Malware Analysis Report

2024-12-07 14:40

Sample ID 241009-mrxs5a1cpp
Target LDPlayer9_ru_1552109_ld.exe
SHA256 f85ba2e1604219d15c2b7816312f0c530411416cf3789fcc0ab73d7ee6dce36a
Tags
discovery execution exploit persistence privilege_escalation spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f85ba2e1604219d15c2b7816312f0c530411416cf3789fcc0ab73d7ee6dce36a

Threat Level: Likely malicious

The file LDPlayer9_ru_1552109_ld.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery execution exploit persistence privilege_escalation spyware stealer

Possible privilege escalation attempt

Creates new service(s)

Manipulates Digital Signatures

Modifies file permissions

Checks for any installed AV software in registry

Downloads MZ/PE file

Drops Chrome extension

Event Triggered Execution: Component Object Model Hijacking

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Launches sc.exe

Drops file in Windows directory

Executes dropped EXE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Reads user/profile data of web browsers

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Kills process with taskkill

Modifies registry class

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: AddClipboardFormatListener

Runs net.exe

Checks processor information in registry

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-09 10:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-09 10:42

Reported

2024-10-09 11:12

Platform

win7-20240903-en

Max time kernel

1558s

Max time network

1559s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe"

Signatures

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A

Downloads MZ/PE file

Checks installed software on the system

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 res.ldrescdn.com udp
US 8.8.8.8:53 dagswotxcmrj6.cloudfront.net udp
CZ 65.9.94.70:443 dagswotxcmrj6.cloudfront.net tcp
GB 163.181.154.242:443 res.ldrescdn.com tcp
GB 163.181.154.242:443 res.ldrescdn.com tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
GB 163.181.154.242:443 res.ldrescdn.com tcp
US 8.8.8.8:53 d1odpp2eg70dto.cloudfront.net udp
GB 3.162.19.58:443 d1odpp2eg70dto.cloudfront.net tcp
GB 3.162.19.58:443 d1odpp2eg70dto.cloudfront.net tcp
GB 3.162.19.58:443 d1odpp2eg70dto.cloudfront.net tcp
GB 3.162.19.58:443 d1odpp2eg70dto.cloudfront.net tcp

Files

\Users\Admin\AppData\Local\Temp\Setup\ds.dll

MD5 f45a92aba92be451667f7771edecdd32
SHA1 bb8496d04363a8ae818a9b3efc0fbcc1ba893f78
SHA256 22e95eb59a7cb402fadc1783c7f3c613aa18ebd09480e30f4a6557df8d066b26
SHA512 a6d734db225021487df46b2f62fb7a71883e2aa8837eb0097082510d8f01b519842cd26700ce84f2e2fd9012cb396ea894123d31a0e3e22636ecb859f68010af

memory/2700-11-0x0000000004F60000-0x0000000004FA0000-memory.dmp

memory/2700-12-0x0000000073C3E000-0x0000000073C3F000-memory.dmp

memory/2700-16-0x0000000003190000-0x00000000031A4000-memory.dmp

memory/2700-17-0x00000000743F0000-0x0000000074404000-memory.dmp

memory/2700-27-0x0000000004F60000-0x0000000004FA0000-memory.dmp

memory/2700-28-0x0000000073C3E000-0x0000000073C3F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab3620.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3642.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32563f30bf43d42e928876fc38cc2b48
SHA1 fecbd50d26078299cba35eba5b1390869ca300ca
SHA256 72325b539947088b23a888c56b8226671a3dab92a8c56480278301894308cbf8
SHA512 08387c6b06d71eb82c1ce0f26434a9e71ec31649a69b8b7d1f44a52fd5acf27d4cb3a24087880e199421445d912e95f0e18f293c30c24cc278ac846a7ec92842

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d69158579a90eea6f9c0728a330c721e
SHA1 b435e0af3e1ebbcc56c7d9d9377f1b0e706b1f2d
SHA256 e1298bc0c74c0d13937b5ee084c9a6979a699da931afe917e21e3342efa405cd
SHA512 a814efe24521dd800bbf8d439382e000657353b487f4ca507d21bafa1cb26ecfa0866dd697f5b51253b5503c8311f94f025a79bc5c677e9c8b188aef643ef1d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af2b415ebdf7d58bd044de3d3d991b1f
SHA1 d4d18870724fd807d8a8d1cce231a762920212db
SHA256 b704eb58f439fc78647d1803d89e253d02da6ddd833a2a63094b787532ef2c3c
SHA512 071926fed849779fff69b09b864ca786b99b8052e70add3d7e00f09ac77b5328500e7e3a54ca266b640e5396dab3b33a75bad1aa102b764cecaa83dd00d8c77d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c56d267fec98b857822ab3651bbfc5c
SHA1 8cc0885e08319af9dfaf95d9ed95b6d9c71eef0c
SHA256 363e9922aca686de27c726698cdf6b044ece9e7af2f0d501aba17cc91c756d9f
SHA512 f55b0f6885039a4aaae691b2871b943432f2fa4aad673c6c463b0d21bf82ef59041caf605a7b856e439245c2cd1916458d9e16e39269cc4a6df8aece435181e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aff24d7382ebb35f502a95a16d78e216
SHA1 de6ccc2e583466699b1356f72bcdc0f384d92d76
SHA256 185e6339ec232a58ea73cce84e156c1d753c819eaf7fa3082ba1314ba5baab2a
SHA512 db7a5ff3d3c61bb1777b1f9ef2901a223418511bbf3d647fb8b6896d60d0e048b9a22e37cd6ed94f5e59f8af0baaa66da036d5dccbe53d1f6f4b2483d0f9f262

memory/2700-253-0x00000000029E0000-0x0000000002A24000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-09 10:42

Reported

2024-10-09 10:46

Platform

win10v2004-20241007-en

Max time kernel

241s

Max time network

242s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe"

Signatures

Creates new service(s)

persistence execution

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\FuncName = "WVTAsn1SpcLinkEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.3\FuncName = "WVTAsn1SealingSignatureAttributeEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverInitializePolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.4\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.2\FuncName = "WVTAsn1IntentToSealAttributeEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2223\FuncName = "WVTAsn1CatMemberInfo2Encode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2004\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2011\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Downloads MZ/PE file

