Analysis Overview
Threat Level: Likely malicious
The file http://youareaidiot.org was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Manipulates Digital Signatures
Stops running service(s)
Possible privilege escalation attempt
Downloads MZ/PE file
Creates new service(s)
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Reads user/profile data of web browsers
Executes dropped EXE
Modifies file permissions
Checks installed software on the system
Checks for any installed AV software in registry
Enumerates connected drives
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in System32 directory
Launches sc.exe
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Program crash
Suspicious behavior: LoadsDriver
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Runs net.exe
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
NTFS ADS
Modifies data under HKEY_USERS
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-06 00:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-06 00:27
Reported
2024-10-06 00:34
Platform
win11-20240802-en
Max time kernel
433s
Max time network
434s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\rsKernelEngine.sys | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsCamFilter020502.sys | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2005\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4\FuncName = "WVTAsn1SpcIndirectDataContentEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2223\FuncName = "WVTAsn1CatMemberInfo2Decode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2012\FuncName = "WVTAsn1SealingTimestampAttributeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.2\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.4\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Stops running service(s)
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\rundll32.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser\Installed | C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed | C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\SOFTWARE\Avira\Browser\Installed | C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\clbcatq.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\winhttp.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mskeyprotect.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\MSASN1.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\CoreMessaging.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ADVAPI32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\mskeyprotect.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\dhcpcsvc6.DLL | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\advapi32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\imm32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\system32\explorerframe.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\OLEAUT32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\uxtheme.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\GLU32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\DPAPI.DLL | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\winhttp.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\CRYPTSP.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\webio.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\win32u.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iertutil.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\webio.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\ucrtbase.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\bcryptPrimitives.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\ntdll.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\shcore.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\winmm.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\DNSAPI.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\dhcpcsvc.DLL | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\msimg32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\GLU32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\clbcatq.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\PROPSYS.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\wow64.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\RPCRT4.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\ole32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\opengl32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\IPHLPAPI.DLL | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SHCORE.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\windows.storage.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\kernel.appcore.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\wintypes.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\atlthunk.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\sechost.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\KERNELBASE.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\CRYPTBASE.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\SHLWAPI.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\dxcore.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\secur32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\CRYPTBASE.DLL | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\apphelp.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\ncrypt.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\comdlg32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\SHLWAPI.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WININET.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\netutils.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\TextShaping.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\GDI32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\wsock32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\system32\schannel.DLL | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\cryptnet.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\urlmon.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\combase.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\WINNSI.DLL | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\samrecoverable.luc | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\mappings.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\arm64\elam\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-6C6NR.tmp | C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\winapi\is-0ESVK.tmp | C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\Temp972545734\wa_install_check.png | C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-CA.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDragAndDropSvc.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-da-DK.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-BR.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File opened for modification | C:\Program Files\McAfee\Webadvisor\Analytics\transport_ga.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\manifest.json | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll | C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\transport_eng_observability.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\InputHost.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsEngine.Data.dll | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\wsock32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstPDMAsyncCompletionStress.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\Windows.Storage.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBTest.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-tr-TR.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File opened for modification | C:\Program Files\McAfee\Webadvisor\Analytics\mappings.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.6.0\LICENSES.chromium.html | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\gdi32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_sideloaded_ext_guide.png | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-da-DK.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.6.0\locales\am.pak | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.Reader.dll | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\winnsi.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-TW.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\productupselltoast.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\DUser.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\opengl32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.IO.dll | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding-bing.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pt-BR.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-PT.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\opengl32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\LFS.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\nsi.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.sys | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxCpuReport.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp972545734\jslang\wa-res-shared-zh-TW.js | C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\installer.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\is-5QVFB.tmp | C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafeeicon.ico | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\DXCore.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fi-FI.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsHelper.RPC.RPCClient.dll | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.IO.dll | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\fastpipe.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\checklisthandler.luc | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ko-KR.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-dwtoast.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ru-RU.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\shell32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.sys | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sv-SE.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nb-NO.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-cs-CZ.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-nl-NL.js | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-warningbackground.gif | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptiontype.luc | C:\Program Files\McAfee\Temp972545734\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.FastSerialization.dll | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\tcc64-32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.22000.434_none_1630a2eb2777c45d\gdiplus.