:443 track.analytics-data.io tcp
CZ 65.9.95.88:443 cdn.reasonsecurity.com tcp
GB 2.19.117.71:443 sadownload.mcafee.com tcp
US 3.214.141.241:443 track.analytics-data.io tcp
US 3.214.141.241:443 track.analytics-data.io tcp
US 52.26.104.76:443 analytics.apis.mcafee.com tcp
US 52.26.104.76:443 analytics.apis.mcafee.com tcp
US 3.214.141.241:443 track.analytics-data.io tcp
US 3.214.141.241:443 track.analytics-data.io tcp
GB 92.123.241.137:80 www.microsoft.com tcp
GB 184.28.176.66:443 tcp
GB 184.28.176.66:443 tcp
GB 51.104.15.252:443 browser.pipe.aria.microsoft.com tcp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.169:443 www.bing.com tcp
GB 92.123.128.169:443 www.bing.com tcp
GB 92.123.128.146:443 www.bing.com tcp
GB 92.123.128.146:443 www.bing.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
GB 216.58.201.100:443 www.google.com udp
US 151.101.1.91:443 rv-assets.softonic.com tcp
US 151.101.1.91:443 rv-assets.softonic.com tcp
US 151.101.1.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.1.91:443 rv-assets.softonic.com tcp
US 151.101.1.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 150.171.28.10:443 bat.bing.com tcp
BE 18.239.208.58:443 sdk.privacy-center.org tcp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
GB 216.58.201.100:443 www.google.com tcp
US 151.101.65.91:443 rv-assets.softonic.com udp
GB 142.250.200.46:443 syndicatedsearch.goog tcp
US 151.101.65.91:443 rv-assets.softonic.com udp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
US 104.22.75.216:443 btloader.com tcp
US 4.153.129.168:443 b.clarity.ms tcp
GB 142.250.180.27:443 storage.googleapis.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
CZ 65.9.95.30:443 cdn.reasonsecurity.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.74.232:443 cdn.btmessage.com tcp
US 151.101.1.91:443 rv-assets.softonic.com udp
IE 13.74.129.1:443 c.clarity.ms tcp
NL 139.45.197.227:443 notix.io tcp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 227.197.45.139.in-addr.arpa udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.74.232:443 cdn.btmessage.com tcp
BE 18.239.208.20:443 api.privacy-center.org tcp
GB 142.250.200.46:443 syndicatedsearch.goog udp
GB 142.250.178.1:443 7185419632ac4780e62e0dcf4fe8dceb.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 104.26.2.63:443 wct.softonic.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
CZ 65.9.9.197:443 aax.amazon-adsystem.com tcp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
DE 178.63.241.79:443 shb.richaudience.com tcp
DE 178.63.241.79:443 shb.richaudience.com tcp
DE 178.63.241.79:443 shb.richaudience.com tcp
IE 54.194.113.148:443 ap.lijit.com tcp
US 34.120.63.153:443 prebid.media.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 185.89.210.46:443 secure.adnxs.com tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
IE 54.76.166.236:443 id.crwdcntrl.net tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
GB 172.217.169.34:443 partner.googleadservices.com tcp
CZ 65.9.95.6:443 tags.crwdcntrl.net tcp
IE 34.242.255.180:443 ad.360yield.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
CZ 65.9.95.56:80 crt.rootg2.amazontrust.com tcp
CZ 65.9.95.56:80 crt.rootg2.amazontrust.com tcp
GB 142.250.200.14:443 ampcid.google.com tcp
GB 142.250.187.227:443 www.google.co.uk tcp
GB 142.250.187.227:443 www.google.co.uk tcp
GB 142.250.187.227:443 www.google.co.uk tcp
GB 216.58.201.100:443 www.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 64.233.166.155:443 stats.g.doubleclick.net tcp
GB 142.250.187.227:443 www.google.co.uk tcp
GB 216.58.201.100:443 www.google.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
US 104.26.2.63:443 wct.softonic.com tcp
GB 64.233.166.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 46.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 148.113.194.54.in-addr.arpa udp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 6.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 180.255.242.34.in-addr.arpa udp
US 8.8.8.8:53 236.166.76.54.in-addr.arpa udp
US 8.8.8.8:53 56.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 155.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
DE 138.201.8.249:443 sync.richaudience.com tcp
US 151.101.193.108:443 acdn.adnxs.com tcp
GB 23.219.196.188:443 ads.pubmatic.com tcp
US 104.18.38.76:443 cdn.indexww.com tcp
GB 92.123.240.21:443 contextual.media.net tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 3.229.16.138:443 cs-server-s2s.yellowblue.io tcp
DE 51.89.9.251:443 onetag-sys.com tcp
GB 2.19.117.107:443 player.aniview.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
IE 34.252.67.98:443 match.prod.bidr.io tcp
NL 89.149.192.75:443 ssbsync.smartadserver.com tcp
US 23.23.152.227:443 api-2-0.spot.im tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 54.147.108.51:443 sync.srv.stackadapt.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
DE 51.89.9.251:443 onetag-sys.com udp
US 8.8.8.8:53 tracker.open-adsyield.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 id.rlcdn.com udp
NL 35.214.136.108:443 x.bidswitch.net udp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
US 172.111.38.54:443 tracker.open-adsyield.com tcp
IE 54.247.162.123:443 jadserve.postrelease.com tcp
FR 5.196.111.68:443 ssbsync-global.smartadserver.com tcp
GB 142.250.180.2:443 cm.g.doubleclick.net tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
CZ 65.9.95.71:443 s.ad.smaato.net tcp
GB 142.250.180.2:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 75.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 98.67.252.34.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 51.108.147.54.in-addr.arpa udp
US 8.8.8.8:53 227.152.23.23.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 123.162.247.54.in-addr.arpa udp
US 8.8.8.8:53 68.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 166.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 54.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 72.119.184.18.in-addr.arpa udp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 185.25.132.164.in-addr.arpa udp
US 8.8.8.8:53 71.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 98.82.157.231:443 s.amazon-adsystem.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
GB 92.123.242.2:443 eus.rubiconproject.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 151.101.65.91:443 articles-img.sftcdn.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 34.120.63.153:443 prebid.media.net udp
GB 142.250.187.227:443 www.google.co.uk udp
US 130.211.23.194:443 api.btloader.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
IE 52.94.223.167:443 aax-eu.amazon-adsystem.com tcp
NL 139.45.197.227:443 notix.io tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 151.101.129.91:443 articles-img.sftcdn.net udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
NL 89.149.192.75:443 ssbsync.smartadserver.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 34.252.67.98:443 match.prod.bidr.io tcp
US 54.147.108.51:443 sync.srv.stackadapt.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
FR 5.196.111.68:443 ssbsync-global.smartadserver.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
DK 37.157.3.26:443 adx.adform.net tcp
US 98.82.157.231:443 s.amazon-adsystem.com tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
NL 35.214.174.141:443 a.sportradarserving.com tcp
NL 35.214.174.141:443 a.sportradarserving.com udp
NL 185.89.210.46:443 secure.adnxs.com tcp
IE 52.94.223.167:443 aax-eu.amazon-adsystem.com tcp
IE 52.94.223.167:443 aax-eu.amazon-adsystem.com tcp
CZ 13.226.89.188:443 m.media-amazon.com tcp
CZ 13.226.89.188:443 m.media-amazon.com tcp
CZ 13.226.89.188:443 m.media-amazon.com tcp
CZ 13.226.89.188:443 m.media-amazon.com tcp
CZ 13.226.89.188:443 m.media-amazon.com tcp
CZ 13.226.89.188:443 m.media-amazon.com tcp
CZ 13.226.89.188:443 m.media-amazon.com tcp
CZ 13.226.89.188:443 m.media-amazon.com tcp
CZ 65.9.95.68:443 ts.amazon-adsystem.com tcp
CZ 65.9.95.68:443 ts.amazon-adsystem.com tcp
IE 3.254.238.154:443 aan.amazon.co.uk tcp
IE 3.254.238.154:443 aan.amazon.co.uk tcp
IE 3.254.238.154:443 aan.amazon.co.uk tcp
IE 3.254.238.154:443 aan.amazon.co.uk tcp
CZ 65.9.95.68:443 ts.amazon-adsystem.com tcp
CZ 65.9.95.68:443 ts.amazon-adsystem.com tcp
IE 3.254.238.154:443 aan.amazon.co.uk tcp
IE 3.254.238.154:443 aan.amazon.co.uk tcp
IE 3.253.167.114:443 sq-tungsten-ts-eu.amazon-adsystem.com tcp
IE 3.253.167.114:443 sq-tungsten-ts-eu.amazon-adsystem.com tcp
CZ 65.9.95.78:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
CZ 65.9.95.78:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
GB 163.181.154.240:443 res.ldrescdn.com tcp
GB 163.181.154.237:443 res.ldrescdn.com tcp
CZ 65.9.95.122:443 b-code.liadm.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
GB 142.250.180.6:443 8876029.fls.doubleclick.net tcp
GB 142.250.180.6:443 8876029.fls.doubleclick.net udp
GB 142.250.180.6:443 8876029.fls.doubleclick.net udp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
CZ 65.9.95.96:443 js.adscale.de tcp
US 54.237.59.39:443 i.liadm.com tcp
DE 3.123.55.249:443 ih.adscale.de tcp
US 54.163.111.2:443 rp.liadm.com tcp
US 35.244.193.51:443 lexicon.33across.com udp
US 104.26.5.6:443 cmp.setupcmp.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 79.133.176.186:443 cdn.ldplayer.net tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 238.154.181.163.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 186.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 stpd.cloud udp
US 104.18.30.49:443 stpd.cloud tcp
NL 178.250.1.9:443 dis.criteo.com tcp
BE 18.239.208.78:443 live.rezync.com tcp
NL 46.228.164.13:443 d.turn.com tcp
IE 52.19.118.55:443 dpm.demdex.net tcp
US 64.74.236.63:443 b1sync.zemanta.com tcp
US 3.224.60.248:443 mid.rkdms.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
GB 172.217.16.238:443 apis.google.com tcp
US 64.74.236.63:443 b1sync.zemanta.com tcp
GB 172.217.16.238:443 apis.google.com udp
NL 193.0.160.130:443 p.rfihub.com tcp
CZ 65.9.95.22:443 apien.ldplayer.net tcp
CZ 65.9.95.22:443 apien.ldplayer.net tcp
SG 8.222.254.73:443 usersdk.ldmnq.com tcp
GB 142.250.187.246:443 play-lh.googleusercontent.com udp
SG 8.219.96.60:443 invite.ldplayer.net tcp
SG 8.222.229.130:443 api.ldshop.gg tcp
SG 8.219.96.60:443 invite.ldplayer.net tcp
US 8.8.8.8:53 55.118.19.52.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 63.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 22.95.9.65.in-addr.arpa udp
SG 8.222.254.73:443 usersdk.ldmnq.com tcp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
SG 8.222.229.130:443 api.ldshop.gg tcp
DE 178.63.248.57:443 push-sdk.com tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
CZ 65.9.95.20:443 tagan.adlightning.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 139.45.197.227:443 notix.io tcp
DE 178.63.248.56:443 push-sdk.com tcp
US 8.8.8.8:53 cdn.hadronid.net udp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
DE 178.63.248.56:443 push-sdk.com tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
NL 63.215.202.146:443 proc.ad.cpe.dotomi.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
NL 89.149.192.75:443 ssbsync.smartadserver.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 prebid.a-mo.net udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
FR 163.5.194.36:443 sync.a-mo.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
FR 149.202.238.96:443 prg.smartadserver.com tcp
GB 216.58.201.100:443 www.google.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
FR 5.196.111.68:443 ssbsync-global.smartadserver.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
IE 34.252.67.98:443 match.prod.bidr.io tcp
DK 37.157.2.229:443 adx.adform.net tcp
US 34.98.64.218:443 u.openx.net tcp
US 34.98.64.218:443 u.openx.net udp
DE 159.89.25.223:443 node.setupad.com tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
DE 18.184.119.72:443 match.sharethrough.com tcp
US 54.147.108.51:443 sync.srv.stackadapt.com tcp
FR 163.5.194.35:443 sync.a-mo.net tcp
US 104.19.158.19:443 assets.a-mo.net tcp
US 35.186.253.211:443 rtb.openx.net udp
US 3.209.5.135:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
CZ 65.9.95.68:443 apien.ldmnq.com tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
US 4.153.129.168:443 b.clarity.ms tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
BE 18.239.208.75:443 apien.ldmnq.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
BE 18.239.208.35:443 ad.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
CZ 65.9.95.107:443 apien.ldplayer.net tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
US 162.159.134.234:443 discord.gg tcp
US 162.159.134.234:443 discord.gg tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 162.159.135.232:443 discord.com tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.240:443 leap.ldplayer.gg tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
BE 18.239.208.35:443 ad.ldplayer.net tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
GB 163.181.154.243:443 leap.ldplayer.gg tcp
US 162.159.130.233:443 cdn.discordapp.com tcp
BE 18.239.208.35:443 ad.ldplayer.net tcp
BE 18.239.208.75:80 apien.ldmnq.com tcp
BE 18.239.208.75:443 apien.ldmnq.com tcp
BE 18.239.208.75:443 apien.ldmnq.com tcp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
GB 163.181.154.239:443 leap.ldplayer.gg tcp
US 104.18.30.49:443 stpd.cloud tcp
GB 79.133.176.186:443 cdn.ldplayer.net tcp
GB 163.181.154.238:443 leap.ldplayer.gg tcp
GB 163.181.154.238:443 leap.ldplayer.gg tcp
US 8.8.8.8:53 239.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 163.181.154.244:443 res.ldrescdn.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 22.178.250.142.in-addr.arpa udp
US 104.18.30.49:443 stpd.cloud tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
CZ 65.9.95.119:443 apien.ldplayer.net tcp
CZ 65.9.95.119:443 apien.ldplayer.net tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
US 35.186.253.211:443 rtb.openx.net udp
DK 37.157.6.233:443 adx.adform.net tcp
FR 163.5.194.30:443 prebid.a-mo.net tcp
FR 164.132.25.177:443 prg.smartadserver.com tcp
GB 216.58.201.102:443 static.doubleclick.net tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
GB 216.58.201.100:443 www.google.com udp
GB 216.58.212.193:443 yt3.ggpht.com tcp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
FR 164.132.25.177:443 prg.smartadserver.com tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
CZ 65.9.9.197:443 aax.amazon-adsystem.com tcp
US 185.167.164.39:443 adx2.adform.net tcp
US 185.167.164.39:443 adx2.adform.net tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.46:443 play.google.com udp
DK 37.157.2.229:443 adx.adform.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
GB 142.250.178.1:443 8ebbd1ee4c32ff43d4b6e1dd9ffa7720.safeframe.googlesyndication.com tcp
GB 142.250.178.1:443 8ebbd1ee4c32ff43d4b6e1dd9ffa7720.safeframe.googlesyndication.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
N/A 127.0.0.1:6470 tcp
DE 159.89.25.223:443 node.setupad.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
US 35.244.159.8:443 u.openx.net udp
US 34.98.64.218:443 u.openx.net udp
FR 163.5.194.31:443 sync.a-mo.net tcp
N/A 127.0.0.1:6471 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6fdbe80e9fe20761b59e8f32398f4b14
SHA1 049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f
SHA256 b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942
SHA512 cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