Drops Chrome extension

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.5487_0\manifest.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ru-RU.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sv-SE.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nb-NO.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\optionsdialog.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-controller-checklist.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-da-DK.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\tstInt.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-util-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-en-US.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\pushnotification.luc C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ja-JP.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pt-PT.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-hr-HR.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\survey.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\Temp1660042577\jslang\wa-res-shared-en-US.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-PT.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sr-Latn-CS.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-ui-dialog.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pt-BR.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-da-DK.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-cs-CZ.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-de-DE.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo.png C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon-selected.png C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\rules.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\sha256.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\lowsearchusertargeting.luc C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\engine.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\transport_template.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ldplayer9box\platforms\qoffscreen.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-FR.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-hu-HU.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon.png C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\ldplayer9box\USBUninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-it-IT.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sk-SK.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-da-DK.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\wa-ui-uninstall.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\logomark_white.png C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-options.css C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-ES.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-tr-TR.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\mcutil.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-environment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-string-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp1660042577\browserplugin.cab C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\clipboard.png C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ja-JP.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\transport_ai.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ldplayer9box\libcurl.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxHostChannel.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp1660042577\taskmanager.cab C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\Temp1660042577\jslang\wa-res-shared-ja-JP.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-ES.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-hu-HU.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\ldplayer9box\x86\vccorlib140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp1660042577\jslang\wa-res-shared-fr-CA.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell.png C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-ui-checklist.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-da-DK.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nb-NO.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ja-JP.js C:\Program Files\McAfee\Temp1660042577\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Program Files\McAfee\Temp1660042577\installer.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\dism.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7EDA7082-862B-11EF-AEE2-468C69F2ED48} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31136312" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02a1e56381adb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1396215429" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31136312" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000086445aa8a430244a91c2b800ab210a510000000002000000000010660000000100002000000098db6a2fa9ed8f5cd091ef4949820f8b0abf8a59a1734daee81f6c03edd600b0000000000e8000000002000020000000428b6964259d8c4b95d1c969c704855ba5005abce736b1af4637d146dfd35ad420000000ec145571a7c9b280be0a247720217b6dbe613048255bf93cab56cd83904f996d40000000c4e33c804238c57f79432d0ad50866151f68d445ba5a716b01d11acff26778a14e52c28dc30411e72c558cdd1771e1ab88e557250167a88a3d411e7cb2da61b4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1396225398" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90932456381adb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000086445aa8a430244a91c2b800ab210a5100000000020000000000106600000001000020000000b77fd6fd841c5735195d8a5f9589d45acb7481f05d53ca9047f33e40e0368a05000000000e800000000200002000000044ad06eae21c234cef54c8b10572ac031b0850a5371747931340cc4c0236e5d920000000eacff3487079ca323a2e9529e085b7e98b277b6c6af6e528f6f1601e7b0489c740000000498e3f4fc545229a795bb5fbb4bc9eaaf1eebc22d27b226212502640f60ade0a2eb49acacadd0db60be0ec82f9661ac99523b30321f45216e69d633ceeb24ffb C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133729443183871724" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7708-444B-9EEF-C116CE423D39}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-402E-022E-6180-C3944DE3F9C8}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7006-40D4-B339-472EE3801844}\ = "IGuestKeyboardEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\NumMethods\ = "21" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\ = "ICanShowWindowEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8079-447A-A33E-47A69C7980DB} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\VersionIndependentProgID C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D}\ = "IRecordingScreenSettings" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5FDC-4ABA-AFF5-6A39BBD7C38B}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.apk\Shell C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-48DF-438D-85EB-98FFD70D18C9}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D612-47D3-89D4-DB3992533948}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\0\win32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9849-4F47-813E-24A75DC85615} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-e8b8-4838-b10c-45ba193734c1} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7F29-4AAE-A627-5A282C83092C}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1A29-4A19-92CF-02285773F3B5}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\NumMethods\ = "39" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-e4b1-486a-8f2e-747ae346c3e9} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-402E-022E-6180-C3944DE3F9C8} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5637-472A-9736-72019EABD7DE} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3188-4C8C-8756-1395E8CB691C}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6038-422C-B45E-6D4A0503D9F1}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-BF98-47FB-AB2F-B5177533F493}\ = "IStorageController" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CLSID C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D545-44AA-8013-181B8C288554}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9641-4397-854A-040439D0114B}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6989-4002-80CF-3607F377D40C} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-48DF-438D-85EB-98FFD70D18C9}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6679-422a-b629-51b06b0c6d93} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7006-40D4-B339-472EE3801844}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7966-481D-AB0B-D0ED73E28135}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486F-40DB-9150-DEEE3FD24189}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D8ED-44CF-85AC-C83A26C95A4D}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-394D-44D3-9EDB-AF2C4472C40A} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CF37-453B-9289-3B0F521CAF27}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0547-448E-BC7C-94E9E173BF57}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A

Runs net.exe

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2728 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2728 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2728 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2728 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2728 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2728 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2728 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2728 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2728 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2728 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2728 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2728 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2728 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 2728 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 2728 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 3176 wrote to memory of 2260 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 3176 wrote to memory of 2260 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 3176 wrote to memory of 2260 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 2260 wrote to memory of 3068 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 2260 wrote to memory of 3068 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 2260 wrote to memory of 3068 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 3068 wrote to memory of 2304 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 3068 wrote to memory of 2304 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 3068 wrote to memory of 2304 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2260 wrote to memory of 1828 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 1828 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 1828 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 4828 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 4828 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 4828 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 3584 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 3584 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 3584 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 1472 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 1472 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 1472 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 2268 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 2268 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 2268 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 4856 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 4856 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 4856 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 1948 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 1948 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 1948 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2260 wrote to memory of 956 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\takeown.exe
PID 2260 wrote to memory of 956 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\takeown.exe
PID 2260 wrote to memory of 956 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\takeown.exe
PID 2260 wrote to memory of 4112 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\icacls.exe
PID 2260 wrote to memory of 4112 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\icacls.exe
PID 2260 wrote to memory of 4112 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\icacls.exe
PID 2260 wrote to memory of 2312 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\takeown.exe
PID 2260 wrote to memory of 2312 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\takeown.exe
PID 2260 wrote to memory of 2312 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\takeown.exe
PID 2260 wrote to memory of 3996 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\icacls.exe
PID 2260 wrote to memory of 3996 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\icacls.exe
PID 2260 wrote to memory of 3996 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\icacls.exe
PID 2260 wrote to memory of 4756 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\dism.exe
PID 2260 wrote to memory of 4756 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\dism.exe
PID 2260 wrote to memory of 4756 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\dism.exe
PID 4756 wrote to memory of 4260 N/A C:\Windows\SysWOW64\dism.exe C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe
PID 4756 wrote to memory of 4260 N/A C:\Windows\SysWOW64\dism.exe C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe
PID 4948 wrote to memory of 3188 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4948 wrote to memory of 3188 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1552109_ld.exe"

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Music\DenyPush.mov"

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayerex.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM bugreport.exe /T

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1552109 -language=ru -path="C:\LDPlayer\LDPlayer9\"

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=197298

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\dismhost.exe {578F6AC8-9E52-4AC3-86CA-A430283AE328}

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4948 CREDAT:17410 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp1660042577\installer.exe

"C:\Program Files\McAfee\Temp1660042577\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8956fcc40,0x7ff8956fcc4c,0x7ff8956fcc58

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2308 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4476,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4444 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4636,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4388,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4316 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4376 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5168,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5340,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\LDPlayer\LDPlayer9\driverconfig.exe

"C:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5344,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5316 /prefetch:1

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5212,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4608,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5176 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5352,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5452 /prefetch:8

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3148,i,6411328159014560596,15347550481897885483,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:8

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x28c,0x290,0x294,0x268,0x23c,0x7ff63b4e4698,0x7ff63b4e46a4,0x7ff63b4e46b0

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vk.com/ldplayer

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8919046f8,0x7ff891904708,0x7ff891904718

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\\dnplayer.exe"

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x49c 0x4a0

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ru.ldplayer.net/blog/how-to-update-the-graphics-driver.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff8919046f8,0x7ff891904708,0x7ff891904718