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_e541a94fcce8ed6d\COMCTL32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\CheatEngine75 (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fsukrvlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CheatEngine75 (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dism.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\CheatEngine75.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Cheat Engine 7.5\windowsrepair.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E87-11E9-8AF2-576E84223953} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-c9d6-4742-957c-a6fd52e8c4ae} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\CLSID | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8084-11E9-B185-DBE296E54799} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E1B7-4339-A549-F0878115596E}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7F29-4AAE-A627-5A282C83092C}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\NumMethods\ = "22" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1\CLSID | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\ = "IVirtualSystemDescription" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}\NumMethods\ = "20" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FF5A-4795-B57A-ECD5FFFA18A4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7997-4595-A731-3A509DB604E5} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6989-4002-80cf-3607f377d40c} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C60-11EA-A0EA-07EB0D1C4EAD}\ = "ICloudClient" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8F30-401B-A8CD-FE31DBE839C0}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9849-4F47-813E-24A75DC85615}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D8ED-44CF-85AC-C83A26C95A4D}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4289-ef4e-8e6a-e5b07816b631} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\ = "IGraphicsAdapter" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\ = "INetworkAdapter" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5409-414B-BD16-77DF7BA3451E}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E72-4F34-B8F6-682785620C57}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C9D6-4742-957C-A6FD52E8C4AE}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8079-447A-A33E-47A69C7980DB} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\ = "IEventSource" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\ = "ISerialPort" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B}\ = "IGuestProcessEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\AppID | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80F6-4266-8E20-16371F68FA25} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D4FC-485F-8613-5AF88BFCFCDC}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f1030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 697804.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 477092.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 345421.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\CheatEngine75 (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\fltmc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youareaidiot.org
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff381f3cb8,0x7fff381f3cc8,0x7fff381f3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,6424268001728451640,5390736665085600452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8
C:\Users\Admin\Downloads\CheatEngine75 (1).exe
"C:\Users\Admin\Downloads\CheatEngine75 (1).exe"
C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp
"C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp" /SL5="$F0250,29027361,780800,C:\Users\Admin\Downloads\CheatEngine75 (1).exe"
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod0.exe
"C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod0.exe" -ip:"dui=fc0a75db-1ac8-4646-b578-3bf7c73d9a5e&dit=20241006002823&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true" -vp:"dui=fc0a75db-1ac8-4646-b578-3bf7c73d9a5e&dit=20241006002823&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&oip=26&ptl=7&dta=true" -dp:"dui=fc0a75db-1ac8-4646-b578-3bf7c73d9a5e&dit=20241006002823&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100" -i -v -d -se=true
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\CheatEngine75.exe
"C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
C:\Users\Admin\AppData\Local\Temp\fsukrvlz.exe
"C:\Users\Admin\AppData\Local\Temp\fsukrvlz.exe" /silent
C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp
"C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp" /SL5="$700DC,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
C:\Windows\SYSTEM32\net.exe
"net" stop BadlionAntic
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop BadlionAntic
C:\Windows\SYSTEM32\net.exe
"net" stop BadlionAnticheat
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop BadlionAnticheat
C:\Windows\SYSTEM32\sc.exe
"sc" delete BadlionAntic
C:\Windows\SYSTEM32\sc.exe
"sc" delete BadlionAnticheat
C:\Users\Admin\AppData\Local\Temp\is-SOKV5.tmp\_isetup\_setup64.tmp
helper 105 0x388
C:\Windows\system32\icacls.exe
"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe
.\UnifiedStub-installer.exe /silent
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\installer.exe
"C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Program Files\McAfee\Temp972545734\installer.exe
"C:\Program Files\McAfee\Temp972545734\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
"C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
C:\Windows\system32\icacls.exe
"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3684 -ip 3684
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 920
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3684 -ip 3684
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 1804
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\elam\evntdrv.xml
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff381f3cb8,0x7fff381f3cc8,0x7fff381f3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,16068564514697114442,13243332022619630993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10808 /prefetch:8
C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_com.ninjamuffin99.funkin_25567197_ld.exe"
C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
F:\LDPlayer\LDPlayer9\LDPlayer.exe
"F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="F:\LDPlayer\LDPlayer9\"
F:\LDPlayer\LDPlayer9\dnrepairer.exe
"F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=852568
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\5BD34C95-9130-4BD9-A5C8-DDFA38F0D70F\dismhost.exe {51B8BE2F-E288-49D5-8C31-1706D2A0FAA0}
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
F:\LDPlayer\LDPlayer9\driverconfig.exe
"F:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7fff381f3cb8,0x7fff381f3cc8,0x7fff381f3cd8
F:\LDPlayer\LDPlayer9\dnplayer.exe
"F:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.ninjamuffin99.funkin|package=com.ninjamuffin99.funkin
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D8
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff381f3cb8,0x7fff381f3cc8,0x7fff381f3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14802238452977554062,4089607925642204111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | youareaidiot.org | udp |
| US | 103.224.212.242:80 | youareaidiot.org | tcp |
| US | 103.224.212.242:80 | youareaidiot.org | tcp |
| US | 103.224.212.242:80 | youareaidiot.org | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.212.224.103.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 103.224.212.242:80 | youareaidiot.org | tcp |
| US | 103.224.212.242:80 | youareaidiot.org | tcp |
| US | 103.224.212.242:80 | youareaidiot.org | tcp |
| GB | 92.123.128.181:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | th.bing.com | tcp |
| GB | 92.123.128.167:443 | th.bing.com | tcp |
| GB | 92.123.128.164:443 | www.bing.com | tcp |
| GB | 92.123.128.164:443 | www.bing.com | tcp |
| NL | 40.126.32.76:443 | login.microsoftonline.com | tcp |
| US | 104.20.95.94:443 | www.cheatengine.org | tcp |
| US | 104.20.95.94:443 | www.cheatengine.org | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 104.16.24.14:443 | c5.patreon.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 104.16.25.14:443 | c5.patreon.com | tcp |
| GB | 142.250.178.1:443 | 7185419632ac4780e62e0dcf4fe8dceb.safeframe.googlesyndication.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| CZ | 65.9.94.50:443 | d27825u686rxd6.cloudfront.net | tcp |
| CZ | 65.9.94.50:443 | d27825u686rxd6.cloudfront.net | tcp |
| BE | 18.239.190.6:443 | d34hwk9wxgk5fi.cloudfront.net | tcp |
| BE | 18.239.190.6:443 | d34hwk9wxgk5fi.cloudfront.net | tcp |
| CZ | 65.9.95.119:443 | shield.reasonsecurity.com | tcp |
| CZ | 65.9.95.119:443 | shield.reasonsecurity.com | tcp |
| US | 52.26.104.76:443 | analytics.apis.mcafee.com | tcp |
| GB | 2.19.117.95:443 | sadownload.mcafee.com | tcp |
| US | 54.243.47.129:443 | track.analytics-data.io | tcp |
| US | 54.243.47.129:443 | track.analytics-data.io | tcp |
| CZ | 65.9.95.115:443 | update.reasonsecurity.com | tcp |
| US | 54.243.47.129:443 | track.analytics-data.io | tcp |
| US | 54.243.47.129:443 | track.analytics-data.io | tcp |
| CZ | 65.9.95.66:443 | electron-shell.reasonsecurity.com | tcp |
| US | 54.243.47.129:443 | track.analytics-data.io | tcp |
| US | 54.243.47.129:443 | track.analytics-data.io | tcp |
| GB | 2.19.117.95:443 | sadownload.mcafee.com | tcp |
| US | 52.26.104.76:443 | analytics.apis.mcafee.com | tcp |
| GB | 104.124.169.75:443 | home.mcafee.com | tcp |
| US | 3.214.141.241:443 | track.analytics-data.io | tcp |
| US | 3.214.141.241:443 | track.analytics-data.io | tcp |
| US | 52.26.104.76:443 | analytics.apis.mcafee.com | tcp |
| US | 104.20.95.94:443 | cheatengine.org | tcp |
| GB | 172.217.169.3:80 | c.pki.goog | tcp |
| US | 3.214.141.241:443 | track.analytics-data.io | tcp |
| US | 3.214.141.241:443 | track.analytics-data.io | tcp |
| CZ | 65.9.95.88:443 | cdn.reasonsecurity.com | tcp |
| GB | 2.19.117.71:443 | sadownload.mcafee.com | tcp |
| US | 3.214.141.241:443 | track.analytics-data.io | tcp |
| US | 3.214.141.241:443 | track.analytics-data.io | tcp |
| US | 52.26.104.76:443 | analytics.apis.mcafee.com | tcp |
| US | 52.26.104.76:443 | analytics.apis.mcafee.com | tcp |
| US | 3.214.141.241:443 | track.analytics-data.io | tcp |
| US | 3.214.141.241:443 | track.analytics-data.io | tcp |
| GB | 92.123.241.137:80 | www.microsoft.com | tcp |
| GB | 184.28.176.66:443 | tcp | |
| GB | 184.28.176.66:443 | tcp | |
| GB | 51.104.15.252:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.181:443 | www.bing.com | tcp |
| GB | 92.123.128.169:443 | www.bing.com | tcp |
| GB | 92.123.128.169:443 | www.bing.com | tcp |