\??\pipe\LOCAL\crashpad_776_SZUDDFFJKUBZPEGS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9828ffacf3deee7f4c1300366ec22fab
SHA1 9aff54b57502b0fc2be1b0b4b3380256fb785602
SHA256 a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7
SHA512 2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1763bcc41d32b6355624fc19cd65b72e
SHA1 4a5c5d50c5b3b49f18732ad9f6120b4c107786eb
SHA256 14ff8fe0522706cd097282ac02812e6095fc6f7eaa3d6db0cb6bbc0e3498b4e2
SHA512 67dfb94d80b0f36750aa59047593288b181bb618db74b95185e313d5ff95aea339e76da5761689f5b289591544f97ab1144575d1123b0f8a25eaaaf7cfa0cfe2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 df02a894d53a3f0c0d3c8e7472bc428b
SHA1 88d0bc39c85dfa1c201bbf5a8658cb96b0db9bce
SHA256 87ab11588cc737af7eada92faf7754e8a7a9189de47de4ee16afad4f921780da
SHA512 2b9f8892323bcf5901017b0f66586282da9401a2669ea7323e4f1213b8988b071ca33c82ef7e58e4069729a698b20a2079838b3fbf9e9e668af7bd40dc67b1bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 80ed426f1c38b51be262807b45a79c0a
SHA1 acd2a9a7c57608877b04c73d3b3b347387689ca3
SHA256 5e42941f79f01100fa45535af0c5a172fcd9e1f1afaa938b0c5976c4db8b9084
SHA512 734cd2266f9e1ac210091771835845f75111e2d304f8afe23dc0551930d9aa6ad71b8902c88d2a63d855b123756a44796d4869dbbd92bbf416f9d7f83d74341d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8f27a2041b41019f2bfd6148808db003
SHA1 31db8089fd8c9870e8848a0f74aff1b82d6924b7
SHA256 de50346385dd84aa1c604d5f471a2c40c6ad76e8db75fcf6ea4fc81647006646
SHA512 0c974248a88c8a81cd5c48d891e178e5efacb5dc4750ac61315ac1a6e305da46fea86a72050fa71be8f3a9bf5da2d87d7ae93ec5e163b5f498dcd5af82f57f62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40f62cef6f9b75e82c3e6efdf8a8c1b0
SHA1 28e8ba2f25ad5041122193e96906065f3f19d7c9
SHA256 8ddddea85236748a5c206ca11d54b6cbc96fb94ea4ad774101537af110e599fb
SHA512 11cb543dd4114395fccf17f81ab028510fc0cf70316099c05608375355f8abc0c914549a05b814904fee735abf5adb87dcb9cffea56d933e44c7b63ac0a4ecb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b6590ff1ddfcbf4813a5c9d45d6a6c13
SHA1 5825a5158958d2ab4b8395e6e7cc423395b62401
SHA256 aabafba2b3241a88ab0b9299e235b2a32a657694eea06e03d4101e595eed549e
SHA512 1cf76ed12b477b71b975ec822da14db2d97015a16fc082e1c8557993013bee32422fe7130a27b80e3d6f6f2e20fb981a8760fe96b0f617a3934c1a5e370efa66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582100.TMP

MD5 374f1173cf6edbbbdd62c03fb3db9923
SHA1 c2c7dfb9b23b11a98fbe8f0c504086c28088c219
SHA256 16bf56cd82cdfb152c204d46611603c1627619209c9c2e3bd1e733e2ed4556cc
SHA512 240974e3f43416a84bc1238d860a8af073474a9603409dcd56926ee6e01ec7e528634ba2c62df5ede95674c9c427118b96d2d0536a72149dfae2e8683fab2e42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c82ae0c2dd427d1a9afdc286af1c97d
SHA1 d731cff026bb862364b5c86fc6b9a462ffa25f68
SHA256 b88c831892ed2535c2ca9d4056303e7703a69bf6ce21f18616a00ca0e577f2b6
SHA512 4419cb7ddd64d6775a9a3547fa267c82885cc14d4ff11d41a46ada99481e7be8c2bf120bc3809cafc5f154ef5599d1e305095a0a2ee9c07349de9d0bd21aedc7