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ru.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8919046f8,0x7ff891904708,0x7ff891904718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ru.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8919046f8,0x7ff891904708,0x7ff891904718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7155963399322414054,11786682080138795731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 res.ldrescdn.com udp
US 8.8.8.8:53 dagswotxcmrj6.cloudfront.net udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
CZ 65.9.94.22:443 dagswotxcmrj6.cloudfront.net tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
GB 163.181.154.242:443 res.ldrescdn.com tcp
US 8.8.8.8:53 22.94.9.65.in-addr.arpa udp
US 8.8.8.8:53 242.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 d1odpp2eg70dto.cloudfront.net udp
US 8.8.8.8:53 133.194.101.151.in-addr.arpa udp
GB 3.162.19.100:443 d1odpp2eg70dto.cloudfront.net tcp
GB 163.181.154.242:443 res.ldrescdn.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 100.19.162.3.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 97.136.219.8.in-addr.arpa udp
GB 3.162.19.100:443 d1odpp2eg70dto.cloudfront.net tcp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 d1odpp2eg70dto.cloudfront.net udp
GB 3.162.19.100:443 d1odpp2eg70dto.cloudfront.net tcp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 52.26.104.76:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 76.104.26.52.in-addr.arpa udp
US 8.8.8.8:53 apiru.ldmnq.com udp
CZ 65.9.95.14:443 apiru.ldmnq.com tcp
US 8.8.8.8:53 14.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 200.94.9.65.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 2.19.117.71:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 71.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 120.89.9.65.in-addr.arpa udp
CZ 65.9.95.14:443 apiru.ldmnq.com tcp
US 8.8.8.8:53 49.4.219.8.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
GB 2.19.117.71:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 home.mcafee.com udp
GB 104.124.169.75:443 home.mcafee.com tcp
US 8.8.8.8:53 75.169.124.104.in-addr.arpa udp
US 52.26.104.76:443 analytics.apis.mcafee.com tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 52.26.104.76:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.46:80 clients2.google.com tcp
GB 142.250.200.46:443 clients2.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.65:443 clients2.googleusercontent.com tcp
GB 142.250.200.46:443 clients2.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 2.19.117.71:443 sadownload.mcafee.com tcp
GB 142.250.200.36:443 www.google.com udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 146.48.219.8.in-addr.arpa udp
US 8.8.8.8:53 apien.ldplayer.net udp
US 8.8.8.8:53 res.ldrescdn.com udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 ad.ldplayer.net udp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
CZ 65.9.95.22:443 apien.ldplayer.net tcp
CZ 65.9.95.93:443 ad.ldplayer.net tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
US 8.8.8.8:53 vk.com udp
RU 87.240.129.133:443 vk.com tcp
RU 87.240.129.133:443 vk.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
US 8.8.8.8:53 241.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 22.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 93.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 133.129.240.87.in-addr.arpa udp
CZ 65.9.98.16:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 res.ldplayer.net udp
GB 79.133.176.235:443 res.ldplayer.net tcp
US 8.8.8.8:53 login.vk.com udp
RU 95.213.56.1:443 login.vk.com tcp
US 8.8.8.8:53 api.vk.com udp
US 8.8.8.8:53 ru.ldplayer.net udp
RU 87.240.190.75:443 api.vk.com tcp
GB 163.181.154.240:443 ru.ldplayer.net tcp
GB 163.181.154.240:443 ru.ldplayer.net tcp
US 8.8.8.8:53 st6-23.vk.com udp
NL 95.142.206.3:443 st6-23.vk.com tcp
NL 95.142.206.3:443 st6-23.vk.com tcp
NL 95.142.206.3:443 st6-23.vk.com tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
GB 163.181.154.241:443 ru.ldplayer.net tcp
GB 79.133.176.186:443 cdn.ldplayer.net tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 16.98.9.65.in-addr.arpa udp
US 8.8.8.8:53 1.56.213.95.in-addr.arpa udp
GB 163.181.154.241:443 ru.ldplayer.net tcp
US 8.8.8.8:53 235.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 75.190.240.87.in-addr.arpa udp
US 8.8.8.8:53 240.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 3.206.142.95.in-addr.arpa udp
GB 163.181.154.241:443 ru.ldplayer.net tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 163.181.154.239:443 encdn.ldmnq.com tcp
GB 163.181.154.241:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 yandex.ru udp
RU 77.88.44.55:443 yandex.ru tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
US 8.8.8.8:53 res.ldrescdn.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 encdn00.ldmnq.com udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
CZ 65.9.95.4:443 encdn00.ldmnq.com tcp
CZ 65.9.95.4:443 encdn00.ldmnq.com tcp
GB 163.181.154.240:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
US 8.8.8.8:53 stpd.cloud udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 104.18.30.49:443 stpd.cloud tcp
RU 95.213.56.1:443 login.vk.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
US 8.8.8.8:53 6.4.26.104.in-addr.arpa udp
GB 142.250.200.46:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 239.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 55.44.88.77.in-addr.arpa udp
US 8.8.8.8:53 4.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 186.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 www.youtube.com udp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 ads.adfox.ru udp
RU 87.250.247.183:443 avatars.mds.yandex.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 77.88.21.179:443 ads.adfox.ru tcp
RU 87.240.129.133:443 vk.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
US 8.8.8.8:53 encdn01.ldmnq.com udp
US 8.8.8.8:53 encdn09.ldmnq.com udp
US 8.8.8.8:53 encdn03.ldmnq.com udp
CZ 65.9.95.56:443 encdn03.ldmnq.com tcp
CZ 65.9.95.56:443 encdn03.ldmnq.com tcp
CZ 65.9.95.72:443 encdn01.ldmnq.com tcp
CZ 65.9.95.72:443 encdn01.ldmnq.com tcp
CZ 65.9.95.72:443 encdn01.ldmnq.com tcp
CZ 65.9.95.72:443 encdn01.ldmnq.com tcp
CZ 65.9.95.63:443 encdn09.ldmnq.com tcp
CZ 65.9.95.63:443 encdn09.ldmnq.com tcp
US 8.8.8.8:53 49.30.18.104.in-addr.arpa udp
US 8.8.8.8:53 238.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 183.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 179.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 22.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 56.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 72.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 apiru.ldplayer.net udp
US 8.8.8.8:53 usersdk.ldmnq.com udp
US 8.8.8.8:53 www.googletagservices.com udp
CZ 65.9.95.85:443 apiru.ldplayer.net tcp
GB 172.217.169.66:443 www.googletagservices.com tcp
GB 216.58.201.110:443 www.youtube.com udp
SG 8.222.254.73:443 usersdk.ldmnq.com tcp
SG 8.222.254.73:443 usersdk.ldmnq.com tcp
US 8.8.8.8:53 63.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 85.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 142.250.200.38:443 static.doubleclick.net tcp
GB 142.250.187.193:443 yt3.ggpht.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 172.217.169.2:443 securepubads.g.doubleclick.net tcp
GB 172.217.169.2:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 73.254.222.8.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 apiru.ldmnq.com udp
CZ 65.9.95.108:80 apiru.ldmnq.com tcp
US 8.8.8.8:53 tagan.adlightning.com udp
CZ 65.9.95.22:443 tagan.adlightning.com tcp
CZ 65.9.95.108:443 apiru.ldmnq.com tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
BE 64.233.184.84:443 accounts.google.com udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 84.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 108.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 75.98.9.65.in-addr.arpa udp
NL 95.142.206.3:443 st6-23.vk.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
CZ 65.9.95.29:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 3.220.160.220:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 3.220.160.220:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
CZ 65.9.95.74:443 tags.crwdcntrl.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
CZ 65.9.9.197:443 aax.amazon-adsystem.com tcp
CZ 65.9.9.197:443 aax.amazon-adsystem.com tcp
CZ 65.9.9.197:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
CZ 65.9.95.84:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.83:443 id5-sync.com tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 adx.adform.net udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
US 35.186.253.211:443 rtb.openx.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 8.8.8.8:53 a.ad.gt udp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
DK 37.157.6.233:443 adx.adform.net tcp
DK 37.157.6.233:443 adx.adform.net tcp
DK 37.157.6.233:443 adx.adform.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
FR 163.5.194.35:443 prebid.a-mo.net tcp
FR 163.5.194.35:443 prebid.a-mo.net tcp
FR 163.5.194.35:443 prebid.a-mo.net tcp
NL 89.207.16.146:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 104.22.4.69:443 a.ad.gt tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
IE 54.76.113.237:443 bcp.crwdcntrl.net tcp
IE 54.76.113.237:443 bcp.crwdcntrl.net tcp
IE 54.76.113.237:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 29.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 74.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 197.9.9.65.in-addr.arpa udp
US 8.8.8.8:53 220.160.220.3.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 162.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 84.95.9.65.in-addr.arpa udp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 u.openx.net udp
US 34.98.64.218:443 u.openx.net tcp
US 8.8.8.8:53 cm.adform.net udp
US 34.98.64.218:443 u.openx.net udp
DK 37.157.5.133:443 cm.adform.net tcp
US 8.8.8.8:53 e52888b7677bbe361589ccda894f2064.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
GB 172.217.169.2:443 securepubads.g.doubleclick.net udp
NL 89.149.192.196:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 1d3746f5a3c1f6102c22c176e63b5c96.safeframe.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 80.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 35.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 233.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 146.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 237.113.76.54.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 133.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 196.192.149.89.in-addr.arpa udp
CZ 65.9.95.108:443 apiru.ldmnq.com tcp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 setupad-tagan.adlightning.com udp
US 8.8.8.8:53 node.setupad.com udp
CZ 65.9.95.96:443 setupad-tagan.adlightning.com tcp
CZ 65.9.95.96:443 setupad-tagan.adlightning.com tcp
CZ 65.9.95.96:443 setupad-tagan.adlightning.com tcp
CZ 65.9.95.96:443 setupad-tagan.adlightning.com tcp
CZ 65.9.95.96:443 setupad-tagan.adlightning.com tcp
CZ 65.9.95.96:443 setupad-tagan.adlightning.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 918b175f876a466a803d8d1ce55de632.safeframe.googlesyndication.com udp
US 8.8.8.8:53 96.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 223.25.89.159.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-aigl6nzl.googlevideo.com udp
GB 74.125.168.169:443 rr4---sn-aigl6nzl.googlevideo.com tcp
GB 74.125.168.169:443 rr4---sn-aigl6nzl.googlevideo.com tcp
GB 142.250.178.22:443 i.ytimg.com udp
GB 74.125.168.169:443 rr4---sn-aigl6nzl.googlevideo.com udp
GB 142.250.187.193:443 918b175f876a466a803d8d1ce55de632.safeframe.googlesyndication.com udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 169.168.125.74.in-addr.arpa udp
FR 163.5.194.32:443 sync.a-mo.net tcp
FR 163.5.194.32:443 sync.a-mo.net tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 32.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 trace-eu.mediago.io udp
US 8.8.8.8:53 cdn.mediago.io udp
US 8.8.8.8:53 images.mediago.io udp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
US 34.111.60.239:443 images.mediago.io tcp
US 34.111.60.239:443 images.mediago.io tcp
CZ 65.9.95.65:443 cdn.mediago.io tcp
CZ 65.9.95.65:443 cdn.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io udp
CZ 65.9.95.65:443 cdn.mediago.io tcp
US 8.8.8.8:53 gtrace.mediago.io udp
US 8.8.8.8:53 80.168.214.35.in-addr.arpa udp
US 8.8.8.8:53 239.60.111.34.in-addr.arpa udp
US 8.8.8.8:53 65.95.9.65.in-addr.arpa udp
NL 35.214.168.80:443 gtrace.mediago.io udp
US 8.8.8.8:53 ads.vk.com udp
RU 5.61.238.3:443 ads.vk.com tcp
US 8.8.8.8:53 3.238.61.5.in-addr.arpa udp
US 8.8.8.8:53 tns-counter.ru udp
RU 194.226.130.227:443 tns-counter.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 stats.vk-portal.net udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 87.240.129.132:443 stats.vk-portal.net tcp
US 8.8.8.8:53 sun6-21.userapi.com udp
NL 95.142.206.1:443 sun6-21.userapi.com tcp
US 8.8.8.8:53 227.130.226.194.in-addr.arpa udp
US 8.8.8.8:53 132.129.240.87.in-addr.arpa udp
US 8.8.8.8:53 1.206.142.95.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 sun6-23.userapi.com udp
US 8.8.8.8:53 sun6-20.userapi.com udp
NL 95.142.206.0:443 sun6-20.userapi.com tcp
NL 95.142.206.3:443 sun6-23.userapi.com tcp
US 8.8.8.8:53 0.206.142.95.in-addr.arpa udp
US 8.8.8.8:53 sun9-70.userapi.com udp
RU 87.240.185.169:443 sun9-70.userapi.com tcp
US 8.8.8.8:53 sun6-22.userapi.com udp
NL 95.142.206.2:443 sun6-22.userapi.com tcp
NL 95.142.206.2:443 sun6-22.userapi.com tcp
US 8.8.8.8:53 169.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 2.206.142.95.in-addr.arpa udp
US 8.8.8.8:53 sun9-48.userapi.com udp
RU 87.240.185.151:443 sun9-48.userapi.com tcp
US 8.8.8.8:53 sun9-57.userapi.com udp
RU 93.186.227.152:443 sun9-57.userapi.com tcp
RU 93.186.227.152:443 sun9-57.userapi.com tcp
RU 93.186.227.152:443 sun9-57.userapi.com tcp
US 8.8.8.8:53 151.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 152.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 sun9-54.userapi.com udp
RU 87.240.185.157:443 sun9-54.userapi.com tcp
US 8.8.8.8:53 sun9-41.userapi.com udp
RU 93.186.227.148:443 sun9-41.userapi.com tcp
RU 93.186.227.148:443 sun9-41.userapi.com tcp
US 8.8.8.8:53 sun9-72.userapi.com udp
RU 87.240.185.171:443 sun9-72.userapi.com tcp
US 8.8.8.8:53 148.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 171.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 157.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 sun9-37.userapi.com udp
RU 87.240.185.144:443 sun9-37.userapi.com tcp
US 8.8.8.8:53 www.tns-counter.ru udp
RU 194.226.130.227:443 www.tns-counter.ru tcp
US 8.8.8.8:53 144.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 privacy-cs.mail.ru udp
RU 95.163.52.89:443 privacy-cs.mail.ru tcp
US 8.8.8.8:53 89.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 stun4.l.google.com udp
US 8.8.8.8:53 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 8.8.8.8:53 129.250.125.74.in-addr.arpa udp
NL 89.149.193.80:443 prg.smartadserver.com tcp
US 35.186.253.211:443 rtb.openx.net udp
US 104.18.30.49:443 stpd.cloud tcp
GB 142.250.178.22:443 i.ytimg.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
NL 89.149.193.80:443 prg.smartadserver.com tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
US 8.8.8.8:53 16e2f96f4a7a774f4bd760478816bbf1.safeframe.googlesyndication.com udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 95b6ec52d393c18e11a594b47ce90826.safeframe.googlesyndication.com udp
US 8.8.8.8:53 e7e085ac2fe56253f10a0e3798bb6d45.safeframe.googlesyndication.com udp