| GB | 92.123.128.146:443 | www.bing.com | tcp |
| GB | 92.123.128.146:443 | www.bing.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| BE | 18.239.208.58:443 | sdk.privacy-center.org | tcp |
| CZ | 65.9.98.75:443 | c.amazon-adsystem.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | udp |
| GB | 142.250.200.46:443 | syndicatedsearch.goog | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | udp |
| CZ | 65.9.98.75:443 | c.amazon-adsystem.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 142.250.180.27:443 | storage.googleapis.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| CZ | 65.9.95.30:443 | cdn.reasonsecurity.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 172.67.74.232:443 | cdn.btmessage.com | tcp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.197.45.139.in-addr.arpa | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.74.232:443 | cdn.btmessage.com | tcp |
| BE | 18.239.208.20:443 | api.privacy-center.org | tcp |
| GB | 142.250.200.46:443 | syndicatedsearch.goog | udp |
| GB | 142.250.178.1:443 | 7185419632ac4780e62e0dcf4fe8dceb.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 104.26.2.63:443 | wct.softonic.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| CZ | 65.9.9.197:443 | aax.amazon-adsystem.com | tcp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| IE | 54.194.113.148:443 | ap.lijit.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| NL | 185.89.210.46:443 | secure.adnxs.com | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| IE | 54.76.166.236:443 | id.crwdcntrl.net | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 172.217.169.34:443 | partner.googleadservices.com | tcp |
| CZ | 65.9.95.6:443 | tags.crwdcntrl.net | tcp |
| IE | 34.242.255.180:443 | ad.360yield.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| CZ | 65.9.95.56:80 | crt.rootg2.amazontrust.com | tcp |
| CZ | 65.9.95.56:80 | crt.rootg2.amazontrust.com | tcp |
| GB | 142.250.200.14:443 | ampcid.google.com | tcp |
| GB | 142.250.187.227:443 | www.google.co.uk | tcp |
| GB | 142.250.187.227:443 | www.google.co.uk | tcp |
| GB | 142.250.187.227:443 | www.google.co.uk | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.187.227:443 | www.google.co.uk | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 104.26.2.63:443 | wct.softonic.com | tcp |
| GB | 64.233.166.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 46.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.113.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.255.242.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.166.76.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| DE | 138.201.8.249:443 | sync.richaudience.com | tcp |
| US | 151.101.193.108:443 | acdn.adnxs.com | tcp |
| GB | 23.219.196.188:443 | ads.pubmatic.com | tcp |
| US | 104.18.38.76:443 | cdn.indexww.com | tcp |
| GB | 92.123.240.21:443 | contextual.media.net | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 3.229.16.138:443 | cs-server-s2s.yellowblue.io | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| GB | 2.19.117.107:443 | player.aniview.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| IE | 34.252.67.98:443 | match.prod.bidr.io | tcp |
| NL | 89.149.192.75:443 | ssbsync.smartadserver.com | tcp |
| US | 23.23.152.227:443 | api-2-0.spot.im | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 54.147.108.51:443 | sync.srv.stackadapt.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| US | 172.111.38.54:443 | tracker.open-adsyield.com | tcp |
| IE | 54.247.162.123:443 | jadserve.postrelease.com | tcp |
| FR | 5.196.111.68:443 | ssbsync-global.smartadserver.com | tcp |
| GB | 142.250.180.2:443 | cm.g.doubleclick.net | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 151.101.130.49:443 | sync-tm.everesttech.net | tcp |
| FR | 164.132.25.185:443 | rtb-csync.smartadserver.com | tcp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| CZ | 65.9.95.71:443 | s.ad.smaato.net | tcp |
| GB | 142.250.180.2:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.67.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.108.147.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.152.23.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.162.247.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.38.111.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.119.184.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.25.132.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.33.132.192.in-addr.arpa | udp |
| FR | 164.132.25.185:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 98.82.157.231:443 | s.amazon-adsystem.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| GB | 92.123.242.2:443 | eus.rubiconproject.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 151.101.65.91:443 | articles-img.sftcdn.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| GB | 142.250.187.227:443 | www.google.co.uk | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| IE | 52.94.223.167:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 151.101.129.91:443 | articles-img.sftcdn.net | udp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| NL | 89.149.192.75:443 | ssbsync.smartadserver.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 34.252.67.98:443 | match.prod.bidr.io | tcp |
| US | 54.147.108.51:443 | sync.srv.stackadapt.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| FR | 164.132.25.185:443 | rtb-csync.smartadserver.com | tcp |
| FR | 164.132.25.185:443 | rtb-csync.smartadserver.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| FR | 5.196.111.68:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| DK | 37.157.3.26:443 | adx.adform.net | tcp |
| US | 98.82.157.231:443 | s.amazon-adsystem.com | tcp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| NL | 35.214.174.141:443 | a.sportradarserving.com | tcp |
| NL | 35.214.174.141:443 | a.sportradarserving.com | udp |
| NL | 185.89.210.46:443 | secure.adnxs.com | tcp |
| IE | 52.94.223.167:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 52.94.223.167:443 | aax-eu.amazon-adsystem.com | tcp |
| CZ | 13.226.89.188:443 | m.media-amazon.com | tcp |
| CZ | 13.226.89.188:443 | m.media-amazon.com | tcp |
| CZ | 13.226.89.188:443 | m.media-amazon.com | tcp |
| CZ | 13.226.89.188:443 | m.media-amazon.com | tcp |
| CZ | 13.226.89.188:443 | m.media-amazon.com | tcp |
| CZ | 13.226.89.188:443 | m.media-amazon.com | tcp |
| CZ | 13.226.89.188:443 | m.media-amazon.com | tcp |
| CZ | 13.226.89.188:443 | m.media-amazon.com | tcp |
| CZ | 65.9.95.68:443 | ts.amazon-adsystem.com | tcp |
| CZ | 65.9.95.68:443 | ts.amazon-adsystem.com | tcp |
| IE | 3.254.238.154:443 | aan.amazon.co.uk | tcp |
| IE | 3.254.238.154:443 | aan.amazon.co.uk | tcp |
| IE | 3.254.238.154:443 | aan.amazon.co.uk | tcp |
| IE | 3.254.238.154:443 | aan.amazon.co.uk | tcp |
| CZ | 65.9.95.68:443 | ts.amazon-adsystem.com | tcp |
| CZ | 65.9.95.68:443 | ts.amazon-adsystem.com | tcp |
| IE | 3.254.238.154:443 | aan.amazon.co.uk | tcp |
| IE | 3.254.238.154:443 | aan.amazon.co.uk | tcp |
| IE | 3.253.167.114:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| IE | 3.253.167.114:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| CZ | 65.9.95.78:443 | tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev | tcp |
| CZ | 65.9.95.78:443 | tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev | tcp |
| GB | 163.181.154.240:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.237:443 | res.ldrescdn.com | tcp |
| CZ | 65.9.95.122:443 | b-code.liadm.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.180.6:443 | 8876029.fls.doubleclick.net | tcp |
| GB | 142.250.180.6:443 | 8876029.fls.doubleclick.net | udp |
| GB | 142.250.180.6:443 | 8876029.fls.doubleclick.net | udp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| CZ | 65.9.95.96:443 | js.adscale.de | tcp |
| US | 54.237.59.39:443 | i.liadm.com | tcp |
| DE | 3.123.55.249:443 | ih.adscale.de | tcp |
| US | 54.163.111.2:443 | rp.liadm.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 238.154.181.163.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 186.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| BE | 18.239.208.78:443 | live.rezync.com | tcp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| IE | 52.19.118.55:443 | dpm.demdex.net | tcp |
| US | 64.74.236.63:443 | b1sync.zemanta.com | tcp |
| US | 3.224.60.248:443 | mid.rkdms.com | tcp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 64.74.236.63:443 | b1sync.zemanta.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| CZ | 65.9.95.22:443 | apien.ldplayer.net | tcp |
| CZ | 65.9.95.22:443 | apien.ldplayer.net | tcp |
| SG | 8.222.254.73:443 | usersdk.ldmnq.com | tcp |
| GB | 142.250.187.246:443 | play-lh.googleusercontent.com | udp |
| SG | 8.219.96.60:443 | invite.ldplayer.net | tcp |
| SG | 8.222.229.130:443 | api.ldshop.gg | tcp |
| SG | 8.219.96.60:443 | invite.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 55.118.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.95.9.65.in-addr.arpa | udp |
| SG | 8.222.254.73:443 | usersdk.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| SG | 8.222.229.130:443 | api.ldshop.gg | tcp |
| DE | 178.63.248.57:443 | push-sdk.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| CZ | 65.9.95.20:443 | tagan.adlightning.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| DE | 178.63.248.56:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| DE | 178.63.248.56:443 | push-sdk.com | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| NL | 63.215.202.146:443 | proc.ad.cpe.dotomi.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| DE | 138.201.8.249:443 | sync.richaudience.com | tcp |
| DE | 138.201.8.249:443 | sync.richaudience.com | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| NL | 89.149.192.75:443 | ssbsync.smartadserver.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| FR | 163.5.194.36:443 | sync.a-mo.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| FR | 149.202.238.96:443 | prg.smartadserver.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| FR | 5.196.111.68:443 | ssbsync-global.smartadserver.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| IE | 34.252.67.98:443 | match.prod.bidr.io | tcp |
| DK | 37.157.2.229:443 | adx.adform.net | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| FR | 164.132.25.185:443 | rtb-csync.smartadserver.com | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| US | 54.147.108.51:443 | sync.srv.stackadapt.com | tcp |