C:\Users\Admin\Downloads\Unconfirmed 477092.crdownload

MD5 647a2177841aebe2f1bb1b3767f41287
SHA1 446575615e7fcc9c58fb04cad12909a183a2eb15
SHA256 07c1abb57c4498748c4f1344a786c2c136b82651786ed005d999ecbf6054fb2c
SHA512 f3165aec7a4b7adb7e6ffca56812f769b7b085000d50bf235ca1c7e74d76dfb5549de9561e281623c734c2dec9fc37b54af572c3e97fcb9fb1411102ae3da0c0

C:\Users\Admin\Downloads\CheatEngine75 (1).exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 725dfbf2588c30b4697bd210aafa8a4a
SHA1 42241f6438fa0ff77dfff2c18d256f14b6fd974a
SHA256 2d6e0ea37d57ebc3f052ae6d07fd3cad008fe98f5d472e5814cdf4091d793630
SHA512 1213ab0576439bcf06207680202f0a82e56b54b12a53aa0e3e8bdad2badf538fb789fa0156b568de0fc2ec9c15c9dd149caba0f50396e482e27f75a8e5f3a709

memory/2848-405-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp

MD5 2c94c19646786c4ee5283b02fd8ce5a5
SHA1 bf3dd30300126ba9b51c343d64da2d8eda23ebea
SHA256 9be09875aa698a85c446fb80e075087d6c0a543a493a7f033f3015fe2f0680d5
SHA512 7c3d5e740340042e34f25047a29add080e89027db2d49775aad529ecb8e13bfb83f73adb3b2999e129a27d85c9b0021e3bf3e110ac93cdf6c6393d121a0f7d4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 abb99d5688b6a325e4c9aa6ebe8cbc73
SHA1 6ed9f029086db81dbd0813896edfb17be61e281d
SHA256 68c83b6ab1181897382f670853591b1bf02fc9572d78c8a641ede8c79f4f5d5a
SHA512 f0a9a9c41a5b574a946995971037a806d28477a4ca1697ccfb68922be7f3f6d15d9c6a49625ad69a576f930b1ad92f83d73a1b712bca0304b1ce9a21e0f3e1bb

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\zbShieldUtils.dll

MD5 3037e3d5409fb6a697f12addb01ba99b
SHA1 5d80d1c9811bdf8a6ce8751061e21f4af532f036
SHA256 a860bd74595430802f4e2e7ad8fd1d31d3da3b0c9faf17ad4641035181a5ce9e
SHA512 80a78a5d18afc83ba96264638820d9eed3dae9c7fc596312ac56f7e0ba97976647f27bd86ea586524b16176280bd26daed64a3d126c3454a191b0adc2bc4e35d

memory/3684-445-0x0000000004410000-0x0000000004550000-memory.dmp

memory/2848-449-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 88ecc8c09c0a1699fe8fe40dd194e4fe
SHA1 dd92e5425fc2e27f832aa660168e34ae06d8b0d6
SHA256 6ef6d51078ec87aae4f862238a3475b5d105da18029756da8c2e076045475c11
SHA512 aed635193289a432c4dc8032dcb27026d46624b7691f8dccbd017efae38f7838803871fd1ede4ea80bec12bada7d9517244b8e1bf321445e570d2cbe41984f3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 23acdd8afc1d169989196135822a8d1c
SHA1 a5ef04fcf6327b74f0bc356047e2750d51f36b69
SHA256 e6f8274d069e103eab9d55122ff594a1ea777a948336942f9ca9c3b1ac3dd502
SHA512 d376ce408246aee4d1c79dab057149448e29a43aa4b3854d05129b3d1e29a2c6c1fa536f3919e3a8a8b40fd19713bad9585e87168db532a58fc847a9d0e089cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f633f4cfbc5c9d7379229e2fe48d06d
SHA1 135b7719f65b557ff9f0f859093c28b7fda0c807
SHA256 04d6dd023f4381c0e42e17a04f6feceac5bc432ad9f17fd78aaa17abd1b49967
SHA512 1296d595bcda11809c40a0322447b8c0a111ac8638a41d26a52471e1578596d2cf50442a57d796f1c62fa12a87356e6a9c449000c564c5f2d89879a86f90ff82

memory/3684-577-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\logo.png

MD5 9cc8a637a7de5c9c101a3047c7fbbb33
SHA1 5e7b92e7ed3ca15d31a48ebe0297539368fff15c
SHA256 8c5c80bbc6b0fdb367eab1253517d8b156c85545a2d37d1ee4b78f3041d9b5db
SHA512 cf60556817dba2d7a39b72018f619b0dbea36fb227526943046b67d1ae501a96c838d6d5e3da64618592ac1e2fa14d4440baa91618aa66256f99ea2100a427b4

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\RAV_Cross.png

MD5 cd09f361286d1ad2622ba8a57b7613bd
SHA1 4cd3e5d4063b3517a950b9d030841f51f3c5f1b1
SHA256 b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8
SHA512 f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff

memory/3684-582-0x0000000004410000-0x0000000004550000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\WebAdvisor.png

MD5 4cfff8dc30d353cd3d215fd3a5dbac24
SHA1 0f4f73f0dddc75f3506e026ef53c45c6fafbc87e
SHA256 0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856
SHA512 9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

memory/3684-586-0x0000000004410000-0x0000000004550000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\AVG_BRW.png

MD5 0b4fa89d69051df475b75ca654752ef6
SHA1 81bf857a2af9e3c3e4632cbb88cd71e40a831a73
SHA256 60a9085cea2e072d4b65748cc71f616d3137c1f0b7eed4f77e1b6c9e3aa78b7e
SHA512 8106a4974f3453a1e894fec8939038a9692fd87096f716e5aa5895aa14ee1c187a9a9760c0d4aec7c1e0cc7614b4a2dbf9b6c297cc0f7a38ba47837bede3b296

memory/3684-590-0x0000000004410000-0x0000000004550000-memory.dmp

memory/3684-592-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod0.exe

MD5 69a5173c9fc221145dcdddb9bb564c42
SHA1 7c42cfeeb556f2e4484091c01267157827105fb8
SHA256 049b7e30d91b5552279103252063df6e206da791ba5bd6e7a6c7fd7bd7d73853
SHA512 92f774b4831679b5c9975d13530540ccb6e499fd5823641e5e78c970d0438f1900cb8afc6344262d8d6d0bfc4bc2f434eafe568c94ef8f3b567d93519d29b954

memory/4916-611-0x000001F372F40000-0x000001F372F48000-memory.dmp

memory/4916-612-0x000001F3759C0000-0x000001F375EE8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1.zip

MD5 f68008b70822bd28c82d13a289deb418
SHA1 06abbe109ba6dfd4153d76cd65bfffae129c41d8
SHA256 cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589
SHA512 fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\CheatEngine75.exe

MD5 e0f666fe4ff537fb8587ccd215e41e5f
SHA1 d283f9b56c1e36b70a74772f7ca927708d1be76f
SHA256 f88b0e5a32a395ab9996452d461820679e55c19952effe991dee8fedea1968af
SHA512 7f6cabd79ca7cdacc20be8f3324ba1fdaaff57cb9933693253e595bfc5af2cb7510aa00522a466666993da26ddc7df4096850a310d7cff44b2807de4e1179d1a

memory/1204-649-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fsukrvlz.exe

MD5 8e1d5a5d9795992f7ac33fa688aee6a5
SHA1 1830df281bdc1c20dfe85d84347abfa3df9a3794
SHA256 e6198e199ed3f41560eea8b27f2259bd6cc6dc362ab15e2394a68139524e48e3
SHA512 9a9a923da358dcd67087a1b85ca1ab584be5a66971cb72bf575f6718461dbb1f704be4d3d7fe08111cc9523130fc441e67307ba37420d440dc9826d2853df1bc

C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp

MD5 9aa2acd4c96f8ba03bb6c3ea806d806f
SHA1 9752f38cc51314bfd6d9acb9fb773e90f8ea0e15
SHA256 1b81562fdaeaa1bc22cbaa15c92bab90a12080519916cfa30c843796021153bb
SHA512 b0a00082c1e37efbfc2058887db60dabf6e9606713045f53db450f16ebae0296abfd73a025ffa6a8f2dcb730c69dd407f7889037182ce46c68367f54f4b1dc8d

C:\Users\Admin\AppData\Local\Temp\is-SOKV5.tmp\_isetup\_setup64.tmp

MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
SHA512 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe

MD5 493d5868e37861c6492f3ac509bed205
SHA1 1050a57cf1d2a375e78cc8da517439b57a408f09
SHA256 dc5bc92e51f06e9c66e3933d98dc8f8d217bc74b71f93d900e4d42b1fb5cc64f
SHA512 e7e37075a1c389e0cad24ce2c899e89c4970e52b3f465d372a7bc171587ed1ee7d4f0a6ba44ab40b18fdf0689f4e29dfdbccbabb07e0f004ef2f894cb20d995d

memory/5584-792-0x000001BC075F0000-0x000001BC07636000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS054904E8\rsStubLib.dll

MD5 3bcbeaab001f5d111d1db20039238753
SHA1 4a9c0048bbbf04aa9fe3dfb9ce3b959da5d960f8
SHA256 897131dd2f9d1e08d66ae407fe25618c8affb99b6da54378521bf4403421b01a
SHA512 de6cde3ad47e6f3982e089700f6184e147a61926f33ead4e2ff5b00926cfc55eb28be6f63eea53f7d15f555fd820453dd3211f0ba766cb3e939c14bb5e0cfc4c

memory/5584-790-0x000001BC07070000-0x000001BC0717C000-memory.dmp

C:\Program Files\Cheat Engine 7.5\windowsrepair.exe

MD5 9a4d1b5154194ea0c42efebeb73f318f
SHA1 220f8af8b91d3c7b64140cbb5d9337d7ed277edb
SHA256 2f3214f799b0f0a2f3955dbdc64c7e7c0e216f1a09d2c1ad5d0a99921782e363
SHA512 6eef3254fc24079751fc8c38dda9a8e44840e5a4df1ff5adf076e4be87127075a7fea59ba7ef9b901aaf10eb64f881fc8fb306c2625140169665dd3991e5c25b