Files

C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

MD5 f45a92aba92be451667f7771edecdd32
SHA1 bb8496d04363a8ae818a9b3efc0fbcc1ba893f78
SHA256 22e95eb59a7cb402fadc1783c7f3c613aa18ebd09480e30f4a6557df8d066b26
SHA512 a6d734db225021487df46b2f62fb7a71883e2aa8837eb0097082510d8f01b519842cd26700ce84f2e2fd9012cb396ea894123d31a0e3e22636ecb859f68010af

memory/2728-12-0x0000000006D60000-0x0000000006D70000-memory.dmp

memory/2728-13-0x0000000072B0E000-0x0000000072B0F000-memory.dmp

memory/2728-18-0x00000000733B0000-0x00000000733C4000-memory.dmp

memory/2728-17-0x0000000007320000-0x0000000007334000-memory.dmp

memory/2728-19-0x0000000009A60000-0x000000000A004000-memory.dmp

memory/2728-20-0x0000000005240000-0x00000000052D2000-memory.dmp

memory/2728-21-0x0000000007080000-0x00000000070C4000-memory.dmp

memory/2728-22-0x000000000A4F0000-0x000000000A58C000-memory.dmp

memory/2728-23-0x00000000099E0000-0x0000000009A46000-memory.dmp

memory/2728-24-0x000000000AAC0000-0x000000000AFEC000-memory.dmp

memory/2728-30-0x0000000006D60000-0x0000000006D70000-memory.dmp

memory/2728-31-0x0000000072B0E000-0x0000000072B0F000-memory.dmp

memory/2728-32-0x000000000B320000-0x000000000B32A000-memory.dmp

memory/2728-33-0x000000000C050000-0x000000000C0A0000-memory.dmp

memory/2728-34-0x000000000C240000-0x000000000C2F2000-memory.dmp

memory/2728-35-0x000000000C1E0000-0x000000000C1FA000-memory.dmp

memory/2728-36-0x000000000C340000-0x000000000C352000-memory.dmp

memory/2728-37-0x000000000C3B0000-0x000000000C3D0000-memory.dmp

memory/2728-38-0x000000000C410000-0x000000000C442000-memory.dmp

memory/2728-39-0x000000000C4C0000-0x000000000C526000-memory.dmp

memory/2728-40-0x000000000C450000-0x000000000C46E000-memory.dmp

memory/2728-41-0x000000000C490000-0x000000000C4AA000-memory.dmp

memory/2728-42-0x0000000072B00000-0x00000000732B0000-memory.dmp

memory/2728-43-0x0000000072B00000-0x00000000732B0000-memory.dmp

memory/2728-44-0x0000000072B00000-0x00000000732B0000-memory.dmp

memory/2564-61-0x000002B52E340000-0x000002B52E350000-memory.dmp

memory/2564-79-0x000002B5366A0000-0x000002B5366A1000-memory.dmp

memory/2564-77-0x000002B536670000-0x000002B536671000-memory.dmp

memory/2564-81-0x000002B5367B0000-0x000002B5367B1000-memory.dmp

memory/2564-80-0x000002B5366A0000-0x000002B5366A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 bfd50bb734c4b477a1d670260848d64b
SHA1 4f88b455ad5dedffea6e61ef61c081b41d6228b7
SHA256 05643c89d3c954f331f7fb89a52c28376e5731f752b625d956df2a2d0c185b3f
SHA512 8603eb571c22297340a740e58ae8b6fca5fabdb34624b0faccb9c89c96fb9d677a778ff227e7208cbc87f88cdd919cca36a6f3f240520b1fc32ceaf525660537