| FR | 163.5.194.35:443 | sync.a-mo.net | tcp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 3.209.5.135:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| CZ | 65.9.95.68:443 | apien.ldmnq.com | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| BE | 18.239.208.75:443 | apien.ldmnq.com | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| BE | 18.239.208.35:443 | ad.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| CZ | 65.9.95.107:443 | apien.ldplayer.net | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.240:443 | leap.ldplayer.gg | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| BE | 18.239.208.35:443 | ad.ldplayer.net | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.243:443 | leap.ldplayer.gg | tcp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| BE | 18.239.208.35:443 | ad.ldplayer.net | tcp |
| BE | 18.239.208.75:80 | apien.ldmnq.com | tcp |
| BE | 18.239.208.75:443 | apien.ldmnq.com | tcp |
| BE | 18.239.208.75:443 | apien.ldmnq.com | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| N/A | 127.0.0.1:6467 | tcp | |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| GB | 163.181.154.239:443 | leap.ldplayer.gg | tcp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| GB | 163.181.154.238:443 | leap.ldplayer.gg | tcp |
| GB | 163.181.154.238:443 | leap.ldplayer.gg | tcp |
| US | 8.8.8.8:53 | 239.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| GB | 163.181.154.244:443 | res.ldrescdn.com | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| US | 8.8.8.8:53 | 22.178.250.142.in-addr.arpa | udp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| CZ | 65.9.95.119:443 | apien.ldplayer.net | tcp |
| CZ | 65.9.95.119:443 | apien.ldplayer.net | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| DK | 37.157.6.233:443 | adx.adform.net | tcp |
| FR | 163.5.194.30:443 | prebid.a-mo.net | tcp |
| FR | 164.132.25.177:443 | prg.smartadserver.com | tcp |
| GB | 216.58.201.102:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| GB | 216.58.212.193:443 | yt3.ggpht.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| FR | 164.132.25.177:443 | prg.smartadserver.com | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| CZ | 65.9.9.197:443 | aax.amazon-adsystem.com | tcp |
| US | 185.167.164.39:443 | adx2.adform.net | tcp |
| US | 185.167.164.39:443 | adx2.adform.net | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| DK | 37.157.2.229:443 | adx.adform.net | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| GB | 142.250.178.1:443 | 8ebbd1ee4c32ff43d4b6e1dd9ffa7720.safeframe.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | 8ebbd1ee4c32ff43d4b6e1dd9ffa7720.safeframe.googlesyndication.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | tcp |
| N/A | 127.0.0.1:6470 | tcp | |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| FR | 163.5.194.31:443 | sync.a-mo.net | tcp |
| N/A | 127.0.0.1:6471 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6fdbe80e9fe20761b59e8f32398f4b14 |
| SHA1 | 049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f |
| SHA256 | b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942 |
| SHA512 | cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234 |
\??\pipe\LOCAL\crashpad_776_SZUDDFFJKUBZPEGS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9828ffacf3deee7f4c1300366ec22fab |
| SHA1 | 9aff54b57502b0fc2be1b0b4b3380256fb785602 |
| SHA256 | a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7 |
| SHA512 | 2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1763bcc41d32b6355624fc19cd65b72e |
| SHA1 | 4a5c5d50c5b3b49f18732ad9f6120b4c107786eb |
| SHA256 | 14ff8fe0522706cd097282ac02812e6095fc6f7eaa3d6db0cb6bbc0e3498b4e2 |
| SHA512 | 67dfb94d80b0f36750aa59047593288b181bb618db74b95185e313d5ff95aea339e76da5761689f5b289591544f97ab1144575d1123b0f8a25eaaaf7cfa0cfe2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | df02a894d53a3f0c0d3c8e7472bc428b |
| SHA1 | 88d0bc39c85dfa1c201bbf5a8658cb96b0db9bce |
| SHA256 | 87ab11588cc737af7eada92faf7754e8a7a9189de47de4ee16afad4f921780da |
| SHA512 | 2b9f8892323bcf5901017b0f66586282da9401a2669ea7323e4f1213b8988b071ca33c82ef7e58e4069729a698b20a2079838b3fbf9e9e668af7bd40dc67b1bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 80ed426f1c38b51be262807b45a79c0a |
| SHA1 | acd2a9a7c57608877b04c73d3b3b347387689ca3 |
| SHA256 | 5e42941f79f01100fa45535af0c5a172fcd9e1f1afaa938b0c5976c4db8b9084 |
| SHA512 | 734cd2266f9e1ac210091771835845f75111e2d304f8afe23dc0551930d9aa6ad71b8902c88d2a63d855b123756a44796d4869dbbd92bbf416f9d7f83d74341d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8f27a2041b41019f2bfd6148808db003 |
| SHA1 | 31db8089fd8c9870e8848a0f74aff1b82d6924b7 |
| SHA256 | de50346385dd84aa1c604d5f471a2c40c6ad76e8db75fcf6ea4fc81647006646 |
| SHA512 | 0c974248a88c8a81cd5c48d891e178e5efacb5dc4750ac61315ac1a6e305da46fea86a72050fa71be8f3a9bf5da2d87d7ae93ec5e163b5f498dcd5af82f57f62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40f62cef6f9b75e82c3e6efdf8a8c1b0 |
| SHA1 | 28e8ba2f25ad5041122193e96906065f3f19d7c9 |
| SHA256 | 8ddddea85236748a5c206ca11d54b6cbc96fb94ea4ad774101537af110e599fb |
| SHA512 | 11cb543dd4114395fccf17f81ab028510fc0cf70316099c05608375355f8abc0c914549a05b814904fee735abf5adb87dcb9cffea56d933e44c7b63ac0a4ecb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b6590ff1ddfcbf4813a5c9d45d6a6c13 |
| SHA1 | 5825a5158958d2ab4b8395e6e7cc423395b62401 |
| SHA256 | aabafba2b3241a88ab0b9299e235b2a32a657694eea06e03d4101e595eed549e |
| SHA512 | 1cf76ed12b477b71b975ec822da14db2d97015a16fc082e1c8557993013bee32422fe7130a27b80e3d6f6f2e20fb981a8760fe96b0f617a3934c1a5e370efa66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582100.TMP
| MD5 | 374f1173cf6edbbbdd62c03fb3db9923 |
| SHA1 | c2c7dfb9b23b11a98fbe8f0c504086c28088c219 |
| SHA256 | 16bf56cd82cdfb152c204d46611603c1627619209c9c2e3bd1e733e2ed4556cc |
| SHA512 | 240974e3f43416a84bc1238d860a8af073474a9603409dcd56926ee6e01ec7e528634ba2c62df5ede95674c9c427118b96d2d0536a72149dfae2e8683fab2e42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3c82ae0c2dd427d1a9afdc286af1c97d |
| SHA1 | d731cff026bb862364b5c86fc6b9a462ffa25f68 |
| SHA256 | b88c831892ed2535c2ca9d4056303e7703a69bf6ce21f18616a00ca0e577f2b6 |
| SHA512 | 4419cb7ddd64d6775a9a3547fa267c82885cc14d4ff11d41a46ada99481e7be8c2bf120bc3809cafc5f154ef5599d1e305095a0a2ee9c07349de9d0bd21aedc7 |
C:\Users\Admin\Downloads\Unconfirmed 477092.crdownload
| MD5 | 647a2177841aebe2f1bb1b3767f41287 |
| SHA1 | 446575615e7fcc9c58fb04cad12909a183a2eb15 |
| SHA256 | 07c1abb57c4498748c4f1344a786c2c136b82651786ed005d999ecbf6054fb2c |
| SHA512 | f3165aec7a4b7adb7e6ffca56812f769b7b085000d50bf235ca1c7e74d76dfb5549de9561e281623c734c2dec9fc37b54af572c3e97fcb9fb1411102ae3da0c0 |
C:\Users\Admin\Downloads\CheatEngine75 (1).exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 725dfbf2588c30b4697bd210aafa8a4a |
| SHA1 | 42241f6438fa0ff77dfff2c18d256f14b6fd974a |
| SHA256 | 2d6e0ea37d57ebc3f052ae6d07fd3cad008fe98f5d472e5814cdf4091d793630 |
| SHA512 | 1213ab0576439bcf06207680202f0a82e56b54b12a53aa0e3e8bdad2badf538fb789fa0156b568de0fc2ec9c15c9dd149caba0f50396e482e27f75a8e5f3a709 |
memory/2848-405-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-1O141.tmp\CheatEngine75 (1).tmp
| MD5 | 2c94c19646786c4ee5283b02fd8ce5a5 |
| SHA1 | bf3dd30300126ba9b51c343d64da2d8eda23ebea |
| SHA256 | 9be09875aa698a85c446fb80e075087d6c0a543a493a7f033f3015fe2f0680d5 |
| SHA512 | 7c3d5e740340042e34f25047a29add080e89027db2d49775aad529ecb8e13bfb83f73adb3b2999e129a27d85c9b0021e3bf3e110ac93cdf6c6393d121a0f7d4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | abb99d5688b6a325e4c9aa6ebe8cbc73 |
| SHA1 | 6ed9f029086db81dbd0813896edfb17be61e281d |
| SHA256 | 68c83b6ab1181897382f670853591b1bf02fc9572d78c8a641ede8c79f4f5d5a |
| SHA512 | f0a9a9c41a5b574a946995971037a806d28477a4ca1697ccfb68922be7f3f6d15d9c6a49625ad69a576f930b1ad92f83d73a1b712bca0304b1ce9a21e0f3e1bb |
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\zbShieldUtils.dll
| MD5 | 3037e3d5409fb6a697f12addb01ba99b |
| SHA1 | 5d80d1c9811bdf8a6ce8751061e21f4af532f036 |
| SHA256 | a860bd74595430802f4e2e7ad8fd1d31d3da3b0c9faf17ad4641035181a5ce9e |
| SHA512 | 80a78a5d18afc83ba96264638820d9eed3dae9c7fc596312ac56f7e0ba97976647f27bd86ea586524b16176280bd26daed64a3d126c3454a191b0adc2bc4e35d |
memory/3684-445-0x0000000004410000-0x0000000004550000-memory.dmp
memory/2848-449-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 88ecc8c09c0a1699fe8fe40dd194e4fe |
| SHA1 | dd92e5425fc2e27f832aa660168e34ae06d8b0d6 |
| SHA256 | 6ef6d51078ec87aae4f862238a3475b5d105da18029756da8c2e076045475c11 |
| SHA512 | aed635193289a432c4dc8032dcb27026d46624b7691f8dccbd017efae38f7838803871fd1ede4ea80bec12bada7d9517244b8e1bf321445e570d2cbe41984f3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 23acdd8afc1d169989196135822a8d1c |
| SHA1 | a5ef04fcf6327b74f0bc356047e2750d51f36b69 |
| SHA256 | e6f8274d069e103eab9d55122ff594a1ea777a948336942f9ca9c3b1ac3dd502 |
| SHA512 | d376ce408246aee4d1c79dab057149448e29a43aa4b3854d05129b3d1e29a2c6c1fa536f3919e3a8a8b40fd19713bad9585e87168db532a58fc847a9d0e089cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8f633f4cfbc5c9d7379229e2fe48d06d |
| SHA1 | 135b7719f65b557ff9f0f859093c28b7fda0c807 |
| SHA256 | 04d6dd023f4381c0e42e17a04f6feceac5bc432ad9f17fd78aaa17abd1b49967 |
| SHA512 | 1296d595bcda11809c40a0322447b8c0a111ac8638a41d26a52471e1578596d2cf50442a57d796f1c62fa12a87356e6a9c449000c564c5f2d89879a86f90ff82 |
memory/3684-577-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\logo.png
| MD5 | 9cc8a637a7de5c9c101a3047c7fbbb33 |
| SHA1 | 5e7b92e7ed3ca15d31a48ebe0297539368fff15c |
| SHA256 | 8c5c80bbc6b0fdb367eab1253517d8b156c85545a2d37d1ee4b78f3041d9b5db |
| SHA512 | cf60556817dba2d7a39b72018f619b0dbea36fb227526943046b67d1ae501a96c838d6d5e3da64618592ac1e2fa14d4440baa91618aa66256f99ea2100a427b4 |
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\RAV_Cross.png
| MD5 | cd09f361286d1ad2622ba8a57b7613bd |
| SHA1 | 4cd3e5d4063b3517a950b9d030841f51f3c5f1b1 |
| SHA256 | b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8 |
| SHA512 | f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff |
memory/3684-582-0x0000000004410000-0x0000000004550000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\WebAdvisor.png
| MD5 | 4cfff8dc30d353cd3d215fd3a5dbac24 |
| SHA1 | 0f4f73f0dddc75f3506e026ef53c45c6fafbc87e |
| SHA256 | 0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856 |
| SHA512 | 9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139 |
memory/3684-586-0x0000000004410000-0x0000000004550000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\AVG_BRW.png
| MD5 | 0b4fa89d69051df475b75ca654752ef6 |
| SHA1 | 81bf857a2af9e3c3e4632cbb88cd71e40a831a73 |
| SHA256 | 60a9085cea2e072d4b65748cc71f616d3137c1f0b7eed4f77e1b6c9e3aa78b7e |
| SHA512 | 8106a4974f3453a1e894fec8939038a9692fd87096f716e5aa5895aa14ee1c187a9a9760c0d4aec7c1e0cc7614b4a2dbf9b6c297cc0f7a38ba47837bede3b296 |
memory/3684-590-0x0000000004410000-0x0000000004550000-memory.dmp