C:\Program Files\Cheat Engine 7.5\is-PT1EK.tmp

MD5 5be6a65f186cf219fa25bdd261616300
SHA1 b5d5ae2477653abd03b56d1c536c9a2a5c5f7487
SHA256 274e91a91a7a520f76c8e854dc42f96484af2d69277312d861071bde5a91991c
SHA512 69634d85f66127999ea4914a93b3b7c90bc8c8fab1b458cfa6f21ab0216d1dacc50976354f7f010bb31c5873cc2d2c30b4a715397fb0e9e01a5233c2521e7716

C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

MD5 f921416197c2ae407d53ba5712c3930a
SHA1 6a7daa7372e93c48758b9752c8a5a673b525632b
SHA256 e31b233ddf070798cc0381cc6285f6f79ea0c17b99737f7547618dcfd36cdc0e
SHA512 0139efb76c2107d0497be9910836d7c19329e4399aa8d46bbe17ae63d56ab73004c51b650ce38d79681c22c2d1b77078a7d7185431882baf3e7bef473ac95dce

memory/5584-794-0x000001BC08F20000-0x000001BC08F50000-memory.dmp

memory/5584-800-0x000001BC218C0000-0x000001BC21972000-memory.dmp

memory/5584-801-0x000001BC08F80000-0x000001BC08FA2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS054904E8\Newtonsoft.Json.dll

MD5 4f0f111120d0d8d4431974f70a1fdfe1
SHA1 b81833ac06afc6b76fb73c0857882f5f6d2a4326
SHA256 d043e6cde1f4d8396978cee2d41658b307be0ca4698c92333814505aa0ccab9a
SHA512 e123d2f9f707eb31741ef8615235e714a20c6d754a13a97d0414c46961c3676025633eb1f65881b2d6d808ec06a70459c860411d6dd300231847b01ed0ce9750

C:\Users\Admin\AppData\Local\Temp\7zS054904E8\rsLogger.dll

MD5 1cfc3fc56fe40842094c7506b165573a
SHA1 023b3b389fdfa7a9557623b2742f0f40e4784a5c
SHA256 187da6a5ab64c9b814ab8e1775554688ad3842c3f52f5f318291b9a37d846aa2
SHA512 6bd1ceaf12950d047a87fd2d9c1884c7ac6e45bd94f11be8df8144ddd3f71db096469d1c775cf1cb8bc7926f922e5a6676b759707053e2332aa66f86c951fbc0

memory/5584-805-0x000001BC08FB0000-0x000001BC08FDE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS054904E8\rsAtom.dll

MD5 dc15f01282dc0c87b1525f8792eaf34e
SHA1 ad4fdf68a8cffedde6e81954473dcd4293553a94
SHA256 cc036bcf74911fe5afb8e9fcc0d52b3f08b4961bcda4e50851eda4159b1c9998
SHA512 54ee7b7a638d0defcff3a80f0c87705647b722d3d177bc11e80bfe6062a41f138ef99fc8e4c42337b61c0407469ef684b704f710b8ead92b83a14f609f0bc078

memory/5584-812-0x000001BC21C30000-0x000001BC21C88000-memory.dmp

C:\Program Files\ReasonLabs\EPP\Uninstall.exe

MD5 79638251b5204aa3929b8d379fa296bb
SHA1 9348e842ba18570d919f62fe0ed595ee7df3a975
SHA256 5bedfd5630ddcd6ab6cc6b2a4904224a3cb4f4d4ff0a59985e34eea5cd8cf79d
SHA512 ab234d5815b48555ddebc772fae5fa78a64a50053bdf08cc3db21c5f7d0e3154e0726dacfc3ea793a28765aea50c7a73011f880363cbc8d39a1c62e5ed20c5a9

C:\Users\Admin\AppData\Local\Temp\7zS054904E8\Microsoft.Win32.TaskScheduler.dll

MD5 e6a31390a180646d510dbba52c5023e6
SHA1 2ac7bac9afda5de2194ca71ee4850c81d1dabeca
SHA256 cccc64ba9bbe3897c32f586b898f60ad0495b03a16ee3246478ee35e7f1063ec
SHA512 9fd39169769b70a6befc6056d34740629fcf680c9ba2b7d52090735703d9599455c033394f233178ba352199015a384989acf1a48e6a5b765b4b33c5f2971d42

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

MD5 f2738d0a3df39a5590c243025d9ecbda
SHA1 2c466f5307909fcb3e62106d99824898c33c7089
SHA256 6d61ac8384128e2cf3dcd451a33abafab4a77ed1dd3b5a313a8a3aaec2b86d21
SHA512 4b5ed5d80d224f9af1599e78b30c943827c947c3dc7ee18d07fe29b22c4e4ecdc87066392a03023a684c4f03adc8951bb5b6fb47de02fb7db380f13e48a7d872

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\installer.exe

MD5 46c50dc50d9be92829b9d6fd4678c11d
SHA1 3c0b0493b9e6269a1a00c48720c7fd97c04ddd4f
SHA256 d9c15d4a7e2b1a320154a5c61af012242e3408a5c5519cbb4e93a7843692cf50
SHA512 340fdbc7618e86ef4178142aa9012ab9317869b85ac148fcd31c0c2fff007114eaccbf60ee829be99890d36b7d5e1a78c4617e40a538735a8b01002d4d5e41e9

memory/3684-841-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll

MD5 6e00495955d4efaac2e1602eb47033ee
SHA1 95c2998d35adcf2814ec7c056bfbe0a0eb6a100c
SHA256 5e24a5fe17ec001cab7118328a4bff0f2577bd057206c6c886c3b7fb98e0d6d9
SHA512 2004d1def322b6dd7b129fe4fa7bbe5d42ab280b2e9e81de806f54313a7ed7231f71b62b6138ac767288fee796092f3397e5390e858e06e55a69b0d00f18b866

memory/1396-1396-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1395-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1397-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1394-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1415-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1525-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1528-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png

MD5 5cff22e5655d267b559261c37a423871
SHA1 b60ae22dfd7843dd1522663a3f46b3e505744b0f
SHA256 a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9
SHA512 e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50

memory/1396-1565-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1566-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1583-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1584-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1589-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1596-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1595-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1602-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1204-1603-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/4052-1601-0x0000000000400000-0x000000000071B000-memory.dmp

memory/1396-1610-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1609-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1608-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1607-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1606-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1605-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1604-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1680-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp

memory/1396-1693-0x00007FF71ABF0000-0x00007FF71AC00000-memory.dmp

memory/1396-1720-0x00007FF71ABF0000-0x00007FF71AC00000-memory.dmp

memory/1396-1719-0x00007FF71ABF0000-0x00007FF71AC00000-memory.dmp

memory/1396-1716-0x00007FF71ABF0000-0x00007FF71AC00000-memory.dmp

memory/1396-1714-0x00007FF71ABF0000-0x00007FF71AC00000-memory.dmp

memory/1396-1688-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp

memory/1396-1686-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp

memory/1396-1684-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp

memory/1396-1682-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp

memory/1396-1670-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp

memory/1396-1668-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp

memory/1396-1666-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp

memory/1396-1662-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp

memory/1396-1658-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp

memory/1396-1638-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp

memory/1396-1632-0x00007FF7775D0000-0x00007FF7775E0000-memory.dmp

memory/1396-1629-0x00007FF732C70000-0x00007FF732C80000-memory.dmp

memory/1396-1624-0x00007FF7214D0000-0x00007FF7214E0000-memory.dmp

memory/1396-1616-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1615-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1613-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1611-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1617-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1614-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

memory/1396-1612-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 5d6784c045eca499d6cffeb2c7e6630d
SHA1 b6159a3469073d1353202ff42729dacdf5510783
SHA256 4d6759b2b170583a454cb7e8c348a648d44ed3353b3bde547801012abf8cae7d
SHA512 addbadb34fdde4cef81891b1cd91c7a1cd290cf9ca29fb2f4e9d7f4874e2708b1689a9e82b8b7464fe78ce152b4c78a4143c49b8773f6e3142583ee8675fd236

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 c6b01c0fd4699b7623116d08ce06d6c9
SHA1 455bb00e3359f3ee70bd9892b7f88e9aef61c44c
SHA256 278f8c38931d6c213b7b5031347cd91bbe9cf9bd62cbaddbc878b2d27cd8f1b9
SHA512 f4e973fb5c78654b49a787129f5488ce1ffd7e40d9d9e18aacaa843fae98841308fe63179a17c8f1cd9c7bbd44581218f23fbb984527e73a8af7184f0267b283

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 b368cc8307f3376863cdb454c14d1092
SHA1 e820f9166e175ba62a1b893bca77f311811dadea
SHA256 5eb69bcc2df89c87a55248df89c03167b95f2756f39c3db56a7f74245c9146fd
SHA512 78f341fb8ceb3c1868b9eb3cbeefb0c634dc755f32367080177843df7e1b24add3cd2a088d99245a9726de1c0e635b6e4ba45ab6696bf5e7d43c353c28f7efc6

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 bd38ea5ccd891a08af20f1a1305deebb
SHA1 6237639c4b35f85fa7fda83babbf6530153a83ed
SHA256 3e902920a51e303c9e269366643542154b1d90d7b408f86251701a5b90304533
SHA512 fecc9c8984828918fcd6a6431d7695a8dfad854ba32cb49a546537cf96fb5b67912b870fae343c0487a9e7016806717d0be3cb40bd92db34c3e17e0bd98eb42a