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

MD5 88aa9220a94361a183dd34f905a0362c
SHA1 532cb852ba72220c1ab2eb92d717b3ee380480c1
SHA256 abe5ac8065597db5b1a497cf3112cda8a2b6d2bf02b5fe9e66aa9fbf5f2211f9
SHA512 f0a1326497fee28ccb787d09921071f7ceacc53f86a8eecc647df25f2c66373f8fabe347f0189973110171d9dd526704ffb4b44999a97a81be07e233f19f4f66

memory/4860-135-0x00007FF898830000-0x00007FF898864000-memory.dmp

memory/4860-134-0x00007FF63AF10000-0x00007FF63B008000-memory.dmp

memory/4860-136-0x00007FF894FB0000-0x00007FF895266000-memory.dmp

memory/4860-137-0x00007FF8931B0000-0x00007FF894260000-memory.dmp

C:\LDPlayer\LDPlayer9\dnrepairer.exe

MD5 cee286a3b75e2e3b92359a54a129a8cf
SHA1 d9708dc4a44c32a25d31eb93b7e0627155c5a871
SHA256 d6f0c9d7efe02de528a908285a989cc41903bc34b3448e5638af551ef12f77a5
SHA512 daf84e165437170d2ae029f2092ea9dbde03d6a34d85ac710e679e560333f8c17c6a2fc16ad69adad36ccf29c462f9c92346ca42e163e7a8c4069253456f06c1

C:\LDPlayer\LDPlayer9\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\LDPlayer\LDPlayer9\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\LDPlayer\LDPlayer9\phones.data

MD5 fdee6e3ccf8b61db774884ccb810c66f
SHA1 7a6b13a61cd3ad252387d110d9c25ced9897994d
SHA256 657fec32d9ce7b96986513645a48ddd047a5968d897c589fbc0fc9adb8c670f4
SHA512 f773f6fc22adadf048b9bfb03e4d6e119e8876412beb8517d999f4ed6a219e2ba50eded5308d361b6780792af9f699644e3a8b581a17d5a312f759d981f64512

C:\LDPlayer\LDPlayer9\dnresource.rcc

MD5 be5eb5347c30bc6feba94d103528050a
SHA1 862ff5fd84b1caa34a6298969799a802f1cb3df6
SHA256 5fda5ba5047c9b6c542eb4643fd42e664838702534a3d1a53ccb0c1af1490965
SHA512 15994a163acacbdd5811e21c01a0993c16dcf078cad37b74c95e488cf6c6944c288550a60d1da8e049c24657896370332bf8c0431a7b037614552b43c47a630d

C:\LDPlayer\LDPlayer9\crashreport.dll

MD5 cb1f1554bd438600eba5a55feda2c653
SHA1 893dcdd3d21568c6d0586fa3590be7c9dcbfa42e
SHA256 27bb89fa0800e7fdf643126551dda3eaa834b1171346010b93fb904076e90f4f
SHA512 65b064ce0496680408f76e7fe3a9946155384864099c1913acb1f88db182277d5d09d4e9cfdff8a8ae821f0037af93ce97bbc76e656831a52714abcdc0da6412

C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

MD5 e4fe8383e55c8a9da0aa9bdce372696b
SHA1 5e201f47dc84b3d0591566d3c7169e232b90854b
SHA256 9f7e6ad12227c28abde86163925306040a13c50132db6b3204097e8512143ec2
SHA512 bb6b32f74fad774f0c715c128e4ad9f83d3350b69b441a6b1e3766b2bc7390aa01a84a256d94cbbaea1b4322fd86568ab187d686d9e7657b89214e2d011eb486

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\DismHost.exe

MD5 e5d5e9c1f65b8ec7aa5b7f1b1acdd731
SHA1 dbb14dcda6502ab1d23a7c77d405dafbcbeb439e
SHA256 e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80
SHA512 7cf80d4a16c5dbbf61fcb22ebe30cf78ca42a030b7d7b4ad017f28fba2c9b111e8cf5b3064621453a44869bbaed124d6fb1e8d2c8fe8202f1e47579d874fa4bc

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\DismCorePS.dll

MD5 a033f16836d6f8acbe3b27b614b51453
SHA1 716297072897aea3ec985640793d2cdcbf996cf9
SHA256 e3b3a4c9c6403cb8b0aa12d34915b67e4eaa5bb911e102cf77033aa315d66a1e
SHA512 ad5b641d93ad35b3c7a3b56cdf576750d1ad4c63e2a16006739888f0702280cad57dd0a6553ef426111c04ceafd6d1e87f6e7486a171fff77f243311aee83871

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\DismProv.dll

MD5 490be3119ea17fa29329e77b7e416e80
SHA1 c71191c3415c98b7d9c9bbcf1005ce6a813221da
SHA256 ef1e263e1bcc05d9538cb9469dd7dba5093956aa325479c3d2607168cc1c000a
SHA512 6339b030008b7d009d36abf0f9595da9b793264ebdce156d4a330d095a5d7602ba074075ea05fef3dde474fc1d8e778480429de308c121df0bf3075177f26f13

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\OSProvider.dll

MD5 db4c3a07a1d3a45af53a4cf44ed550ad
SHA1 5dea737faadf0422c94f8f50e9588033d53d13b3
SHA256 2165d567aa47264abe2a866bb1bcb01a1455a75a6ea530b1b9a4dda54d08f758
SHA512 5182b80459447f3c1fb63b70ad0370e1da26828a7f73083bec0af875b37888dd12ec5a6d9dc84157fc5b535f473ad7019eb6a53b9a47a2e64e6a8b7fae4cddde

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\LogProvider.dll

MD5 815a4e7a7342224a239232f2c788d7c0
SHA1 430b7526d864cfbd727b75738197230d148de21a
SHA256 a9c8787c79a952779eca82e7389cf5bbde7556e4491b8bfcfd6617740ac7d8a2
SHA512 0c19d1e388ed0855a660135dec7a5e6b72ecbb7eb67ff94000f2399bd07df431be538055a61cfb2937319a0ce060898bb9b6996765117b5acda8fc0bad47a349

C:\Windows\Logs\DISM\dism.log

MD5 f8c49cb756cf2518b609665e610e5fea
SHA1 2c04f6aeb44d501f0c5d260b7d0c4e4656f6711a
SHA256 338894da6c9c07409ef9a9de513257ca112772fd389e14e41408508d068a8710
SHA512 1050e70474a59a5163eb93d03d84ace16f5816610b0b5089eb5e4439cf9a02b24451c726b19e81a7ea8ea38ee9b186ac52d66db04cc21eeafaa40bff342aec42

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\IBSProvider.dll

MD5 120f0a2022f423fc9aadb630250f52c4
SHA1 826df2b752c4f1bba60a77e2b2cf908dd01d3cf7
SHA256 5425382aaa32ffc133adb6458ff516db0e2ad60fac52dd595d53c370f4ba6fa0
SHA512 23e50735c06cef93d11873fc8e5e29fc63dcf3f01dc56822a17c11ca57bbfb10d46fac6351f84ba30050a16d6bd0744a08a4042a9743a6df87ac8a12e81e2764