memory/3684-592-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod0.exe
| MD5 | 69a5173c9fc221145dcdddb9bb564c42 |
| SHA1 | 7c42cfeeb556f2e4484091c01267157827105fb8 |
| SHA256 | 049b7e30d91b5552279103252063df6e206da791ba5bd6e7a6c7fd7bd7d73853 |
| SHA512 | 92f774b4831679b5c9975d13530540ccb6e499fd5823641e5e78c970d0438f1900cb8afc6344262d8d6d0bfc4bc2f434eafe568c94ef8f3b567d93519d29b954 |
memory/4916-611-0x000001F372F40000-0x000001F372F48000-memory.dmp
memory/4916-612-0x000001F3759C0000-0x000001F375EE8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1.zip
| MD5 | f68008b70822bd28c82d13a289deb418 |
| SHA1 | 06abbe109ba6dfd4153d76cd65bfffae129c41d8 |
| SHA256 | cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589 |
| SHA512 | fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253 |
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\saBSI.exe
| MD5 | 143255618462a577de27286a272584e1 |
| SHA1 | efc032a6822bc57bcd0c9662a6a062be45f11acb |
| SHA256 | f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4 |
| SHA512 | c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9 |
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\CheatEngine75.exe
| MD5 | e0f666fe4ff537fb8587ccd215e41e5f |
| SHA1 | d283f9b56c1e36b70a74772f7ca927708d1be76f |
| SHA256 | f88b0e5a32a395ab9996452d461820679e55c19952effe991dee8fedea1968af |
| SHA512 | 7f6cabd79ca7cdacc20be8f3324ba1fdaaff57cb9933693253e595bfc5af2cb7510aa00522a466666993da26ddc7df4096850a310d7cff44b2807de4e1179d1a |
memory/1204-649-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fsukrvlz.exe
| MD5 | 8e1d5a5d9795992f7ac33fa688aee6a5 |
| SHA1 | 1830df281bdc1c20dfe85d84347abfa3df9a3794 |
| SHA256 | e6198e199ed3f41560eea8b27f2259bd6cc6dc362ab15e2394a68139524e48e3 |
| SHA512 | 9a9a923da358dcd67087a1b85ca1ab584be5a66971cb72bf575f6718461dbb1f704be4d3d7fe08111cc9523130fc441e67307ba37420d440dc9826d2853df1bc |
C:\Users\Admin\AppData\Local\Temp\is-I8036.tmp\CheatEngine75.tmp
| MD5 | 9aa2acd4c96f8ba03bb6c3ea806d806f |
| SHA1 | 9752f38cc51314bfd6d9acb9fb773e90f8ea0e15 |
| SHA256 | 1b81562fdaeaa1bc22cbaa15c92bab90a12080519916cfa30c843796021153bb |
| SHA512 | b0a00082c1e37efbfc2058887db60dabf6e9606713045f53db450f16ebae0296abfd73a025ffa6a8f2dcb730c69dd407f7889037182ce46c68367f54f4b1dc8d |
C:\Users\Admin\AppData\Local\Temp\is-SOKV5.tmp\_isetup\_setup64.tmp
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| SHA512 | 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e |
C:\Users\Admin\AppData\Local\Temp\7zS054904E8\UnifiedStub-installer.exe
| MD5 | 493d5868e37861c6492f3ac509bed205 |
| SHA1 | 1050a57cf1d2a375e78cc8da517439b57a408f09 |
| SHA256 | dc5bc92e51f06e9c66e3933d98dc8f8d217bc74b71f93d900e4d42b1fb5cc64f |
| SHA512 | e7e37075a1c389e0cad24ce2c899e89c4970e52b3f465d372a7bc171587ed1ee7d4f0a6ba44ab40b18fdf0689f4e29dfdbccbabb07e0f004ef2f894cb20d995d |
memory/5584-792-0x000001BC075F0000-0x000001BC07636000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS054904E8\rsStubLib.dll
| MD5 | 3bcbeaab001f5d111d1db20039238753 |
| SHA1 | 4a9c0048bbbf04aa9fe3dfb9ce3b959da5d960f8 |
| SHA256 | 897131dd2f9d1e08d66ae407fe25618c8affb99b6da54378521bf4403421b01a |
| SHA512 | de6cde3ad47e6f3982e089700f6184e147a61926f33ead4e2ff5b00926cfc55eb28be6f63eea53f7d15f555fd820453dd3211f0ba766cb3e939c14bb5e0cfc4c |
memory/5584-790-0x000001BC07070000-0x000001BC0717C000-memory.dmp
C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
| MD5 | 9a4d1b5154194ea0c42efebeb73f318f |
| SHA1 | 220f8af8b91d3c7b64140cbb5d9337d7ed277edb |
| SHA256 | 2f3214f799b0f0a2f3955dbdc64c7e7c0e216f1a09d2c1ad5d0a99921782e363 |
| SHA512 | 6eef3254fc24079751fc8c38dda9a8e44840e5a4df1ff5adf076e4be87127075a7fea59ba7ef9b901aaf10eb64f881fc8fb306c2625140169665dd3991e5c25b |
C:\Program Files\Cheat Engine 7.5\is-PT1EK.tmp
| MD5 | 5be6a65f186cf219fa25bdd261616300 |
| SHA1 | b5d5ae2477653abd03b56d1c536c9a2a5c5f7487 |
| SHA256 | 274e91a91a7a520f76c8e854dc42f96484af2d69277312d861071bde5a91991c |
| SHA512 | 69634d85f66127999ea4914a93b3b7c90bc8c8fab1b458cfa6f21ab0216d1dacc50976354f7f010bb31c5873cc2d2c30b4a715397fb0e9e01a5233c2521e7716 |
C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
| MD5 | f921416197c2ae407d53ba5712c3930a |
| SHA1 | 6a7daa7372e93c48758b9752c8a5a673b525632b |
| SHA256 | e31b233ddf070798cc0381cc6285f6f79ea0c17b99737f7547618dcfd36cdc0e |
| SHA512 | 0139efb76c2107d0497be9910836d7c19329e4399aa8d46bbe17ae63d56ab73004c51b650ce38d79681c22c2d1b77078a7d7185431882baf3e7bef473ac95dce |
memory/5584-794-0x000001BC08F20000-0x000001BC08F50000-memory.dmp
memory/5584-800-0x000001BC218C0000-0x000001BC21972000-memory.dmp
memory/5584-801-0x000001BC08F80000-0x000001BC08FA2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS054904E8\Newtonsoft.Json.dll
| MD5 | 4f0f111120d0d8d4431974f70a1fdfe1 |
| SHA1 | b81833ac06afc6b76fb73c0857882f5f6d2a4326 |
| SHA256 | d043e6cde1f4d8396978cee2d41658b307be0ca4698c92333814505aa0ccab9a |
| SHA512 | e123d2f9f707eb31741ef8615235e714a20c6d754a13a97d0414c46961c3676025633eb1f65881b2d6d808ec06a70459c860411d6dd300231847b01ed0ce9750 |
C:\Users\Admin\AppData\Local\Temp\7zS054904E8\rsLogger.dll
| MD5 | 1cfc3fc56fe40842094c7506b165573a |
| SHA1 | 023b3b389fdfa7a9557623b2742f0f40e4784a5c |
| SHA256 | 187da6a5ab64c9b814ab8e1775554688ad3842c3f52f5f318291b9a37d846aa2 |
| SHA512 | 6bd1ceaf12950d047a87fd2d9c1884c7ac6e45bd94f11be8df8144ddd3f71db096469d1c775cf1cb8bc7926f922e5a6676b759707053e2332aa66f86c951fbc0 |
memory/5584-805-0x000001BC08FB0000-0x000001BC08FDE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS054904E8\rsAtom.dll
| MD5 | dc15f01282dc0c87b1525f8792eaf34e |
| SHA1 | ad4fdf68a8cffedde6e81954473dcd4293553a94 |
| SHA256 | cc036bcf74911fe5afb8e9fcc0d52b3f08b4961bcda4e50851eda4159b1c9998 |
| SHA512 | 54ee7b7a638d0defcff3a80f0c87705647b722d3d177bc11e80bfe6062a41f138ef99fc8e4c42337b61c0407469ef684b704f710b8ead92b83a14f609f0bc078 |
memory/5584-812-0x000001BC21C30000-0x000001BC21C88000-memory.dmp
C:\Program Files\ReasonLabs\EPP\Uninstall.exe
| MD5 | 79638251b5204aa3929b8d379fa296bb |
| SHA1 | 9348e842ba18570d919f62fe0ed595ee7df3a975 |
| SHA256 | 5bedfd5630ddcd6ab6cc6b2a4904224a3cb4f4d4ff0a59985e34eea5cd8cf79d |
| SHA512 | ab234d5815b48555ddebc772fae5fa78a64a50053bdf08cc3db21c5f7d0e3154e0726dacfc3ea793a28765aea50c7a73011f880363cbc8d39a1c62e5ed20c5a9 |
C:\Users\Admin\AppData\Local\Temp\7zS054904E8\Microsoft.Win32.TaskScheduler.dll
| MD5 | e6a31390a180646d510dbba52c5023e6 |
| SHA1 | 2ac7bac9afda5de2194ca71ee4850c81d1dabeca |
| SHA256 | cccc64ba9bbe3897c32f586b898f60ad0495b03a16ee3246478ee35e7f1063ec |
| SHA512 | 9fd39169769b70a6befc6056d34740629fcf680c9ba2b7d52090735703d9599455c033394f233178ba352199015a384989acf1a48e6a5b765b4b33c5f2971d42 |
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
| MD5 | f2738d0a3df39a5590c243025d9ecbda |
| SHA1 | 2c466f5307909fcb3e62106d99824898c33c7089 |
| SHA256 | 6d61ac8384128e2cf3dcd451a33abafab4a77ed1dd3b5a313a8a3aaec2b86d21 |
| SHA512 | 4b5ed5d80d224f9af1599e78b30c943827c947c3dc7ee18d07fe29b22c4e4ecdc87066392a03023a684c4f03adc8951bb5b6fb47de02fb7db380f13e48a7d872 |
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\prod1_extract\installer.exe
| MD5 | 46c50dc50d9be92829b9d6fd4678c11d |
| SHA1 | 3c0b0493b9e6269a1a00c48720c7fd97c04ddd4f |
| SHA256 | d9c15d4a7e2b1a320154a5c61af012242e3408a5c5519cbb4e93a7843692cf50 |
| SHA512 | 340fdbc7618e86ef4178142aa9012ab9317869b85ac148fcd31c0c2fff007114eaccbf60ee829be99890d36b7d5e1a78c4617e40a538735a8b01002d4d5e41e9 |
memory/3684-841-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll
| MD5 | 6e00495955d4efaac2e1602eb47033ee |
| SHA1 | 95c2998d35adcf2814ec7c056bfbe0a0eb6a100c |
| SHA256 | 5e24a5fe17ec001cab7118328a4bff0f2577bd057206c6c886c3b7fb98e0d6d9 |
| SHA512 | 2004d1def322b6dd7b129fe4fa7bbe5d42ab280b2e9e81de806f54313a7ed7231f71b62b6138ac767288fee796092f3397e5390e858e06e55a69b0d00f18b866 |
memory/1396-1396-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1395-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1397-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1394-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1415-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1525-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1528-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png
| MD5 | 5cff22e5655d267b559261c37a423871 |
| SHA1 | b60ae22dfd7843dd1522663a3f46b3e505744b0f |
| SHA256 | a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9 |
| SHA512 | e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50 |
memory/1396-1565-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1566-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1583-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1584-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1589-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1596-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1595-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1602-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1204-1603-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/4052-1601-0x0000000000400000-0x000000000071B000-memory.dmp
memory/1396-1610-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1609-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1608-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1607-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1606-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1605-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1604-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1680-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp
memory/1396-1693-0x00007FF71ABF0000-0x00007FF71AC00000-memory.dmp
memory/1396-1720-0x00007FF71ABF0000-0x00007FF71AC00000-memory.dmp
memory/1396-1719-0x00007FF71ABF0000-0x00007FF71AC00000-memory.dmp
memory/1396-1716-0x00007FF71ABF0000-0x00007FF71AC00000-memory.dmp
memory/1396-1714-0x00007FF71ABF0000-0x00007FF71AC00000-memory.dmp
memory/1396-1688-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp
memory/1396-1686-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp
memory/1396-1684-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp
memory/1396-1682-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp
memory/1396-1670-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp
memory/1396-1668-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp
memory/1396-1666-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp
memory/1396-1662-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp
memory/1396-1658-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp
memory/1396-1638-0x00007FF782DD0000-0x00007FF782DE0000-memory.dmp
memory/1396-1632-0x00007FF7775D0000-0x00007FF7775E0000-memory.dmp
memory/1396-1629-0x00007FF732C70000-0x00007FF732C80000-memory.dmp