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 dea3449e3c81adc00c00ae8272dd433d
SHA1 ff6c2665a235715dfdeb06fcff24046e7888fbf2
SHA256 26abc858426a03814250044cf46f97bd3fadfadbd01a6310b13b6f2e3bb4a025
SHA512 5211ced69b7cfb0010307d3225780307fa29a8be8f8657391d38107428f9ae1eeb98c0e07991fe45b4ab4310f05ffc4eac9ca5644c2cfdc8c16acc5afb111ef9

C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\finish.png

MD5 b24e872bd8f92295273197602aac8352
SHA1 2a9b0ebe62e21e9993aa5bfaaade14d2dda3b291
SHA256 41031efc4f7e322dc5ffacc94b9296fb28b9b922b1ce3b3da13bf659a5fd2985
SHA512 f08ac681abc4e0f6d7a1d1f2303169004e67c880f9353c0ed11dfab3eb511ddf841fa056f4090da8201c822c66ae55419c48cd87f11b9866feb46a3fe2c2af99

C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

MD5 0e0649fdb5e165ff2916476e5c612434
SHA1 eaccd3e538a15ebea97f0b85bda0da3cda78134f
SHA256 130a5f3338de1b1698692ff1b7eceaf32cddb8fbb3167490aed1976a0cd00da9
SHA512 2ce8202eae6f311d6bb96f888e774fbba1287da12da89c81fe2232de8f78b516efdce89c94d4c7c505f9ba2fe6d870e0b4e893d72dcf646c1d2f7cb6f9cb6dfa

C:\Program Files\ReasonLabs\EPP\mc.dll

MD5 e3facfc07a9f81cf70f27f11d23cbdab
SHA1 55d810be7107d1ef29e8379ad30ba71f4e4fbbf2
SHA256 23accd7a0b75bb93238933d112dfa5b14bd989c773baed0ebacbdc0a9e439880
SHA512 26dbc8b35c33b4b6e3621dbea2afabbb10dd9b0eb581bc36c36c22130fb93846cca4540de060e85663de1d2a2522e8cb59f40a66608b6e43912a83640e78ef2d

C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

MD5 6acadb26f4417f07421ccc426a6bff7a
SHA1 ab5a7385bfec5e68ef2973af88c63c8dccb3e3b4
SHA256 aefd24908b4ed4296d9223edd6d10c3493ec0dd0bdc547c2b185013951f07df5
SHA512 b52a4e74f6c3c03a814ca43aa76ff42f73498ea2dca81ce18e2e389e666eb22ea76226cf9b421fdb6e35349dab2e77e66216d33d9eb558582789aee10244b11d

C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

MD5 ac1e94a075241967e440f1d84254666c
SHA1 20558c191c29e27610de4251731dc46023621ecd
SHA256 29fc893dea171964426e3e38d093c063134b8d789b16d3a7917f574afa4a1e63
SHA512 b500c30afb9ea7d640bb99b50410d037082ac882bd97ca7c165bea1bc1ef0fee5fe4b1ffccc612e979ceb89ca797dae80d534be19928b48e33612d87290343f7

memory/5584-3796-0x000001BC21DE0000-0x000001BC21E30000-memory.dmp

memory/5584-3831-0x000001BC21BD0000-0x000001BC21C26000-memory.dmp

memory/5584-5457-0x000001BC223C0000-0x000001BC223FA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS054904E8\46b9a630-c760-44b7-8dcd-c2514d98026e\UnifiedStub-installer.exe\assembly\tmp\QX7IXUA1\rsJSON.DLL

MD5 771b9423950ae27111db7af2655bdb79
SHA1 d08c5ad3bed49e90050da4128844ed06ef2a1c2d
SHA256 b08d3d0156d2dbf9e4b631beb3ae436ce4876e851586f7908066ac034acd4809
SHA512 87dd0a37688577d9b19ad1df3e5518e4e299f31974837226f9ff68ad33f383b37460e82fc29f02cdeac2b530cf9f0d627f430b4f74a728d843ac338e36a50c9c

C:\Users\Admin\AppData\Local\Temp\7zS054904E8\46b9a630-c760-44b7-8dcd-c2514d98026e\UnifiedStub-installer.exe\assembly\dl3\440d195b\a64ab7c0_8617db01\rsLogger.DLL

MD5 d03339e6db680fdb24d0d3e3eb29dbf0
SHA1 2cebaff56c106d2c773d68c5d5c837341d49e4d9
SHA256 8e21ac4959d70477812f256d608e70de05b6e5d23f327e4d5565a5fc124cca86
SHA512 f3161c14d98729004abf9c2351e8684fda0272cbd2d0d5c157bc27a78ddfc62d517dc20cba9d8007915508e3da50ebede0392274d1f0b3bc499cd77c23b6bdb2

memory/5584-5468-0x000001BC223C0000-0x000001BC223F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS054904E8\46b9a630-c760-44b7-8dcd-c2514d98026e\UnifiedStub-installer.exe\assembly\tmp\ML8GX8IK\rsAtom.DLL

MD5 3e3fb87e2695d5127722bfa80a5df42d
SHA1 e1c20f3d6b1c7a75c076a9d53500ac38a6f2db14
SHA256 4d22dfc2b75b436e674c324ac43c2b5f0abb5d609cb7e3e9079290d2a7ba5698
SHA512 64abb4514f26ee148434813403c590063aad8476a64278993c37a50a4cd315e4e7231b4bdbfcfce9de720e90c8a82934def8cf3c5a7d63ebfa30a710f1886ced

memory/5584-5480-0x000001BC223B0000-0x000001BC223DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS054904E8\46b9a630-c760-44b7-8dcd-c2514d98026e\UnifiedStub-installer.exe\assembly\dl3\3e7e4cd4\a64ab7c0_8617db01\rsServiceController.DLL

MD5 02ff517bf81ecfd5363b5f8df13c4fdd
SHA1 85dc5ffd23c55f0120ddb2c784937e6cb6ad9bba
SHA256 dccca51255284c09675dec517fc1c1ef175415c5e8d9d5695f7644a48d1b7078
SHA512 4d7be2c73e655bad920387c13f347d499d875ee1482c7e335bc080e4e28894867e904dd7463de4c5d22d5a912605b3d6b022b3f56e427682a622d5cf73ad8055

memory/5584-5493-0x000001BC22510000-0x000001BC22540000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngine.config

MD5 737aa4841b3f633906c9be89005c022f
SHA1 50cc14e87cbb7d94c842aa7195f0796125264045
SHA256 45b5a91bbf0ac67960e182ae413b1116e88f14f7004c5dfeadeb383ed0cf399f
SHA512 a020204f96acf9954e60903ba474691607cc5262a0306c62b37c18de829999af447e41c76966b8cc518f0f1805c495122b6a38dc577e54e001912c9f12ace9cf

C:\Program Files\ReasonLabs\EPP\x64\elam\rsElam.sys

MD5 8129c96d6ebdaebbe771ee034555bf8f
SHA1 9b41fb541a273086d3eef0ba4149f88022efbaff
SHA256 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51
SHA512 ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

memory/1124-5519-0x000001988A6C0000-0x000001988A6EE000-memory.dmp

memory/1124-5520-0x000001988A6C0000-0x000001988A6EE000-memory.dmp

memory/1124-5533-0x000001988C320000-0x000001988C332000-memory.dmp

memory/1124-5534-0x00000198A4B90000-0x00000198A4BCC000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 43fbbd79c6a85b1dfb782c199ff1f0e7
SHA1 cad46a3de56cd064e32b79c07ced5abec6bc1543
SHA256 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0
SHA512 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

memory/2600-5554-0x0000013CDC580000-0x0000013CDC8E6000-memory.dmp

memory/2600-5555-0x0000013CDC8F0000-0x0000013CDCA6C000-memory.dmp

memory/2600-5556-0x0000013CC3950000-0x0000013CC396A000-memory.dmp

memory/2600-5557-0x0000013CC39A0000-0x0000013CC39C2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{D1C620AD-3B08-4C3A-A1FC-51EA897E7B3A}\MEMORY.TMP

MD5 6dbff9c355336a49a1ad44c4d95faf2f
SHA1 6ab45b43c1831bbbbfe8d7ffe7cf828b9407420a
SHA256 56558c233a73517adbf027bb6106e75179bb890be2627ec58cb49e7e8d11654c
SHA512 5be8091106c5274d5aeee33c81f395ef267eb996b62fb00cf4a885dbb101435fc11765e91b5bf30e2d2043572b227de7fa132df306b0818cde8f69318850d1bb

C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{D1C620AD-3B08-4C3A-A1FC-51EA897E7B3A}\ADDRESSES.TMP

MD5 7f3460d0ecc2be50cac3fe5c2f0d22f0
SHA1 02246b8e8cae166741727db8ca8ffd2561556377
SHA256 3ba62148cd12d51c03fb921119bab3bb4956f8b81a8c531a8c098b2e4ae9a44e
SHA512 543c399e54f6b63973f64c225917447e81256e98c03dca1725062655bb957387fed5b0bb5e16c9bba02d3cf079640064e947787e990a69d8df334ec366174d8c

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 af0116d0aab03aaf85685ef6830c835e
SHA1 d314d172efbfafd31ad5798ef842f74f22f1fcbf
SHA256 d1172396f04ec812bd0b72c0d56cae8d2b6de14313a75c99a08062963135edf8
SHA512 441ba4e8130a6cdf7414962af314d791c56cf3db1070da1fb12124911c87bc2fc1fb6d670a2973df9097ac1e1dd8682bda955ff99089213f092ce74e163a27a7

C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{9BF5E6C6-5A4E-4C83-ABC0-8165441CBB07}\ADDRESSES.TMP

MD5 962a0fd002bb785cb08d79b02fb4b68a
SHA1 b299c4f98d928a3112e78339c79a512e019cc9bb
SHA256 58dfffeaa8d299ad49cb513a6f3e6be0b0801b0b96265149f278d42fc4e1b061
SHA512 544c413691251b16a497f2f12dfcc44f02c44485fd2b2da5cdc66898b49783559b347299d5c0ead50e0f428a182ee77bc3fb99381bc14d452a32d772e5c5d8dc