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\OSProvider.dll.mui

MD5 0633e0fccd477d9b22de4dd5a84abe53
SHA1 e04fb5c3acb35d128c1ea6ee6fb0e9b3fe90d5a9
SHA256 b6758aba17f6cd74923ca0976dd580222851ef6435cd16b3b2b04e85280ce706
SHA512 e95ed1d8069d6f200f0a2ea8dd7688404af9db9ce5e229afcb625a1f9eb46ac9e7a1c2c4c5ce156b190514415679e82e213732e8e890ed1a89af9026e4e73fe3

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\OfflineSetupProvider.dll.mui

MD5 015271d46ab128a854a4e9d214ab8a43
SHA1 2569deff96fb5ad6db924cee2e08a998ddc80b2a
SHA256 692744ce4bba1e82ad1a91ab97eec2bac7146bc995e8e8ed59bc2c7d366af7ec
SHA512 6ba678da0475a6b1872c2e2c151b395a4d97390bed4671d3f918aab5e69cbc9ceafe72c3100ba060ac6586fd37682499fdeef7d7b1ab10f5ec2411c1438ed438

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\OfflineSetupProvider.dll

MD5 9cd7292cca75d278387d2bdfb940003c
SHA1 bab579889ed3ac9cb0f124842c3e495cb2ec92ac
SHA256 b38d322af8e614cc54299effd2164247c75bd7e68e0eb1a428376fcedaca9a6f
SHA512 ebf96839e47bef9e240836b1d02065c703547a2424e05074467fe70f83c1ebf3db6cb71bf0d38848ec25e2e81b4cbb506ced7973b85e2ab2d8e4273de720779d

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\MsiProvider.dll.mui

MD5 c5e60ee2d8534f57fddb81ffce297763
SHA1 78e6b0e03c8bf5802b3ef429b105d7ae3092a8f2
SHA256 1ec7b04a8c25812db99abec82c7b7bf915ae3f7594c5d071231cafab9c1fa145
SHA512 ce654295e8b16da7bd004453ae4a422fe8296a8c2343e56d819883b835c391a02537ecf4d155a281a9d38f2291ee0004506b7fd48a99c0f8881ff1e38ae8ebcc

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\MsiProvider.dll

MD5 9a760ddc9fdca758501faf7e6d9ec368
SHA1 5d395ad119ceb41b776690f9085f508eaaddb263
SHA256 7ff3939e1ef015da8c9577af4edfdd46f0029a2cfe4e3dac574d3175516e095f
SHA512 59d095246b62a7777e7d2d50c2474f4b633a1ae96056e4a4cb5265ccf7432fed0ea5df9b350f44d70b55a726241da10f228d8b5cbee9b0890c0b9dc9e810b139

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\LogProvider.dll.mui

MD5 8933c8d708e5acf5a458824b19fd97da
SHA1 de55756ddbeebc5ad9d3ce950acba5d2fb312331
SHA256 6e51af7cfda6be5419f89d6705c44587556a4abffd388020d7f19e007e122cd6
SHA512 ead5017d9d024a1d7c53634ae725438ea3a34eed8c9056ebbc4ebe5aab2055c0e67687ce7608724e4f66f55aa486a63024967b76a5638cde3dd88b3d3432ca1f

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\IntlProvider.dll.mui

MD5 2eb303db5753eb7a6bb3ab773eeabdcb
SHA1 44c6c38e6ae5f9ce9d7ca9d45a3cc3020b1353e4
SHA256 aa43b64db4fdcd89e56ba5309f3ba2ffac2663ba30514e87c160687f4314221f
SHA512 df1c8cefed4b5ef5a47f9bc0c42776611b3af709938a0900db79c6c9f4fae21acbbb6c4b1cad3c5a2051b622fe7e6e01486d34622742a981623fed933f1b1427

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\IntlProvider.dll

MD5 510e132215cef8d09be40402f355879b
SHA1 cae8659f2d3fd54eb321a8f690267ba93d56c6f1
SHA256 1bb39f3389aa4258a923fa265afa2279688e6cdb14ff771f1621a56b03ddcf52
SHA512 2f7b2ec0e94738838f755759cd35e20ab2138b8eca023ee6ef630ab83a3de1bc0792f12ea0d722abe9a6953626cbddf8ba55ea32fc794d2df677a0625e498ab0

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\ImagingProvider.dll.mui

MD5 f2e2ba029f26341158420f3c4db9a68f
SHA1 1dee9d3dddb41460995ad8913ad701546be1e59d
SHA256 32d8c8fb9a746be209db5c3bdad14f361cf2bef8144c32e5af419c28efd35da3
SHA512 3d45d7bcf21d5df56b516fc18f7dc1bf80e44258b0c810b199a7bc06047a547060956c9d79575b82d9b6992fb5fe64f5b0ef1e408363887ae81a64b6ff9fa03e

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\ImagingProvider.dll

MD5 35e989a1df828378baa340f4e0b2dfcb
SHA1 59ecc73a0b3f55e43dace3b05ff339f24ec2c406
SHA256 874137ee906f91285b9a018735683a0dd21bdeaf2e340cbc54296551ccf8be2d
SHA512 c8d69e37c918881786a8fdab2a2c5d1632411b1f75082aeb3eb24a8ba5f93dcb39b3f4000e651f95452263525d98fd1d3cb834de93bed16fa6f92ef271c3a92a

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\IBSProvider.dll.mui

MD5 d4b67a347900e29392613b5d86fe4ac2
SHA1 fb84756d11bfd638c4b49268b96d0007b26ba2fb
SHA256 4ccfe7883bce7785b1387ad3872230159899a5337d30a2f81a937b74bcbc4ce5
SHA512 af0a2a3f813e1adfff972285c9655f50ce6916caaeff5cb82f6c7d76491ffc9b365a47f19750fc02d7122182bf65aae79ed167886c33f202d5a781ab83d75662

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\GenericProvider.dll.mui

MD5 d6b02daf9583f640269b4d8b8496a5dd
SHA1 e3bc2acd8e6a73b6530bc201902ab714e34b3182
SHA256 9102fa05ed98d902bf6e95b74fdbb745399d4ce4536a29607b2156a0edfeddf0
SHA512 189e87fcc2902e2a8e59773783d80a7d4dd5d2991bd291b0976cbd304f78bd225b353703735b84de41b5f59c37402db634c4acc805d73176cde75ca662efff50

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\GenericProvider.dll

MD5 ef7e2760c0a24453fc78359aea3d7869
SHA1 0ea67f1fd29df2615da43e023e86046e8e46e2e1
SHA256 d39f38402a9309ddd1cba67be470ede348f2bc1bab2f8d565e8f15510761087a
SHA512 be785ba6b564cc4e755b4044ae27f916c009b7d942fcd092aed2ae630b1704e8a2f8b4692648eed481a5eb5355fd2e1ef7f94f6fb519b7e1ff6fc3c5f1aaa06f

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\FolderProvider.dll.mui

MD5 22b4a3a1ec3b6d7aa3bc61d0812dc85f
SHA1 97ae3504a29eb555632d124022d8406fc5b6f662
SHA256 c81a992ecebd9260ff34e41383aaca1c64a9fa4706a4744ac814f0f5daa1e105
SHA512 9329b60a60c45b2486000ed0aff8d260fdac3d0a8789823eaa015eab1a6d577012f9d12502f81bad9902e41545c3c3e77f434bc1a753b4f8430d01db2cdbe26c

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\FolderProvider.dll

MD5 4f3250ecb7a170a5eb18295aa768702d
SHA1 70eb14976ddab023f85bc778621ade1d4b5f4d9d
SHA256 a235317ab7ed89e6530844a78b933d50f6f48ea5df481de158eb99dd8c4ba461
SHA512 e9ce6cced5029d931d82e78e7e609a892bfe239096b55062b78e8ff38cce34ce6dd4e91efb41c4cd6ecf6017d098e4c9b13d6cb4408d761051468ee7f74bc569

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\FfuProvider.dll.mui

MD5 dc826a9cb121e2142b670d0b10022e22
SHA1 b2fe459ede8ba99602ae6ea5fa24f0133cca2bc9
SHA256 ba6695148f96a5d45224324006ae29becfd2a6aa1de947e27371a4eb84e7451a
SHA512 038e9abff445848c882a71836574df0394e73690bc72642c2aa949c1ad820c5cbb4dedc4ee7b5b75fd5ac8a43813d416f23d28973de7a7f0e5c3f7112da6fe1b