memory/1396-1624-0x00007FF7214D0000-0x00007FF7214E0000-memory.dmp
memory/1396-1616-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1615-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1613-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1611-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1617-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1614-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
memory/1396-1612-0x00007FF7579D0000-0x00007FF7579E0000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 5d6784c045eca499d6cffeb2c7e6630d |
| SHA1 | b6159a3469073d1353202ff42729dacdf5510783 |
| SHA256 | 4d6759b2b170583a454cb7e8c348a648d44ed3353b3bde547801012abf8cae7d |
| SHA512 | addbadb34fdde4cef81891b1cd91c7a1cd290cf9ca29fb2f4e9d7f4874e2708b1689a9e82b8b7464fe78ce152b4c78a4143c49b8773f6e3142583ee8675fd236 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | c6b01c0fd4699b7623116d08ce06d6c9 |
| SHA1 | 455bb00e3359f3ee70bd9892b7f88e9aef61c44c |
| SHA256 | 278f8c38931d6c213b7b5031347cd91bbe9cf9bd62cbaddbc878b2d27cd8f1b9 |
| SHA512 | f4e973fb5c78654b49a787129f5488ce1ffd7e40d9d9e18aacaa843fae98841308fe63179a17c8f1cd9c7bbd44581218f23fbb984527e73a8af7184f0267b283 |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | b368cc8307f3376863cdb454c14d1092 |
| SHA1 | e820f9166e175ba62a1b893bca77f311811dadea |
| SHA256 | 5eb69bcc2df89c87a55248df89c03167b95f2756f39c3db56a7f74245c9146fd |
| SHA512 | 78f341fb8ceb3c1868b9eb3cbeefb0c634dc755f32367080177843df7e1b24add3cd2a088d99245a9726de1c0e635b6e4ba45ab6696bf5e7d43c353c28f7efc6 |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | bd38ea5ccd891a08af20f1a1305deebb |
| SHA1 | 6237639c4b35f85fa7fda83babbf6530153a83ed |
| SHA256 | 3e902920a51e303c9e269366643542154b1d90d7b408f86251701a5b90304533 |
| SHA512 | fecc9c8984828918fcd6a6431d7695a8dfad854ba32cb49a546537cf96fb5b67912b870fae343c0487a9e7016806717d0be3cb40bd92db34c3e17e0bd98eb42a |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | dea3449e3c81adc00c00ae8272dd433d |
| SHA1 | ff6c2665a235715dfdeb06fcff24046e7888fbf2 |
| SHA256 | 26abc858426a03814250044cf46f97bd3fadfadbd01a6310b13b6f2e3bb4a025 |
| SHA512 | 5211ced69b7cfb0010307d3225780307fa29a8be8f8657391d38107428f9ae1eeb98c0e07991fe45b4ab4310f05ffc4eac9ca5644c2cfdc8c16acc5afb111ef9 |
C:\Users\Admin\AppData\Local\Temp\is-TDV6M.tmp\finish.png
| MD5 | b24e872bd8f92295273197602aac8352 |
| SHA1 | 2a9b0ebe62e21e9993aa5bfaaade14d2dda3b291 |
| SHA256 | 41031efc4f7e322dc5ffacc94b9296fb28b9b922b1ce3b3da13bf659a5fd2985 |
| SHA512 | f08ac681abc4e0f6d7a1d1f2303169004e67c880f9353c0ed11dfab3eb511ddf841fa056f4090da8201c822c66ae55419c48cd87f11b9866feb46a3fe2c2af99 |
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
| MD5 | 0e0649fdb5e165ff2916476e5c612434 |
| SHA1 | eaccd3e538a15ebea97f0b85bda0da3cda78134f |
| SHA256 | 130a5f3338de1b1698692ff1b7eceaf32cddb8fbb3167490aed1976a0cd00da9 |
| SHA512 | 2ce8202eae6f311d6bb96f888e774fbba1287da12da89c81fe2232de8f78b516efdce89c94d4c7c505f9ba2fe6d870e0b4e893d72dcf646c1d2f7cb6f9cb6dfa |
C:\Program Files\ReasonLabs\EPP\mc.dll
| MD5 | e3facfc07a9f81cf70f27f11d23cbdab |
| SHA1 | 55d810be7107d1ef29e8379ad30ba71f4e4fbbf2 |
| SHA256 | 23accd7a0b75bb93238933d112dfa5b14bd989c773baed0ebacbdc0a9e439880 |
| SHA512 | 26dbc8b35c33b4b6e3621dbea2afabbb10dd9b0eb581bc36c36c22130fb93846cca4540de060e85663de1d2a2522e8cb59f40a66608b6e43912a83640e78ef2d |
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
| MD5 | 6acadb26f4417f07421ccc426a6bff7a |
| SHA1 | ab5a7385bfec5e68ef2973af88c63c8dccb3e3b4 |
| SHA256 | aefd24908b4ed4296d9223edd6d10c3493ec0dd0bdc547c2b185013951f07df5 |
| SHA512 | b52a4e74f6c3c03a814ca43aa76ff42f73498ea2dca81ce18e2e389e666eb22ea76226cf9b421fdb6e35349dab2e77e66216d33d9eb558582789aee10244b11d |
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
| MD5 | ac1e94a075241967e440f1d84254666c |
| SHA1 | 20558c191c29e27610de4251731dc46023621ecd |
| SHA256 | 29fc893dea171964426e3e38d093c063134b8d789b16d3a7917f574afa4a1e63 |
| SHA512 | b500c30afb9ea7d640bb99b50410d037082ac882bd97ca7c165bea1bc1ef0fee5fe4b1ffccc612e979ceb89ca797dae80d534be19928b48e33612d87290343f7 |
memory/5584-3796-0x000001BC21DE0000-0x000001BC21E30000-memory.dmp
memory/5584-3831-0x000001BC21BD0000-0x000001BC21C26000-memory.dmp
memory/5584-5457-0x000001BC223C0000-0x000001BC223FA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS054904E8\46b9a630-c760-44b7-8dcd-c2514d98026e\UnifiedStub-installer.exe\assembly\tmp\QX7IXUA1\rsJSON.DLL
| MD5 | 771b9423950ae27111db7af2655bdb79 |
| SHA1 | d08c5ad3bed49e90050da4128844ed06ef2a1c2d |
| SHA256 | b08d3d0156d2dbf9e4b631beb3ae436ce4876e851586f7908066ac034acd4809 |
| SHA512 | 87dd0a37688577d9b19ad1df3e5518e4e299f31974837226f9ff68ad33f383b37460e82fc29f02cdeac2b530cf9f0d627f430b4f74a728d843ac338e36a50c9c |
C:\Users\Admin\AppData\Local\Temp\7zS054904E8\46b9a630-c760-44b7-8dcd-c2514d98026e\UnifiedStub-installer.exe\assembly\dl3\440d195b\a64ab7c0_8617db01\rsLogger.DLL
| MD5 | d03339e6db680fdb24d0d3e3eb29dbf0 |
| SHA1 | 2cebaff56c106d2c773d68c5d5c837341d49e4d9 |
| SHA256 | 8e21ac4959d70477812f256d608e70de05b6e5d23f327e4d5565a5fc124cca86 |
| SHA512 | f3161c14d98729004abf9c2351e8684fda0272cbd2d0d5c157bc27a78ddfc62d517dc20cba9d8007915508e3da50ebede0392274d1f0b3bc499cd77c23b6bdb2 |
memory/5584-5468-0x000001BC223C0000-0x000001BC223F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS054904E8\46b9a630-c760-44b7-8dcd-c2514d98026e\UnifiedStub-installer.exe\assembly\tmp\ML8GX8IK\rsAtom.DLL
| MD5 | 3e3fb87e2695d5127722bfa80a5df42d |
| SHA1 | e1c20f3d6b1c7a75c076a9d53500ac38a6f2db14 |
| SHA256 | 4d22dfc2b75b436e674c324ac43c2b5f0abb5d609cb7e3e9079290d2a7ba5698 |
| SHA512 | 64abb4514f26ee148434813403c590063aad8476a64278993c37a50a4cd315e4e7231b4bdbfcfce9de720e90c8a82934def8cf3c5a7d63ebfa30a710f1886ced |
memory/5584-5480-0x000001BC223B0000-0x000001BC223DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS054904E8\46b9a630-c760-44b7-8dcd-c2514d98026e\UnifiedStub-installer.exe\assembly\dl3\3e7e4cd4\a64ab7c0_8617db01\rsServiceController.DLL
| MD5 | 02ff517bf81ecfd5363b5f8df13c4fdd |
| SHA1 | 85dc5ffd23c55f0120ddb2c784937e6cb6ad9bba |
| SHA256 | dccca51255284c09675dec517fc1c1ef175415c5e8d9d5695f7644a48d1b7078 |
| SHA512 | 4d7be2c73e655bad920387c13f347d499d875ee1482c7e335bc080e4e28894867e904dd7463de4c5d22d5a912605b3d6b022b3f56e427682a622d5cf73ad8055 |
memory/5584-5493-0x000001BC22510000-0x000001BC22540000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngine.config
| MD5 | 737aa4841b3f633906c9be89005c022f |
| SHA1 | 50cc14e87cbb7d94c842aa7195f0796125264045 |
| SHA256 | 45b5a91bbf0ac67960e182ae413b1116e88f14f7004c5dfeadeb383ed0cf399f |
| SHA512 | a020204f96acf9954e60903ba474691607cc5262a0306c62b37c18de829999af447e41c76966b8cc518f0f1805c495122b6a38dc577e54e001912c9f12ace9cf |
C:\Program Files\ReasonLabs\EPP\x64\elam\rsElam.sys
| MD5 | 8129c96d6ebdaebbe771ee034555bf8f |
| SHA1 | 9b41fb541a273086d3eef0ba4149f88022efbaff |
| SHA256 | 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51 |
| SHA512 | ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18 |
memory/1124-5519-0x000001988A6C0000-0x000001988A6EE000-memory.dmp
memory/1124-5520-0x000001988A6C0000-0x000001988A6EE000-memory.dmp
memory/1124-5533-0x000001988C320000-0x000001988C332000-memory.dmp
memory/1124-5534-0x00000198A4B90000-0x00000198A4BCC000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 43fbbd79c6a85b1dfb782c199ff1f0e7 |
| SHA1 | cad46a3de56cd064e32b79c07ced5abec6bc1543 |
| SHA256 | 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0 |
| SHA512 | 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea |
memory/2600-5554-0x0000013CDC580000-0x0000013CDC8E6000-memory.dmp
memory/2600-5555-0x0000013CDC8F0000-0x0000013CDCA6C000-memory.dmp
memory/2600-5556-0x0000013CC3950000-0x0000013CC396A000-memory.dmp
memory/2600-5557-0x0000013CC39A0000-0x0000013CC39C2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{D1C620AD-3B08-4C3A-A1FC-51EA897E7B3A}\MEMORY.TMP
| MD5 | 6dbff9c355336a49a1ad44c4d95faf2f |
| SHA1 | 6ab45b43c1831bbbbfe8d7ffe7cf828b9407420a |
| SHA256 | 56558c233a73517adbf027bb6106e75179bb890be2627ec58cb49e7e8d11654c |
| SHA512 | 5be8091106c5274d5aeee33c81f395ef267eb996b62fb00cf4a885dbb101435fc11765e91b5bf30e2d2043572b227de7fa132df306b0818cde8f69318850d1bb |
C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{D1C620AD-3B08-4C3A-A1FC-51EA897E7B3A}\ADDRESSES.TMP
| MD5 | 7f3460d0ecc2be50cac3fe5c2f0d22f0 |
| SHA1 | 02246b8e8cae166741727db8ca8ffd2561556377 |
| SHA256 | 3ba62148cd12d51c03fb921119bab3bb4956f8b81a8c531a8c098b2e4ae9a44e |
| SHA512 | 543c399e54f6b63973f64c225917447e81256e98c03dca1725062655bb957387fed5b0bb5e16c9bba02d3cf079640064e947787e990a69d8df334ec366174d8c |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | af0116d0aab03aaf85685ef6830c835e |
| SHA1 | d314d172efbfafd31ad5798ef842f74f22f1fcbf |
| SHA256 | d1172396f04ec812bd0b72c0d56cae8d2b6de14313a75c99a08062963135edf8 |
| SHA512 | 441ba4e8130a6cdf7414962af314d791c56cf3db1070da1fb12124911c87bc2fc1fb6d670a2973df9097ac1e1dd8682bda955ff99089213f092ce74e163a27a7 |
C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{9BF5E6C6-5A4E-4C83-ABC0-8165441CBB07}\ADDRESSES.TMP
| MD5 | 962a0fd002bb785cb08d79b02fb4b68a |
| SHA1 | b299c4f98d928a3112e78339c79a512e019cc9bb |
| SHA256 | 58dfffeaa8d299ad49cb513a6f3e6be0b0801b0b96265149f278d42fc4e1b061 |
| SHA512 | 544c413691251b16a497f2f12dfcc44f02c44485fd2b2da5cdc66898b49783559b347299d5c0ead50e0f428a182ee77bc3fb99381bc14d452a32d772e5c5d8dc |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 22676cd66012c55b421de565a86f41cb |
| SHA1 | 6049d10db196641a10b0272d6be1708b42950f7d |
| SHA256 | 0efa032f62d733c73a189a169be439f3f21bbdc0251e9efd9b38284c23353b09 |
| SHA512 | 677c7d3541822af5384a5bac1fac4d8f02d1adc4a8a012cc2f36ae2c36677da1763ad7c9c72d855ee5c7ce47f9f296d5bd7fadfcd19b34157de59576761e5ef0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 35d6fd135bf292abd626dde5c02929bf |
| SHA1 | 1a85e6ddf3bdd53c84c281e8a6f7cc06f4b3a67c |
| SHA256 | abbaa52ecb8ed6d884aa05311b43a62a23f6af84b37af11970b2086ab7743d59 |
| SHA512 | 1b3c4b59e5e9a045090e950544ba0de0b0688e5e787ef54bbf68e684bb6e64c45402fb28037fafab5891c0811f9c5636d9edf68b4b42da590c27b2f55c5c4914 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9960eeab5d33b8deee0782bef8bcba01 |
| SHA1 | 594256aa0002633a9ddb72cc6c39ee758bf7bf8c |
| SHA256 | 99cad4bb297f0890508d92b61c08b986968b66bdc812800b5c8ebcf7b27fb261 |
| SHA512 | a806070e34c80ccfa8ed33eb3dfdf5bb77843f0e22d0b0dc1847bc960deeea9fa69610e0bcc1d75fe2337fcd98f83cdad4781dfc2b128615bc3e3d17f1acf42b |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | c9944c811ce1ca5cdd204d5cbd39c44a |
| SHA1 | 220285a408f7ce0975f1dfb34a3af24b981065c5 |
| SHA256 | 233027306e011febc21b8a6d60b8152df717e7dfcc91e33c4a4ae13587912447 |