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 22676cd66012c55b421de565a86f41cb
SHA1 6049d10db196641a10b0272d6be1708b42950f7d
SHA256 0efa032f62d733c73a189a169be439f3f21bbdc0251e9efd9b38284c23353b09
SHA512 677c7d3541822af5384a5bac1fac4d8f02d1adc4a8a012cc2f36ae2c36677da1763ad7c9c72d855ee5c7ce47f9f296d5bd7fadfcd19b34157de59576761e5ef0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 35d6fd135bf292abd626dde5c02929bf
SHA1 1a85e6ddf3bdd53c84c281e8a6f7cc06f4b3a67c
SHA256 abbaa52ecb8ed6d884aa05311b43a62a23f6af84b37af11970b2086ab7743d59
SHA512 1b3c4b59e5e9a045090e950544ba0de0b0688e5e787ef54bbf68e684bb6e64c45402fb28037fafab5891c0811f9c5636d9edf68b4b42da590c27b2f55c5c4914

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9960eeab5d33b8deee0782bef8bcba01
SHA1 594256aa0002633a9ddb72cc6c39ee758bf7bf8c
SHA256 99cad4bb297f0890508d92b61c08b986968b66bdc812800b5c8ebcf7b27fb261
SHA512 a806070e34c80ccfa8ed33eb3dfdf5bb77843f0e22d0b0dc1847bc960deeea9fa69610e0bcc1d75fe2337fcd98f83cdad4781dfc2b128615bc3e3d17f1acf42b

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 c9944c811ce1ca5cdd204d5cbd39c44a
SHA1 220285a408f7ce0975f1dfb34a3af24b981065c5
SHA256 233027306e011febc21b8a6d60b8152df717e7dfcc91e33c4a4ae13587912447
SHA512 7eb5cdb7ace4f8fb43e957f4e97145d1d0d3c2546c2d97a3457eebaea746c7da021417cf336688c77b8da71e495266cd51097a78faed62a4604f43cab7c2707b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fbdf4603542090187411facf8f85c776
SHA1 2583b9ef1a52ccf34f0ed9a9a6f521f8fe9b838c
SHA256 80229816d6e83110503fd46eefd8bd85506189155277eba967917ce1801e9a06
SHA512 9eccbdc9aaae97a9653ede54c981b8d08a57a188ea206731f41c26d1c6c8a58706a637f0f1af1e2163fe517ea15cc3d55489b2f20978e82ae44bd0f12e618129

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 99559cd2dc88b0062712073dcf8e5862
SHA1 6f0df2684462d23b2cfc17dac368d68699e649e5
SHA256 b297ed61b2de20ddd4005d8566ea9fa6d332d7f7514c6a85b0fc7578be321cba
SHA512 e42d46c20836d0799ab2633830ae251b65c805bcbdcbb6e11f272b95f1a3754de92da446b97580f90269a95b33817d98d19af21a1930f939c5c6e782239ab1a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 51a0c4bdadd321b08a61ba7e4e08decb
SHA1 19883c937c42c5284bbdbdb832185260a6ba52e6
SHA256 2477a12e031ee07246d532f45f615419b0fbc07c2218dba782c0f867d2895348
SHA512 2d469e7f892c946fdab4b2be8966caf16f04bd8abf428e1506f9ca747fd87c6736245d79437cf9da8cf1dafb6c8aa9e0484e539d97eb21cc76603c7aa3cbd6f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

MD5 a5cc79fbd666432c461daec09604f082
SHA1 9a3df93d85aca657c5c8b60f9b4063128319647e
SHA256 9a7f91177674363a59d898f41192d993f0dab2ce2c93a180b6d1042ea4b9e279
SHA512 f93ebbb16738cae18477a0bd833098abee3a77880b8623ae2a462ee8e209487045121700e013dd0da1c7c3f5c9f24a56f02a5cba837df4ac1f33c9f6e3522c62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e9ab20b4ec0d85e81183836a1290017b
SHA1 95897ac8c29afd21a09ba73daccc3bfc0b9841f2
SHA256 a4a8d0af8b0b5d0a51624d9a605eeda57a008914b21a0c51f0969abc12eaaceb
SHA512 faa82e300928caf8e1cc96c42433ab8fb724f7865d86aabf7f7ce2d926882273b29eb8e97a638cc82f0cace7919b919f82b56d0db6f3c7e175e45af5fe83771b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37720822678beff49d1afad555447015
SHA1 3f85c75e78b1542ff049b54de67fd0a78307d328
SHA256 085fbf944d55e6590a48e7d132aab99d7aaa2b22fff38160873116e4ea182bdf
SHA512 48c6e4421421f50b6283c4b782ab09c40d6d85b8e10fe46bb5058cdfb53138ab780bea87dcc8459e07883a808263ff052ed40dc5b1cc9444159780658467df38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

MD5 74d08f3e49a4210f66236f4e84564a65
SHA1 fc5232cdcc3689d1f26ddf1fd9a0d567b8cd4bea
SHA256 f224b59ba25e458e2dfabb559d1e338019bb0f82139768561b03e42d7ebce7e9
SHA512 ac233a8d6a6b0a2894c89b33b7c159acb1084a06d1c8956a337e1c235c74f635b42cf95bbe723b2359b3b8fb09980dbe17f11e46f777749883af78cf5885f175

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a7a3c313c28583bc769d667bdf560a5e
SHA1 a542f72c1abc35e1b0853b02cf74c6d348d91e76
SHA256 962cecb4bd779c43b72187be22fcbed5e72a3141b1ec6395680c2ba7d5455e39
SHA512 e7f4ed47ad2eecb0567a9b584a8f213088985a9c4994049199d9439ff1c5762a338aff2dabbe2c8369553dc16d3aca22ad38c0125a496b1b7d3c2b3f79225329

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5f4f2ca713b5783c5e67bd75f6d30268
SHA1 89111d3d73e5ae3b431ff471a0caec289439a69f
SHA256 9ff3f588831f57a2c8b005d95459d839436e02b6265bb5ba021c67ef34afa408
SHA512 d3ea703c4c69badc2100724216010633775c2f42d401bdab03500a599c8b39a7bb0776b8193820d48ba545f91bf67a7746d5232ad248b0cadab65176db57d34b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 177c96ea1e9a1d36fce8309a9eda681e
SHA1 0d61a368d24365ac6c79ff7e45e276f48c2d312f
SHA256 6073a6bbdc0affe0a0a4b483b52237ff14f4b66d2221a805aae098c90b153f8b
SHA512 63986c5d777137aa186dc86201ed806f71c807934b22425e5685df0552128d16dae796cc66db4cf8ef51f9efb46bb533e818b1aded1205a6a5520a2568a56e2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 67e30bbc30fa4e58ef6c33781b4e835c
SHA1 18125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA256 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 05f9404d8763e35ec2b3716730cc921f
SHA1 c072b6029d6e442cad08967dd40d464170585f5c
SHA256 ede9ac3d32037e0c7809d668053c1edaa6759ab28c528c934d4a1ab02aff43fd
SHA512 d804dadea4f0ee34a69a4cb5772048a8925eab2bc9aa60a10fc4cd91d999f179d7ef3c5745c2f8225565e7e4ec9a9b4bca50af1ba9645a3303128a19dca9e703

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 6a424d6cf7561629977ab52326a1c819
SHA1 6f934c83b285893d61b1be131ef36a0637b7c4f9
SHA256 9e5a2852a7abc48408728d072d5d15850acc1d11bebffc04290ad8e5d1b8df0c
SHA512 2f78a9777fe94e07041936580a1e931b7941f60cce529d8f8701d6cd211d21ebd428022a98efd6cf6ae53b4d733576f553459e2acba9dc398b15a0f8304e9238

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 180cfeebd86e60f03127ee292442b9e8
SHA1 aa48ca6d9770e408d2e9620b8b40d32e81f0c1f4
SHA256 5f2f926387bbf0c0a69a802d9f22fdab85acd71da4e0a1f814ce0006156caa49
SHA512 e300ab2e490440906dcd03896ad26d9f8941ed67a559cf20053a2656285e050db37fd30e5e2cf41e7f7f59dff79239fea4caa12daaee61343b5a3efc327609aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 68fb9067790544131431fc833fd1b674
SHA1 00058572acfc343bc79fea35cc4271a01a84ff8d
SHA256 817770c138d63bbd7d275a71ecc9a70d485dabc55be2ec0e2f4c75ec1f728cdf
SHA512 0fceca53b5421ad2fd03f0583481c008c03bcefb04f79bdbcad8b7e3d77c0d75212c9dfb47abe509dcb80fa6e87e73fa238440eda484f59c9bbbcfbeaeaf4393

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 73f72b717d3dc915dcf50ee7e009528e
SHA1 7c4171794937f400f0f41d79f47074260bab8f5d
SHA256 6a78e01f12b16bd99991948a502fa4cec1ed9c96800dacf355e30d50166391ce
SHA512 5d5101ce5ea55b213ea99830883ff52dc1108fe8ec65ec542c8c504d489b546248750645be67a3cb352a807b4d9be27e86c2925f8964d4e7d364431741092b87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 7651b1187bb58ac4c7be625337b35e5b
SHA1 307d969ef4137a66fe2793737dc1c546587c7f43
SHA256 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968
SHA512 a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 6098c1ca9372b4b5535f5f2aeb9f8eed
SHA1 70aeb0d28b2ba3dbb72e4fed9db5bc29054bb9e4
SHA256 bd4261cf922cb1b852eae52bab810252f25bd5ff8b8d8c9f36f7a00061c64f89
SHA512 b9868badbec8772edc228f9d6bed1fbb94c95f040007b6e4eea53f81bc8b460b73177eddc638eb7e2524695bb457ad946266b3d3d74558091a4ccb0c23513677