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\FfuProvider.dll

MD5 df785c5e4aacaee3bd16642d91492815
SHA1 286330d2ab07512e1f636b90613afcd6529ada1e
SHA256 56cc8d139be12e969fff3bbf47b1f5c62c3db887e3fb97c79cf7d285076f9271
SHA512 3566de60fe76b63940cff3579da94f404c0bc713f2476ba00b9de12dc47973c7c22d5eed1fd667d20cea29b3c3c4fa648e5f44667e8369c192a4b69046e6f745

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\DmiProvider.dll.mui

MD5 b7252234aa43b7295bb62336adc1b85c
SHA1 b2c42a5af79530e7cf9bcf54fd76ae9d5f234d7f
SHA256 73709c25dc5300a435e53df97fc01a7dc184b56796cae48ee728d54d26076d6c
SHA512 88241009b342eb1205b10f7725a7cb1ec2c7135606459d038c4b8847efd9d5e0ad4749621f8df93746dd3ba8ab92d1b0f513ed10e2ba712a7991716f4c062358

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\DmiProvider.dll

MD5 ea8488990b95ce4ef6b4e210e0d963b2
SHA1 cd8bf723aa9690b8ca9a0215321e8148626a27d1
SHA256 04f851b9d5e58ed002ad768bdcc475f22905fb1dab8341e9b3128df6eaa25b98
SHA512 56562131cbe5f0ea5a2508f5bfed88f21413526f1539fe4864ece5b0e03a18513f3db33c07e7abd7b8aaffc34a7587952b96bb9990d9f4efa886f613d95a5b1b

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\dismprov.dll.mui

MD5 7d06108999cc83eb3a23eadcebb547a5
SHA1 200866d87a490d17f6f8b17b26225afeb6d39446
SHA256 cf8cc85cdd12cf4a02df5274f8d0cdc625c6409fe80866b3052b7d5a862ac311
SHA512 9f024aa89392fbbbabe62a58857e5ad5250e05f23d7f78fc9a09f535463446796dd6e37aab5e38dfc0bf5b15533844f63b3bddcb5cb9335901e099f65f9d8002

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\DismCore.dll.mui

MD5 7a15f6e845f0679de593c5896fe171f9
SHA1 0c923dfaffb56b56cba0c28a4eacb66b1b91a1f4
SHA256 f91e3c35b472f95d7b1ae3dc83f9d6bfde33515aa29e8b310f55d9fe66466419
SHA512 5a0373f1fb076a0059cac8f30fe415e06ed880795f84283911bec75de0977baf52432b740b429496999cedf5cca45efd6ef010700e2d9a1887438056c8c573ca

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\DismCore.dll

MD5 b1f793773dc727b4af1648d6d61f5602
SHA1 be7ed4e121c39989f2fb343558171ef8b5f7af68
SHA256 af7f342adf5b533ea6978b68064f39bfb1e4ad3b572ae1b7f2287f5533334d4e
SHA512 66a92bff5869a56a7931d7ed9881d79c22ba741c55fb42c11364f037e1ec99902db2679b67a7e60cbf760740d5b47dcf1a6dcfae5ad6711a0bd7f086cc054eed

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\CbsProvider.dll.mui

MD5 6c51a3187d2464c48cc8550b141e25c5
SHA1 a42e5ae0a3090b5ab4376058e506b111405d5508
SHA256 d7a0253d6586e7bbfb0acb6facd9a326b32ba1642b458f5b5ed27feccb4fc199
SHA512 87a9e997d55bc6dbd05af1291fb78cd02266641d018ccfeb6826cb0de205aaf8a57b49e587462dbb6df2b86b54f91c0c5d3f87e64d7dbb2aea75ef143c5447ba

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\AssocProvider.dll.mui

MD5 8833761572f0964bdc1bea6e1667f458
SHA1 166260a12c3399a9aa298932862569756b4ecc45
SHA256 b18c6ce1558c9ef6942a3bce246a46557c2a7d12aec6c4a07e4fa84dd5c422f5
SHA512 2a907354ec9a1920b9d1d2aeb9ff7c7314854b36a27f7d88aca17825e74a87413dbe7d1c3fde6a2410b5934f8c80a76f8bb6b7f12e7cfc643ce6622ca516d9b8

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\AssocProvider.dll

MD5 94dc379aa020d365ea5a32c4fab7f6a3
SHA1 7270573fd7df3f3c996a772f85915e5982ad30a1
SHA256 dc6a5930c2b9a11204d2e22a3e8d14c28e5bdac548548e256ba7ffa79bd8c907
SHA512 998fd10a1f43024a2398491e3764748c0b990b37d8b3c820d281296f8da8f1a2f97073f4fd83543994a6e326fa7e299cb5f59e609358cd77af996175782eeaca

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\en-US\AppxProvider.dll.mui

MD5 bd0dd9c5a602cb0ad7eabc16b3c1abfc
SHA1 cede6e6a55d972c22da4bc9e0389759690e6b37f
SHA256 8af0073f8a023f55866e48bf3b902dfa7f41c51b0e8b0fe06f8c496d41f9a7b3
SHA512 86351dc31118fc5a12fad6f549aa60c45ebe92b3ce5b90376e41f60d6d168a8a9f6c35320fc2cdcc750e67a5751651657fe64cf42690943500afd0d1dae2cd0c

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\AppxProvider.dll

MD5 a7927846f2bd5e6ab6159fbe762990b1
SHA1 8e3b40c0783cc88765bbc02ccc781960e4592f3f
SHA256 913f97dd219eeb7d5f7534361037fe1ecc3a637eb48d67b1c8afa8b5f951ba2f
SHA512 1eafece2f6aa881193e6374b81d7a7c8555346756ed53b11ca1678f1f3ffb70ae3dea0a30c5a0aab8be45db9c31d78f30f026bb22a7519a0930483d50507243f

C:\Users\Admin\AppData\Local\Temp\2D2F33F2-4C9E-413A-A211-90F464D4309A\CbsProvider.dll

MD5 6ad0376a375e747e66f29fb7877da7d0
SHA1 a0de5966453ff2c899f00f165bbff50214b5ea39
SHA256 4c9a4ab6596626482dd2190034fcb3fafebe88a961423962ad577e873ef5008f
SHA512 8a97b2cc96ec975188e53e428d0fc2c562f4c3493d3c354e316c7f89a0bd25c84246807c9977f0afdda3291b8c23d518a36fd967d8f9d4d2ce7b0af11b96eb18

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

MD5 46c50dc50d9be92829b9d6fd4678c11d
SHA1 3c0b0493b9e6269a1a00c48720c7fd97c04ddd4f
SHA256 d9c15d4a7e2b1a320154a5c61af012242e3408a5c5519cbb4e93a7843692cf50
SHA512 340fdbc7618e86ef4178142aa9012ab9317869b85ac148fcd31c0c2fff007114eaccbf60ee829be99890d36b7d5e1a78c4617e40a538735a8b01002d4d5e41e9

memory/2456-786-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-785-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-784-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-783-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-787-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-782-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-788-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-790-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-793-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-792-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-791-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-789-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-794-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-795-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-796-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-804-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-803-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-802-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-801-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-800-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-799-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-798-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-797-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

memory/2456-805-0x00007FF7DEDF0000-0x00007FF7DEE00000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 b26a43adc13d6fb414c39e939de2254b
SHA1 e657b3dd38255e95dc44e2166f34c2de2f7ce6a3
SHA256 ba8543689dcc05ef64c79e4c82ba595942134d38e4abf65c65f737ef2ecaf3d9
SHA512 1e122f8251aeca8213a57a204c3358203e14fcaa63b60c26a52b621f1f912a3190250320378c0bd756a837c6e7835c8d503931047c45b0fda3712381765cf53c

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 967bcf7144ee944a85904ff262eccedb
SHA1 6b4f74c936fc2d38319e395c2c79ac094db5a387
SHA256 3f5aed9dafd356c4c09fb0aff5808c3722be4611ecaba28226495fd2854b6ec8
SHA512 b29ba0c64df396e526960843487513d7a1721a4dfbc412045589fd37334c37bea79e13bec68e63bf454b1e179ad01379612c5b0d43e11b936fb60adcc2582716