| SHA512 | 7eb5cdb7ace4f8fb43e957f4e97145d1d0d3c2546c2d97a3457eebaea746c7da021417cf336688c77b8da71e495266cd51097a78faed62a4604f43cab7c2707b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fbdf4603542090187411facf8f85c776 |
| SHA1 | 2583b9ef1a52ccf34f0ed9a9a6f521f8fe9b838c |
| SHA256 | 80229816d6e83110503fd46eefd8bd85506189155277eba967917ce1801e9a06 |
| SHA512 | 9eccbdc9aaae97a9653ede54c981b8d08a57a188ea206731f41c26d1c6c8a58706a637f0f1af1e2163fe517ea15cc3d55489b2f20978e82ae44bd0f12e618129 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 99559cd2dc88b0062712073dcf8e5862 |
| SHA1 | 6f0df2684462d23b2cfc17dac368d68699e649e5 |
| SHA256 | b297ed61b2de20ddd4005d8566ea9fa6d332d7f7514c6a85b0fc7578be321cba |
| SHA512 | e42d46c20836d0799ab2633830ae251b65c805bcbdcbb6e11f272b95f1a3754de92da446b97580f90269a95b33817d98d19af21a1930f939c5c6e782239ab1a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 51a0c4bdadd321b08a61ba7e4e08decb |
| SHA1 | 19883c937c42c5284bbdbdb832185260a6ba52e6 |
| SHA256 | 2477a12e031ee07246d532f45f615419b0fbc07c2218dba782c0f867d2895348 |
| SHA512 | 2d469e7f892c946fdab4b2be8966caf16f04bd8abf428e1506f9ca747fd87c6736245d79437cf9da8cf1dafb6c8aa9e0484e539d97eb21cc76603c7aa3cbd6f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045
| MD5 | a5cc79fbd666432c461daec09604f082 |
| SHA1 | 9a3df93d85aca657c5c8b60f9b4063128319647e |
| SHA256 | 9a7f91177674363a59d898f41192d993f0dab2ce2c93a180b6d1042ea4b9e279 |
| SHA512 | f93ebbb16738cae18477a0bd833098abee3a77880b8623ae2a462ee8e209487045121700e013dd0da1c7c3f5c9f24a56f02a5cba837df4ac1f33c9f6e3522c62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e9ab20b4ec0d85e81183836a1290017b |
| SHA1 | 95897ac8c29afd21a09ba73daccc3bfc0b9841f2 |
| SHA256 | a4a8d0af8b0b5d0a51624d9a605eeda57a008914b21a0c51f0969abc12eaaceb |
| SHA512 | faa82e300928caf8e1cc96c42433ab8fb724f7865d86aabf7f7ce2d926882273b29eb8e97a638cc82f0cace7919b919f82b56d0db6f3c7e175e45af5fe83771b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 37720822678beff49d1afad555447015 |
| SHA1 | 3f85c75e78b1542ff049b54de67fd0a78307d328 |
| SHA256 | 085fbf944d55e6590a48e7d132aab99d7aaa2b22fff38160873116e4ea182bdf |
| SHA512 | 48c6e4421421f50b6283c4b782ab09c40d6d85b8e10fe46bb5058cdfb53138ab780bea87dcc8459e07883a808263ff052ed40dc5b1cc9444159780658467df38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042
| MD5 | 74d08f3e49a4210f66236f4e84564a65 |
| SHA1 | fc5232cdcc3689d1f26ddf1fd9a0d567b8cd4bea |
| SHA256 | f224b59ba25e458e2dfabb559d1e338019bb0f82139768561b03e42d7ebce7e9 |
| SHA512 | ac233a8d6a6b0a2894c89b33b7c159acb1084a06d1c8956a337e1c235c74f635b42cf95bbe723b2359b3b8fb09980dbe17f11e46f777749883af78cf5885f175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
| MD5 | 8eff0b8045fd1959e117f85654ae7770 |
| SHA1 | 227fee13ceb7c410b5c0bb8000258b6643cb6255 |
| SHA256 | 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 |
| SHA512 | 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a7a3c313c28583bc769d667bdf560a5e |
| SHA1 | a542f72c1abc35e1b0853b02cf74c6d348d91e76 |
| SHA256 | 962cecb4bd779c43b72187be22fcbed5e72a3141b1ec6395680c2ba7d5455e39 |
| SHA512 | e7f4ed47ad2eecb0567a9b584a8f213088985a9c4994049199d9439ff1c5762a338aff2dabbe2c8369553dc16d3aca22ad38c0125a496b1b7d3c2b3f79225329 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f4f2ca713b5783c5e67bd75f6d30268 |
| SHA1 | 89111d3d73e5ae3b431ff471a0caec289439a69f |
| SHA256 | 9ff3f588831f57a2c8b005d95459d839436e02b6265bb5ba021c67ef34afa408 |
| SHA512 | d3ea703c4c69badc2100724216010633775c2f42d401bdab03500a599c8b39a7bb0776b8193820d48ba545f91bf67a7746d5232ad248b0cadab65176db57d34b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 177c96ea1e9a1d36fce8309a9eda681e |
| SHA1 | 0d61a368d24365ac6c79ff7e45e276f48c2d312f |
| SHA256 | 6073a6bbdc0affe0a0a4b483b52237ff14f4b66d2221a805aae098c90b153f8b |
| SHA512 | 63986c5d777137aa186dc86201ed806f71c807934b22425e5685df0552128d16dae796cc66db4cf8ef51f9efb46bb533e818b1aded1205a6a5520a2568a56e2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 67e30bbc30fa4e58ef6c33781b4e835c |
| SHA1 | 18125beb2b3f1a747f39ed999ff0edd5a52980ee |
| SHA256 | 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba |
| SHA512 | 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 05f9404d8763e35ec2b3716730cc921f |
| SHA1 | c072b6029d6e442cad08967dd40d464170585f5c |
| SHA256 | ede9ac3d32037e0c7809d668053c1edaa6759ab28c528c934d4a1ab02aff43fd |
| SHA512 | d804dadea4f0ee34a69a4cb5772048a8925eab2bc9aa60a10fc4cd91d999f179d7ef3c5745c2f8225565e7e4ec9a9b4bca50af1ba9645a3303128a19dca9e703 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 6a424d6cf7561629977ab52326a1c819 |
| SHA1 | 6f934c83b285893d61b1be131ef36a0637b7c4f9 |
| SHA256 | 9e5a2852a7abc48408728d072d5d15850acc1d11bebffc04290ad8e5d1b8df0c |
| SHA512 | 2f78a9777fe94e07041936580a1e931b7941f60cce529d8f8701d6cd211d21ebd428022a98efd6cf6ae53b4d733576f553459e2acba9dc398b15a0f8304e9238 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | 180cfeebd86e60f03127ee292442b9e8 |
| SHA1 | aa48ca6d9770e408d2e9620b8b40d32e81f0c1f4 |
| SHA256 | 5f2f926387bbf0c0a69a802d9f22fdab85acd71da4e0a1f814ce0006156caa49 |
| SHA512 | e300ab2e490440906dcd03896ad26d9f8941ed67a559cf20053a2656285e050db37fd30e5e2cf41e7f7f59dff79239fea4caa12daaee61343b5a3efc327609aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 68fb9067790544131431fc833fd1b674 |
| SHA1 | 00058572acfc343bc79fea35cc4271a01a84ff8d |
| SHA256 | 817770c138d63bbd7d275a71ecc9a70d485dabc55be2ec0e2f4c75ec1f728cdf |
| SHA512 | 0fceca53b5421ad2fd03f0583481c008c03bcefb04f79bdbcad8b7e3d77c0d75212c9dfb47abe509dcb80fa6e87e73fa238440eda484f59c9bbbcfbeaeaf4393 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 73f72b717d3dc915dcf50ee7e009528e |
| SHA1 | 7c4171794937f400f0f41d79f47074260bab8f5d |
| SHA256 | 6a78e01f12b16bd99991948a502fa4cec1ed9c96800dacf355e30d50166391ce |
| SHA512 | 5d5101ce5ea55b213ea99830883ff52dc1108fe8ec65ec542c8c504d489b546248750645be67a3cb352a807b4d9be27e86c2925f8964d4e7d364431741092b87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 7651b1187bb58ac4c7be625337b35e5b |
| SHA1 | 307d969ef4137a66fe2793737dc1c546587c7f43 |
| SHA256 | 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968 |
| SHA512 | a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 6098c1ca9372b4b5535f5f2aeb9f8eed |
| SHA1 | 70aeb0d28b2ba3dbb72e4fed9db5bc29054bb9e4 |
| SHA256 | bd4261cf922cb1b852eae52bab810252f25bd5ff8b8d8c9f36f7a00061c64f89 |
| SHA512 | b9868badbec8772edc228f9d6bed1fbb94c95f040007b6e4eea53f81bc8b460b73177eddc638eb7e2524695bb457ad946266b3d3d74558091a4ccb0c23513677 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 61686c493bd8b68c757df17f31ad975a |
| SHA1 | 249a2df6c3b6ee7f0df2a5b745580a35890dec19 |
| SHA256 | f1f0f8669d5320661d91b11c60f5e5714cbc1860942a3c6cec7d99c97cf99c32 |
| SHA512 | de71ece068ed211614ef1555a2f5ddbc435bc4cf0b4b72fb48ba8c2a247e0c98b5d105a79e0c715b01abea81bf4b281f4c7f6801dedfb6bfc5112ed3b6da95e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
| MD5 | d9f7c90a8b039d74d3d7b4b2a24168ce |
| SHA1 | aa1fab3984c5bbc8517d2f5bae07518fc7e15d7d |
| SHA256 | abfbeee65626fdee6468f3f36cfae230799991d265322b6bcd4b4929e2cc3ba9 |
| SHA512 | 0f8077faf834c46d262f6f48ac9fc971d0bcd11cecb2f4e46ab68c1b59c8c6ae18b397a82a04a1ce858d63e055a40cbc4ef6e1bc4bd424a1a17f63867796003a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | 99e35b3b58efd89d0322af8bbcb87178 |
| SHA1 | dc72968c535925c4cc809c40cb96acaeca460dad |
| SHA256 | 5e0ad4e28e5d5123002dd3bc76a20528aeb619f5d0cfbe6c59e0212a09b53187 |
| SHA512 | e8ff05054a7a0b3271ed342ae98ba505bde3a140a6131c757641f73281b85cf50f617744511ba7e4c90518bcb83e44f00963109b705a038c68603627c0e925a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 8009157da4b9f32f071a1ec1e13b0230 |
| SHA1 | dfd14bfb8f3d04cd8c74ff127621c2c8b14b42b3 |
| SHA256 | 7fa598b82b270df57d53b3169f990c1f9f4a9d5d6b89918fa0620333c283dae7 |
| SHA512 | f7a0c16209b79d82e327ba3df7ea5888a23f7a4ad99a1ce13702be2ca634215505dce66d469e6e13bb49fe3b75eca8d0aef5a915116a2f5f20e88d5d8602eaf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | e1fd846710aa5e77add9800906d17ed0 |
| SHA1 | 2d778c0601d18e7fd3930cbb4b0068b6eb3a05ec |
| SHA256 | 00b8d8ad266c164444fb240a4b07d4316020c74c087e95d37547b54ea1051772 |
| SHA512 | a00333708ea6f9efe940e8e5ee6ecb9b74063279238beb9cebf4847023a3f94cce34aa497f8a9ed99570a5407eca3adc9f469afd3553c71e6e8a05be83026341 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | 5b9c8980823dac139da68f41e2947303 |
| SHA1 | 2d950568a2e5bca5dd7fed1a5944394dae8e99f1 |
| SHA256 | bec8ca4b8be0f5c6f14a8df4872644789819e1cd3c1d11bd448a2ce291716257 |
| SHA512 | f819cf34f62a899898c045978d32fcc87e141d963f5c1dbcdc7c17d0809a4f3cb989dc09a328434940b49a99cc2f76a21ad38f34bae107ab174a1f3c2d720616 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 11c2935b0dd9c94cf2086e8346cf3023 |
| SHA1 | 6a0b6ee4a71713f3f715b984cca96bd2e8fb937f |
| SHA256 | 99d43400dd62d71abdc591538d807f5fe830367d7f65af578b096669cdc191dd |
| SHA512 | 0cb19609cc2bc102026bc5080a3b9dba38969cb809466bc123ad07bb48c7b8b91334d574f52779fd29d24453c634b29f4fb40a1b4ce04e36bed5d8812f9c1434 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b
| MD5 | 0d4f6557225753028d5a0fc3e7127108 |
| SHA1 | 8644e78e8d6d79333298082369f895c73aaa56aa |
| SHA256 | 59d7c1a374dd4059ea45f5d70262accb5410f776e66fa0d33ee7ea717d97fb1e |
| SHA512 | 6a9bf0d475534d73713ddf665788001ad19f7ba49db2fec9b6acacec9011a9af5a79bdc32adb51118f871d2cd02cdf4fd3bd41c22ed02668420bd7ceb30d88d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d238b66a47c7c0c49e20c906d67e34e3 |
| SHA1 | bd9ba3454dd45aebd9f8e57589f337fe46ae34ae |
| SHA256 | b2e3c9bdd23b440afa59e65c69fe22f8d15c61c2ed90fd17fbe3ca6b349cf527 |
| SHA512 | 3320b27af330ff67712ac4033e5a16abc0777ac9ef6f0861ea1639f390bfa6b6ceef9d810a6057e0aa5dd8a0f8e85ff69537a7ad06bb324b39b8142cf57ee533 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0
| MD5 | 91754b1113e2494f53cd63689ef38101 |
| SHA1 | c16c1f4b9c3172488fabca328126fd4feede7f95 |
| SHA256 | 6026896c47c91beec5296f0477ac2cc08e63a7004fbb55b955d78b29da123384 |
| SHA512 | ddfe21ec8aa28fc5a76be0dd12851eb76da5a6e2b591c5659972ea978c3033b3e95d9f89426f7fe8b70edb1701be5a35b64176a87cca6412f4862707da6a4efb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6bac76e8a146810ac4c6f1d6748e1565 |
| SHA1 | 2735ac74271fe3bfcb28cbec7a22f9a089ff0d8f |
| SHA256 | fd8a6dc629eb8bfb5fde878d3061d8706aaadddf8fb9d7467db70a4fe3533a3c |
| SHA512 | f0e3ae6af79244d936a7aed60bb5792ede37df3af69c1e5639b33ede987cbd492b461ee54421824feb7e677725eb28a92207de98635044735692bfc08ba6506f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a2
| MD5 | 1aca735014a6bb648f468ee476680d5b |
| SHA1 | 6d28e3ae6e42784769199948211e3aa0806fa62c |
| SHA256 | e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a |