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 61686c493bd8b68c757df17f31ad975a
SHA1 249a2df6c3b6ee7f0df2a5b745580a35890dec19
SHA256 f1f0f8669d5320661d91b11c60f5e5714cbc1860942a3c6cec7d99c97cf99c32
SHA512 de71ece068ed211614ef1555a2f5ddbc435bc4cf0b4b72fb48ba8c2a247e0c98b5d105a79e0c715b01abea81bf4b281f4c7f6801dedfb6bfc5112ed3b6da95e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 d9f7c90a8b039d74d3d7b4b2a24168ce
SHA1 aa1fab3984c5bbc8517d2f5bae07518fc7e15d7d
SHA256 abfbeee65626fdee6468f3f36cfae230799991d265322b6bcd4b4929e2cc3ba9
SHA512 0f8077faf834c46d262f6f48ac9fc971d0bcd11cecb2f4e46ab68c1b59c8c6ae18b397a82a04a1ce858d63e055a40cbc4ef6e1bc4bd424a1a17f63867796003a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 99e35b3b58efd89d0322af8bbcb87178
SHA1 dc72968c535925c4cc809c40cb96acaeca460dad
SHA256 5e0ad4e28e5d5123002dd3bc76a20528aeb619f5d0cfbe6c59e0212a09b53187
SHA512 e8ff05054a7a0b3271ed342ae98ba505bde3a140a6131c757641f73281b85cf50f617744511ba7e4c90518bcb83e44f00963109b705a038c68603627c0e925a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 8009157da4b9f32f071a1ec1e13b0230
SHA1 dfd14bfb8f3d04cd8c74ff127621c2c8b14b42b3
SHA256 7fa598b82b270df57d53b3169f990c1f9f4a9d5d6b89918fa0620333c283dae7
SHA512 f7a0c16209b79d82e327ba3df7ea5888a23f7a4ad99a1ce13702be2ca634215505dce66d469e6e13bb49fe3b75eca8d0aef5a915116a2f5f20e88d5d8602eaf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 e1fd846710aa5e77add9800906d17ed0
SHA1 2d778c0601d18e7fd3930cbb4b0068b6eb3a05ec
SHA256 00b8d8ad266c164444fb240a4b07d4316020c74c087e95d37547b54ea1051772
SHA512 a00333708ea6f9efe940e8e5ee6ecb9b74063279238beb9cebf4847023a3f94cce34aa497f8a9ed99570a5407eca3adc9f469afd3553c71e6e8a05be83026341

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 5b9c8980823dac139da68f41e2947303
SHA1 2d950568a2e5bca5dd7fed1a5944394dae8e99f1
SHA256 bec8ca4b8be0f5c6f14a8df4872644789819e1cd3c1d11bd448a2ce291716257
SHA512 f819cf34f62a899898c045978d32fcc87e141d963f5c1dbcdc7c17d0809a4f3cb989dc09a328434940b49a99cc2f76a21ad38f34bae107ab174a1f3c2d720616

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 11c2935b0dd9c94cf2086e8346cf3023
SHA1 6a0b6ee4a71713f3f715b984cca96bd2e8fb937f
SHA256 99d43400dd62d71abdc591538d807f5fe830367d7f65af578b096669cdc191dd
SHA512 0cb19609cc2bc102026bc5080a3b9dba38969cb809466bc123ad07bb48c7b8b91334d574f52779fd29d24453c634b29f4fb40a1b4ce04e36bed5d8812f9c1434

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 0d4f6557225753028d5a0fc3e7127108
SHA1 8644e78e8d6d79333298082369f895c73aaa56aa
SHA256 59d7c1a374dd4059ea45f5d70262accb5410f776e66fa0d33ee7ea717d97fb1e
SHA512 6a9bf0d475534d73713ddf665788001ad19f7ba49db2fec9b6acacec9011a9af5a79bdc32adb51118f871d2cd02cdf4fd3bd41c22ed02668420bd7ceb30d88d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d238b66a47c7c0c49e20c906d67e34e3
SHA1 bd9ba3454dd45aebd9f8e57589f337fe46ae34ae
SHA256 b2e3c9bdd23b440afa59e65c69fe22f8d15c61c2ed90fd17fbe3ca6b349cf527
SHA512 3320b27af330ff67712ac4033e5a16abc0777ac9ef6f0861ea1639f390bfa6b6ceef9d810a6057e0aa5dd8a0f8e85ff69537a7ad06bb324b39b8142cf57ee533

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0

MD5 91754b1113e2494f53cd63689ef38101
SHA1 c16c1f4b9c3172488fabca328126fd4feede7f95
SHA256 6026896c47c91beec5296f0477ac2cc08e63a7004fbb55b955d78b29da123384
SHA512 ddfe21ec8aa28fc5a76be0dd12851eb76da5a6e2b591c5659972ea978c3033b3e95d9f89426f7fe8b70edb1701be5a35b64176a87cca6412f4862707da6a4efb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6bac76e8a146810ac4c6f1d6748e1565
SHA1 2735ac74271fe3bfcb28cbec7a22f9a089ff0d8f
SHA256 fd8a6dc629eb8bfb5fde878d3061d8706aaadddf8fb9d7467db70a4fe3533a3c
SHA512 f0e3ae6af79244d936a7aed60bb5792ede37df3af69c1e5639b33ede987cbd492b461ee54421824feb7e677725eb28a92207de98635044735692bfc08ba6506f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a2

MD5 1aca735014a6bb648f468ee476680d5b
SHA1 6d28e3ae6e42784769199948211e3aa0806fa62c
SHA256 e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c

MD5 aa521e4e4c27306805ee2da1706959bb
SHA1 f2d27a4dc1eee1b9abbc241f7c20678c03c9e775
SHA256 ffec638750b623b96d54bad5e22d02efacf39d617e92747f603ff21b57da9b04
SHA512 b964d5fe188619ce4b3aa1493588d501bcb464ff574d4ca3b3d8ad34709bb279b689d386ca2b3658d1caa04d022b82b86af01dec6d811bba8e0ce34fec6ea3f5

C:\Users\Admin\Downloads\Unconfirmed 697804.crdownload

MD5 a64bd549d95bfc8be592833460f79fcc
SHA1 0aeeb9507ed39f14d82149c56011ec3aaed1bec9
SHA256 d285b5242f4583d49c63a7c7f83a72f082ab395f9eaff674ff56c8d2d0fa063d
SHA512 767bffb8861e81ce61cfec5b0462f6a62cf86d9fca8411126b6ee3f43bc7fccbbffae8fafe293e9c227f297d82562d70940b441f9d541e35b66b972f2b79fdae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 54ae82b8d4fd5afedcce6edd5bee9605
SHA1 a785015d4c7132ce491d140d6441b654a837c60f
SHA256 0399d23dd7e049f5743f82d877ba373d9d5d3e1429c4dac180639fe8a1d4504e
SHA512 4002f56652801ed4194f474762f7f9681a220347b96dc3283ebc651ebcb94307d43a0af6d909ae3639c6f6f3dd3eef5a72a84b8e8f0e658354021fb7e0d3fef8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 baa976e09d7c28b4ca44e08966783f59
SHA1 0a9293cb0eb6823c53251f6605f26703dea7170c
SHA256 20ab1fcd18e60ca95a1a62c35acfb0b9941a310badafa6b6a5360248ada8f1f4
SHA512 1f2315008fd5673faaea689b93489b5f078d4f6928e21f77f6e3247473a9663e1a1df8c7e4a3437776e3975e8529dba76384000d424837088ddec4d2638c7ea1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aeb25250df706e08794c986b59e9a315
SHA1 501766a6a83d7a9f83ba46bf2dbf8045c18e15ea
SHA256 17b2bd0be9f731b66b208489225b574cfa81664dbe171fb9d7bcd9c1a15794ab
SHA512 832b51179f3019e613d06bb0e1dab0bb6692ac6d5c631876b39c8e7121a589a7734fd930d4fe6958c8a74cf07cddef31414d2a8d1ea0455d33384145e80a1ab3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b63d29be034656be6b1c7f82e80fcdee
SHA1 a2b6b97cd5c58a76a2b4e24be64fb3aaad9ed516
SHA256 e61c4b9a9d1d6eed3092eda145d550568e0e33a594bd25e37195bf461253ab0d
SHA512 eab05061cf0599f041c1c226a279802447aefb7e2db3cb7a3a2ed3747604856a15fe475c8ebc6999568fe1270693d5b599356bd613a72ea583b18d039ef0a03d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4278238e56b89c22a1fec95dea2e71ac
SHA1 318c728c424270be02a662deb3d3058399412246
SHA256 212d76637a80ee7c33895163ff8a265860238d90f0741a8be61eef5ce86c497c
SHA512 868326a9752efe2c2f246c4b1dc8ffd814a9cb3d084f7771bb92ccb90634550b6e56fe24879a2ae03364ef9369b1c9a42c209d5f31307fac06bde09db3b90d47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 e17e0c992db034338174d8477f78a991
SHA1 4bd54469bd110c037c64eaf8c48f5e33916fa4de
SHA256 3668bae1e15946f8aed41e63c9bd97066a4f99541b4ce35c550f4b794dcf2873
SHA512 de077392f2f21bacbac079908c1e2355e8b95ab2cab5210ea627bf150428dd2d307d8c11d7529e0f71866a2e237198c7d7e10e397b2b245bc3036864513b1371

C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{B86F80BF-73F1-4174-96E7-106285DD7DA6}\ADDRESSES.TMP.FILETEST

MD5 b6d520474c5e852738d57bd6249b22b6
SHA1 c0511c70f85357ae6011b46a55ab51d15d114502
SHA256 029e56ad5c2da0b8f305c3c2ad73204822e5f64e1aaea803bfd3fbc57bd47e91
SHA512 b2807d55711acf86adc2b347f5edca567e84c9be2c2da48d68788b8cb30a991584d9a626b2af40a72c632625b05c62a8647e0edc119717b85b63d2224f5e41da