| SHA512 | 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c
| MD5 | aa521e4e4c27306805ee2da1706959bb |
| SHA1 | f2d27a4dc1eee1b9abbc241f7c20678c03c9e775 |
| SHA256 | ffec638750b623b96d54bad5e22d02efacf39d617e92747f603ff21b57da9b04 |
| SHA512 | b964d5fe188619ce4b3aa1493588d501bcb464ff574d4ca3b3d8ad34709bb279b689d386ca2b3658d1caa04d022b82b86af01dec6d811bba8e0ce34fec6ea3f5 |
C:\Users\Admin\Downloads\Unconfirmed 697804.crdownload
| MD5 | a64bd549d95bfc8be592833460f79fcc |
| SHA1 | 0aeeb9507ed39f14d82149c56011ec3aaed1bec9 |
| SHA256 | d285b5242f4583d49c63a7c7f83a72f082ab395f9eaff674ff56c8d2d0fa063d |
| SHA512 | 767bffb8861e81ce61cfec5b0462f6a62cf86d9fca8411126b6ee3f43bc7fccbbffae8fafe293e9c227f297d82562d70940b441f9d541e35b66b972f2b79fdae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 54ae82b8d4fd5afedcce6edd5bee9605 |
| SHA1 | a785015d4c7132ce491d140d6441b654a837c60f |
| SHA256 | 0399d23dd7e049f5743f82d877ba373d9d5d3e1429c4dac180639fe8a1d4504e |
| SHA512 | 4002f56652801ed4194f474762f7f9681a220347b96dc3283ebc651ebcb94307d43a0af6d909ae3639c6f6f3dd3eef5a72a84b8e8f0e658354021fb7e0d3fef8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | baa976e09d7c28b4ca44e08966783f59 |
| SHA1 | 0a9293cb0eb6823c53251f6605f26703dea7170c |
| SHA256 | 20ab1fcd18e60ca95a1a62c35acfb0b9941a310badafa6b6a5360248ada8f1f4 |
| SHA512 | 1f2315008fd5673faaea689b93489b5f078d4f6928e21f77f6e3247473a9663e1a1df8c7e4a3437776e3975e8529dba76384000d424837088ddec4d2638c7ea1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aeb25250df706e08794c986b59e9a315 |
| SHA1 | 501766a6a83d7a9f83ba46bf2dbf8045c18e15ea |
| SHA256 | 17b2bd0be9f731b66b208489225b574cfa81664dbe171fb9d7bcd9c1a15794ab |
| SHA512 | 832b51179f3019e613d06bb0e1dab0bb6692ac6d5c631876b39c8e7121a589a7734fd930d4fe6958c8a74cf07cddef31414d2a8d1ea0455d33384145e80a1ab3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b63d29be034656be6b1c7f82e80fcdee |
| SHA1 | a2b6b97cd5c58a76a2b4e24be64fb3aaad9ed516 |
| SHA256 | e61c4b9a9d1d6eed3092eda145d550568e0e33a594bd25e37195bf461253ab0d |
| SHA512 | eab05061cf0599f041c1c226a279802447aefb7e2db3cb7a3a2ed3747604856a15fe475c8ebc6999568fe1270693d5b599356bd613a72ea583b18d039ef0a03d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4278238e56b89c22a1fec95dea2e71ac |
| SHA1 | 318c728c424270be02a662deb3d3058399412246 |
| SHA256 | 212d76637a80ee7c33895163ff8a265860238d90f0741a8be61eef5ce86c497c |
| SHA512 | 868326a9752efe2c2f246c4b1dc8ffd814a9cb3d084f7771bb92ccb90634550b6e56fe24879a2ae03364ef9369b1c9a42c209d5f31307fac06bde09db3b90d47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | e17e0c992db034338174d8477f78a991 |
| SHA1 | 4bd54469bd110c037c64eaf8c48f5e33916fa4de |
| SHA256 | 3668bae1e15946f8aed41e63c9bd97066a4f99541b4ce35c550f4b794dcf2873 |
| SHA512 | de077392f2f21bacbac079908c1e2355e8b95ab2cab5210ea627bf150428dd2d307d8c11d7529e0f71866a2e237198c7d7e10e397b2b245bc3036864513b1371 |
C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{B86F80BF-73F1-4174-96E7-106285DD7DA6}\ADDRESSES.TMP.FILETEST
| MD5 | b6d520474c5e852738d57bd6249b22b6 |
| SHA1 | c0511c70f85357ae6011b46a55ab51d15d114502 |
| SHA256 | 029e56ad5c2da0b8f305c3c2ad73204822e5f64e1aaea803bfd3fbc57bd47e91 |
| SHA512 | b2807d55711acf86adc2b347f5edca567e84c9be2c2da48d68788b8cb30a991584d9a626b2af40a72c632625b05c62a8647e0edc119717b85b63d2224f5e41da |
C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{B86F80BF-73F1-4174-96E7-106285DD7DA6}\ADDRESSES.FIRST
| MD5 | ecdf0684a14d5b747c245d659b5f33b1 |
| SHA1 | fee7035409106461ca06d14236db42543aa042ee |
| SHA256 | 631bdc5422d1339287bf86b7a204f35956f676d473b27879f304d608238c318d |
| SHA512 | e4cdd4b29e1a8cb4d1161a019a304122df5299d62001c3a03426d89b9b7f1fe69e3c3adff0bd036f333490d8673081da50b3165d44c4978e00980b4df7aa920d |
C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{25FCA526-3A95-44E7-905F-57D67CD555D8}\MEMORY.FIRST
| MD5 | 82c21a4694e51b3c2f568fa571716657 |
| SHA1 | 4144ed54e6ded9bfef3699ba1e5ad69201fd05f7 |
| SHA256 | c39cdd3aa9ed1cedd9ddeba77b81812370809fea0876205a012f09f52af95b6a |
| SHA512 | 52bc21c7e1138332d1040f3a069df22b75b698bbc807efaed97a669eb59204e664e30a7e996c8299ad97a391cf90e2af939867c2a01fd38f59075349a92bde52 |
C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{25FCA526-3A95-44E7-905F-57D67CD555D8}\ADDRESSES.TMP
| MD5 | 3b2dd88ff482011ae13781cf65d01867 |
| SHA1 | adca5221cd0250d3c3260a6197a303c48c2a1bbb |
| SHA256 | 79e21b0d34191f632234cd050ffe7a13aadbec931c5a8b9d5f29dfb6f4a04436 |
| SHA512 | 0f9ad3cc367bd1425e64a2245c31255b356e64172594e34ff68574ab6e5c6771789aba6f1685a86a1d9a8db7b9026962fb671b91718deccbd80a762f6bf46b73 |
C:\Windows\Logs\DISM\dism.log
| MD5 | 0ec289c4bfcc5c52847cef0a29124309 |
| SHA1 | 4177187f2375ae7e63a1aebc181f7a7d24fbda4a |
| SHA256 | 1bde5d2e9f5599ac98c9d63cd11393089fb1e3d32491f3c30f6f69ee3e510f45 |
| SHA512 | 34bbdeb7984d7d22f131dafa6f9a71c0d35c5f42c95466be866f5896d83eeb21bd04b63a6e4fd4397c2807b597c707f80644eff58c202f60ab9a11944dddda55 |
memory/6072-8166-0x0000000002E60000-0x0000000002E96000-memory.dmp
memory/6072-8167-0x0000000005B20000-0x000000000614A000-memory.dmp
memory/6072-8168-0x00000000057D0000-0x00000000057F2000-memory.dmp
memory/6072-8169-0x0000000005970000-0x00000000059D6000-memory.dmp
memory/6072-8170-0x0000000005A50000-0x0000000005AB6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_efbsqi4s.mse.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/6072-8179-0x00000000061B0000-0x0000000006507000-memory.dmp
memory/6072-8180-0x0000000006580000-0x000000000659E000-memory.dmp
memory/6072-8181-0x00000000065C0000-0x000000000660C000-memory.dmp
memory/6072-8182-0x0000000007530000-0x0000000007564000-memory.dmp
memory/6072-8192-0x0000000006B30000-0x0000000006B4E000-memory.dmp
memory/6072-8183-0x000000006F9C0000-0x000000006FA0C000-memory.dmp
memory/6072-8193-0x0000000007770000-0x0000000007814000-memory.dmp
memory/6072-8194-0x0000000007EF0000-0x000000000856A000-memory.dmp
memory/6072-8195-0x00000000078B0000-0x00000000078CA000-memory.dmp
memory/6072-8196-0x0000000007930000-0x000000000793A000-memory.dmp
memory/6072-8197-0x0000000007B40000-0x0000000007BD6000-memory.dmp
memory/6072-8198-0x0000000007AC0000-0x0000000007AD1000-memory.dmp
memory/6072-8200-0x0000000007BE0000-0x0000000007BFA000-memory.dmp
memory/6072-8199-0x0000000007B00000-0x0000000007B0E000-memory.dmp
memory/4204-8208-0x0000000006390000-0x00000000066E7000-memory.dmp
memory/4204-8212-0x000000006F9C0000-0x000000006FA0C000-memory.dmp
memory/5372-8230-0x0000000006060000-0x00000000063B7000-memory.dmp
memory/5372-8231-0x000000006F9C0000-0x000000006FA0C000-memory.dmp
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
F:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
F:\LDPlayer\LDPlayer9\fonts\NanumGothicLight.otf
| MD5 | e2e37d20b47d7ee294b91572f69e323a |
| SHA1 | afb760386f293285f679f9f93086037fc5e09dcc |
| SHA256 | 153161ab882db768c70a753af5e8129852b9c9cae5511a23653beb6414d834a2 |
| SHA512 | 001500f527e2d3c3b404cd66188149c620d45ee6510a1f9902aacc25b51f8213e6654f0c1ecc927d6ff672ffbe7dc044a84ec470a9eb86d2cba2840df7390901 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
F:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | fa2c08e402cc1c1fca849ba2e4eb56aa |
| SHA1 | 133dbe827d469e8dcfb792734f1fced97690efca |
| SHA256 | bd6ed960624c4ffb99ce82611f23365733df329b1ff3216590292ee8034a4421 |
| SHA512 | d96f84f06784f6d2c2182301ae4437303f5f3ab8936e6e3512606c28cc99de268bd186a4eb73b092c1e54995fa849c38080a26fe6dc2b8c1e7171781677d3eb6 |
F:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 38f88ca4211fb378c41412c23af886e2 |
| SHA1 | 7c904c5fdf84d13ffd47703be39380861b5a6a7f |
| SHA256 | 6b149b8b72bf3631111f0e7b95b4dbe2646b786a3de1b414110438927d3f9c38 |
| SHA512 | 6ff289ee872bb96de9de4a3ef82d043f93542545f1555885bd4b6aa008892a8e3fd5f59eb4ed76a402aaa884989725168206aaec6582ea37bd556e7f642d681b |
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | 395970be72d1bcc7755f95a04b3b303d |
| SHA1 | f4019b43fd95f1748e2392d5cb1aa4486aadbc13 |
| SHA256 | 5fa3f4cb4f4f603bd8b9a538b54658ebbcf9198d99f2b0e1ce447322b22fb312 |
| SHA512 | 2f4968b8564bd3bbc624a6838ec33de22413afb8711e08cc36b082863f4e146212c1b6173921ea110c65a0dc20b97c9e187a8ef006005711efcf4237db0bcd1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8bde4f67-2cf1-484b-b618-89a014f7890e.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a601ffd90ab7d2c93fbb8c2d90ee2503 |
| SHA1 | b9c26436298dcfadc61119e048c325ef40bc5c48 |
| SHA256 | 1237e6faefe618701c1dd97e3a44cd98af0d4118adcb60d7482a8b4b31d2160b |
| SHA512 | 62369a1e668e40db6a05a3df253c7dc3b4d9c7df3d7c4029944150b78b26c32a5392eece42c1b8cc3ee628864e2fdffc4f7b973ca9162e4099f3cbe71d8c1ac9 |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | ce9fe92e375200640024cb45870d5615 |
| SHA1 | 68d1d6ed6db2e70460e0382884168224f2ea6315 |
| SHA256 | bb0df9e0188128462ed348bbafaeaaf5499df69e73033b569c218caa965b8ae2 |
| SHA512 | 4de5d79ff4b6e0f126a15b8e635cb4b3a0e5712587aeb54a4dcd8750f9654b997a60a6bbe0accb89b26f9962a56fa955d0e2eff8d126d39705aacd249093af0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be2e9c17d9445165fe9651db99ae294d |
| SHA1 | bc8e654511bfb3cca938c17b15c4f10de36591ad |
| SHA256 | ef357e7f77d70f17bff96f48ce0f67d58767bc9638546ff3dc1d4f3afa06cb1d |
| SHA512 | a6cebfb7054f59546301a6d37b3735858a6c2d32629306c227a3e35c2b6889a3d822800c446933c08febdcb81f9cf35022046fccefc08846081df080fd549a7f |
F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9eae2da320a91123ae326d733c7e3ab9 |
| SHA1 | b63cd181c1d5ee61bfaa8acc4386250bfc748b7b |
| SHA256 | ba6c75214c150babb8196fdcc43c2836cd817e1ed5556bb80f121b72e6cd7755 |
| SHA512 | e1383899304300ee70862f9246d80a70596f11716e6bfe329125373b10ca04413cbe673d40525c41376d25ad568caa1b6b65648fce066fc32d2108cd99223152 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 00f789f0be501f0cd5ef8241d26b3f76 |
| SHA1 | 6857df93a8c7041d0f0e722a3be956010d8898bc |
| SHA256 | 2f20cd65a458f43751f03c66230bed791facfbfd33791f4ee15cfafb0be552ab |
| SHA512 | 0b7cf1221e7581c57bc6d4622475780088d1953bfb5444608b255f869a82f34a68b213ed94a26560b275ad740941dff99bdcdc76da30c69dab29c9c34844a109 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2aefa82113c7cdda82118a772a1421e0 |
| SHA1 | 9e58b478a92f0de140f2dc8ac82291c80c623ed8 |
| SHA256 | b959bd09280c31bdb235064cfc88713294b4036543f1950ad9d883dc12c16292 |
| SHA512 | c111c4094eb4ef1ea36ad4d753246fef8da2b4c9b8a7519007c943962b165de9a1681b70ec04e260c1594d90d1f97cf4438d7c0ba8b07517b8c982b5c81e1d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8c151f107f68852b1bbe15b1aae51f5d |
| SHA1 | 2522d1da32ed725ecdef7eb92c0df4dc259207c3 |
| SHA256 | a7bab653a39e214eab7c063bc7f919a4db6bfc7ef9601c7357f00d7ac32b6c13 |
| SHA512 | 5b1f6331d46e5b65ff0062ceb2a36c2d5e0fbf178c9f8b1f3587828a709cb75d14741cb6fd16280709cbb4ea9cba6616b2c69ff5756864db921b6d9a79585411 |