C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{B86F80BF-73F1-4174-96E7-106285DD7DA6}\ADDRESSES.FIRST

MD5 ecdf0684a14d5b747c245d659b5f33b1
SHA1 fee7035409106461ca06d14236db42543aa042ee
SHA256 631bdc5422d1339287bf86b7a204f35956f676d473b27879f304d608238c318d
SHA512 e4cdd4b29e1a8cb4d1161a019a304122df5299d62001c3a03426d89b9b7f1fe69e3c3adff0bd036f333490d8673081da50b3165d44c4978e00980b4df7aa920d

C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{25FCA526-3A95-44E7-905F-57D67CD555D8}\MEMORY.FIRST

MD5 82c21a4694e51b3c2f568fa571716657
SHA1 4144ed54e6ded9bfef3699ba1e5ad69201fd05f7
SHA256 c39cdd3aa9ed1cedd9ddeba77b81812370809fea0876205a012f09f52af95b6a
SHA512 52bc21c7e1138332d1040f3a069df22b75b698bbc807efaed97a669eb59204e664e30a7e996c8299ad97a391cf90e2af939867c2a01fd38f59075349a92bde52

C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{25FCA526-3A95-44E7-905F-57D67CD555D8}\ADDRESSES.TMP

MD5 3b2dd88ff482011ae13781cf65d01867
SHA1 adca5221cd0250d3c3260a6197a303c48c2a1bbb
SHA256 79e21b0d34191f632234cd050ffe7a13aadbec931c5a8b9d5f29dfb6f4a04436
SHA512 0f9ad3cc367bd1425e64a2245c31255b356e64172594e34ff68574ab6e5c6771789aba6f1685a86a1d9a8db7b9026962fb671b91718deccbd80a762f6bf46b73

C:\Windows\Logs\DISM\dism.log

MD5 0ec289c4bfcc5c52847cef0a29124309
SHA1 4177187f2375ae7e63a1aebc181f7a7d24fbda4a
SHA256 1bde5d2e9f5599ac98c9d63cd11393089fb1e3d32491f3c30f6f69ee3e510f45
SHA512 34bbdeb7984d7d22f131dafa6f9a71c0d35c5f42c95466be866f5896d83eeb21bd04b63a6e4fd4397c2807b597c707f80644eff58c202f60ab9a11944dddda55

memory/6072-8166-0x0000000002E60000-0x0000000002E96000-memory.dmp

memory/6072-8167-0x0000000005B20000-0x000000000614A000-memory.dmp

memory/6072-8168-0x00000000057D0000-0x00000000057F2000-memory.dmp

memory/6072-8169-0x0000000005970000-0x00000000059D6000-memory.dmp

memory/6072-8170-0x0000000005A50000-0x0000000005AB6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_efbsqi4s.mse.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/6072-8179-0x00000000061B0000-0x0000000006507000-memory.dmp

memory/6072-8180-0x0000000006580000-0x000000000659E000-memory.dmp

memory/6072-8181-0x00000000065C0000-0x000000000660C000-memory.dmp

memory/6072-8182-0x0000000007530000-0x0000000007564000-memory.dmp

memory/6072-8192-0x0000000006B30000-0x0000000006B4E000-memory.dmp

memory/6072-8183-0x000000006F9C0000-0x000000006FA0C000-memory.dmp

memory/6072-8193-0x0000000007770000-0x0000000007814000-memory.dmp

memory/6072-8194-0x0000000007EF0000-0x000000000856A000-memory.dmp

memory/6072-8195-0x00000000078B0000-0x00000000078CA000-memory.dmp

memory/6072-8196-0x0000000007930000-0x000000000793A000-memory.dmp

memory/6072-8197-0x0000000007B40000-0x0000000007BD6000-memory.dmp

memory/6072-8198-0x0000000007AC0000-0x0000000007AD1000-memory.dmp

memory/6072-8200-0x0000000007BE0000-0x0000000007BFA000-memory.dmp

memory/6072-8199-0x0000000007B00000-0x0000000007B0E000-memory.dmp

memory/4204-8208-0x0000000006390000-0x00000000066E7000-memory.dmp

memory/4204-8212-0x000000006F9C0000-0x000000006FA0C000-memory.dmp

memory/5372-8230-0x0000000006060000-0x00000000063B7000-memory.dmp

memory/5372-8231-0x000000006F9C0000-0x000000006FA0C000-memory.dmp

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

F:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

F:\LDPlayer\LDPlayer9\fonts\NanumGothicLight.otf

MD5 e2e37d20b47d7ee294b91572f69e323a
SHA1 afb760386f293285f679f9f93086037fc5e09dcc
SHA256 153161ab882db768c70a753af5e8129852b9c9cae5511a23653beb6414d834a2
SHA512 001500f527e2d3c3b404cd66188149c620d45ee6510a1f9902aacc25b51f8213e6654f0c1ecc927d6ff672ffbe7dc044a84ec470a9eb86d2cba2840df7390901

F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

F:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 fa2c08e402cc1c1fca849ba2e4eb56aa
SHA1 133dbe827d469e8dcfb792734f1fced97690efca
SHA256 bd6ed960624c4ffb99ce82611f23365733df329b1ff3216590292ee8034a4421
SHA512 d96f84f06784f6d2c2182301ae4437303f5f3ab8936e6e3512606c28cc99de268bd186a4eb73b092c1e54995fa849c38080a26fe6dc2b8c1e7171781677d3eb6

F:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 38f88ca4211fb378c41412c23af886e2
SHA1 7c904c5fdf84d13ffd47703be39380861b5a6a7f
SHA256 6b149b8b72bf3631111f0e7b95b4dbe2646b786a3de1b414110438927d3f9c38
SHA512 6ff289ee872bb96de9de4a3ef82d043f93542545f1555885bd4b6aa008892a8e3fd5f59eb4ed76a402aaa884989725168206aaec6582ea37bd556e7f642d681b

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 395970be72d1bcc7755f95a04b3b303d
SHA1 f4019b43fd95f1748e2392d5cb1aa4486aadbc13
SHA256 5fa3f4cb4f4f603bd8b9a538b54658ebbcf9198d99f2b0e1ce447322b22fb312
SHA512 2f4968b8564bd3bbc624a6838ec33de22413afb8711e08cc36b082863f4e146212c1b6173921ea110c65a0dc20b97c9e187a8ef006005711efcf4237db0bcd1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8bde4f67-2cf1-484b-b618-89a014f7890e.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a601ffd90ab7d2c93fbb8c2d90ee2503
SHA1 b9c26436298dcfadc61119e048c325ef40bc5c48
SHA256 1237e6faefe618701c1dd97e3a44cd98af0d4118adcb60d7482a8b4b31d2160b
SHA512 62369a1e668e40db6a05a3df253c7dc3b4d9c7df3d7c4029944150b78b26c32a5392eece42c1b8cc3ee628864e2fdffc4f7b973ca9162e4099f3cbe71d8c1ac9

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 ce9fe92e375200640024cb45870d5615
SHA1 68d1d6ed6db2e70460e0382884168224f2ea6315
SHA256 bb0df9e0188128462ed348bbafaeaaf5499df69e73033b569c218caa965b8ae2
SHA512 4de5d79ff4b6e0f126a15b8e635cb4b3a0e5712587aeb54a4dcd8750f9654b997a60a6bbe0accb89b26f9962a56fa955d0e2eff8d126d39705aacd249093af0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be2e9c17d9445165fe9651db99ae294d
SHA1 bc8e654511bfb3cca938c17b15c4f10de36591ad
SHA256 ef357e7f77d70f17bff96f48ce0f67d58767bc9638546ff3dc1d4f3afa06cb1d
SHA512 a6cebfb7054f59546301a6d37b3735858a6c2d32629306c227a3e35c2b6889a3d822800c446933c08febdcb81f9cf35022046fccefc08846081df080fd549a7f

F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9eae2da320a91123ae326d733c7e3ab9
SHA1 b63cd181c1d5ee61bfaa8acc4386250bfc748b7b
SHA256 ba6c75214c150babb8196fdcc43c2836cd817e1ed5556bb80f121b72e6cd7755
SHA512 e1383899304300ee70862f9246d80a70596f11716e6bfe329125373b10ca04413cbe673d40525c41376d25ad568caa1b6b65648fce066fc32d2108cd99223152

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 00f789f0be501f0cd5ef8241d26b3f76
SHA1 6857df93a8c7041d0f0e722a3be956010d8898bc
SHA256 2f20cd65a458f43751f03c66230bed791facfbfd33791f4ee15cfafb0be552ab
SHA512 0b7cf1221e7581c57bc6d4622475780088d1953bfb5444608b255f869a82f34a68b213ed94a26560b275ad740941dff99bdcdc76da30c69dab29c9c34844a109

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2aefa82113c7cdda82118a772a1421e0
SHA1 9e58b478a92f0de140f2dc8ac82291c80c623ed8
SHA256 b959bd09280c31bdb235064cfc88713294b4036543f1950ad9d883dc12c16292
SHA512 c111c4094eb4ef1ea36ad4d753246fef8da2b4c9b8a7519007c943962b165de9a1681b70ec04e260c1594d90d1f97cf4438d7c0ba8b07517b8c982b5c81e1d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8c151f107f68852b1bbe15b1aae51f5d
SHA1 2522d1da32ed725ecdef7eb92c0df4dc259207c3
SHA256 a7bab653a39e214eab7c063bc7f919a4db6bfc7ef9601c7357f00d7ac32b6c13
SHA512 5b1f6331d46e5b65ff0062ceb2a36c2d5e0fbf178c9f8b1f3587828a709cb75d14741cb6fd16280709cbb4ea9cba6616b2c69ff5756864db921b6d9a79585411