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 c2c7cbd6f4662585cad339a6e09aee5f
SHA1 734208aae6dc38ab90c6e58fb8f90b750bb2834b
SHA256 1dd5a84815cefa3029d70398efa53196128ee63834f87bb63d4beb7e880dc07b
SHA512 1854c842b362985fc430883f0bd42903c730a85e224721b664bc5a8f7f928741ded85249079f629481eb57de34cfdf3c4087aefa91cbe11b90a7e594635ac49d

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 0d27372262829bcd47532237c465d223
SHA1 452e4a2a8dfe4605c018b17009309b509461f3c4
SHA256 4c33e4562850e64fa8d46357f8ecc290d4c979746fb1ad04271fc593aa52f870
SHA512 3960a5bf390b21f53a502c33f3b05c27f0fc92cada95fb103349961303176c8faff6145b973cfff03cf50821b9c02771a5734618377a14a44f59dca1ce875289

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 fe27643c7fac8f2e15155a24d1aad0d7
SHA1 bf77e5a0ca36cd1c1e38301dc8ea605a5cc6e632
SHA256 d2f076a469015083db3b77e3992936be891793c5fa5a1a587e9236d486787872
SHA512 1af762d12135fa298070e0883215bdf177bbcb1befad5a35e023eadd962a0b0d709aa715065f603fe8f67d8f0b589c0f3820ea1f624739cdb19b517a4eb3cf5e

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 3ecc76b3bd9c72ae52471c6450d3e5a9
SHA1 e13613a897e9c7d242b97df78fa79adb29c66cf2
SHA256 3113e4ade65b8dc25fb215433ce01b720cb389abdec2ea1f4fefa721bb80bbca
SHA512 bebb884ea679b69313fa40ba96fcd9166f6cd1d6f9844b77fb2caee7e317cd465d7c56f2843439b8687cf58a530645f4ecb2a3b5141b2f53066c47b4833f7507

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 bd38ea5ccd891a08af20f1a1305deebb
SHA1 6237639c4b35f85fa7fda83babbf6530153a83ed
SHA256 3e902920a51e303c9e269366643542154b1d90d7b408f86251701a5b90304533
SHA512 fecc9c8984828918fcd6a6431d7695a8dfad854ba32cb49a546537cf96fb5b67912b870fae343c0487a9e7016806717d0be3cb40bd92db34c3e17e0bd98eb42a

C:\Windows\Logs\DISM\dism.log

MD5 4b7aa5a1b9f017b28e316aab90a67255
SHA1 9bc8f9ffcfb7d445a91cb7a479ce76bbf988f574
SHA256 752d97c58e6457d61edb954a675da991b45ba7c573f7142788aa107781a219ab
SHA512 74f3a9e4f1a90eae19f18db033de7a26548f28331d598ddab035846c7b862dfb99c431bc9b0ce88987bf937b48f43939a932e1cd75deda2626fc73d5e121aa9b

memory/1688-2533-0x0000000002CB0000-0x0000000002CE6000-memory.dmp

memory/1688-2534-0x00000000058B0000-0x0000000005ED8000-memory.dmp

memory/1688-2535-0x0000000005710000-0x0000000005732000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wln0xwrv.bsq.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1688-2545-0x0000000005FC0000-0x0000000006314000-memory.dmp

memory/1688-2546-0x00000000065F0000-0x000000000660E000-memory.dmp

memory/1688-2547-0x0000000006680000-0x00000000066CC000-memory.dmp

memory/1688-2665-0x00000000077A0000-0x00000000077D2000-memory.dmp

memory/1688-2666-0x000000006E3C0000-0x000000006E40C000-memory.dmp

memory/1688-2676-0x0000000006BC0000-0x0000000006BDE000-memory.dmp

memory/1688-2677-0x00000000077E0000-0x0000000007883000-memory.dmp

memory/1688-2678-0x0000000007F50000-0x00000000085CA000-memory.dmp

memory/1688-2679-0x0000000007980000-0x000000000798A000-memory.dmp

memory/1688-2680-0x0000000007B90000-0x0000000007C26000-memory.dmp

memory/1688-2683-0x0000000007B10000-0x0000000007B21000-memory.dmp

memory/1688-2685-0x0000000007C30000-0x0000000007C4A000-memory.dmp

memory/1688-2684-0x0000000007B50000-0x0000000007B5E000-memory.dmp

memory/1916-2734-0x0000000006100000-0x0000000006454000-memory.dmp

memory/1916-2740-0x0000000006870000-0x00000000068BC000-memory.dmp

memory/1916-2743-0x000000006E3A0000-0x000000006E3EC000-memory.dmp

memory/1916-2753-0x0000000007A10000-0x0000000007AB3000-memory.dmp

memory/1916-2758-0x0000000007CF0000-0x0000000007D01000-memory.dmp

memory/2968-2819-0x000000006E3A0000-0x000000006E3EC000-memory.dmp

C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 f942900ff0a10f251d338c612c456948
SHA1 4a283d3c8f3dc491e43c430d97c3489ee7a3d320
SHA256 38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6
SHA512 9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 d45edb02f0515d6f6659681663827565
SHA1 207bebd0ff31eeaedd20088699a3d9513ccc8304
SHA256 b613f028045d39b54e6b1270feff5bc5ee4bcc735d2cf851a55bb76826c0dd03
SHA512 192bdea316b2e9f60c5ec5ab59bfd71fcaee17bbe5cd9670ba40acc7432fc6e7d37bc69aa4a24c62a2e188e80bf58dd782cce156e554f8363163798035cc0b77

C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_423865438\684c0d08-dc29-4938-993c-d6e313237a04.tmp

MD5 470eddfc6be61d0294b49a93fbbd3097
SHA1 032df0023d097b4db11870bb9c383bd3c99dea10
SHA256 fcbe9724ad70ea2c010ceee199a93629f740f2eb3a65bdb8e2566a49ab2939b8
SHA512 eb144c92400f07e5690bcc8c5a8ee83ce08cc50d83e531ad217f6ebc44f15cac35ea69ef6273c23a2c06373a5fdd8f86ac3b953078c7105d4edff617e426c1b3

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 f157fe433ce9ede0edf89f123cb13d66
SHA1 56a3db73ee15aaa7a084181a18d0b9e40c8468a2
SHA256 473f2b4981ffbde4025bc37830f58bbaa18d7f0c8f63159fdf1ea11391827451
SHA512 513603e5e12b49e54c9524066e218b5ad1915a5b82a8c93d15a20707edeed4266dd3bbbef8625b8cab1deb14c0fde2b5ceea8baccd099a72e3fbf41980fda622

C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_423865438\CRX_INSTALL\interactive_balloon.js

MD5 8811c08dba69f3dd5c1be93169bd13ba
SHA1 e00f8bebcffecdad1a0efd4cf297989b5424cb14
SHA256 5a1312afd6924fa1ddd84e14e420c13cb94980886a3fee322647e29a3a7325fd
SHA512 872cd6836cf9d43c9a6e7b3cedf75fa3b81f907ce322f90b6d80f5b07c28ab6ed8b70d7ff6fc2a673535c499d695ae3f2d82ee9e144e15b66cec6b78074e3708

C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_423865438\CRX_INSTALL\foreground_sidebar_main.js

MD5 43ceffcafd041daf7c35b211e12f17ae
SHA1 26715819501a643b58eb42de481ee2868a9ca16b
SHA256 074df0956661365088dab38ab58996e37c5ed65ab07c784ca496dca82edbaa0d
SHA512 b44001dd7598c9f18c5484a4aa6551658860ddbd9d2a998f5c306ebfc2edf760eef9ffc3783ea787e6103aca707cae8a809faecf2a3eaf0c1623c84f45b4e5ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 44ae974761506a85c53b31cbcf020b0f
SHA1 749365e712232ed56f57a8daaa72ce6ad290dd0a
SHA256 584397cedaea4216c3ea830f2a7525c88da39ae426a0c167504341b40bb00bbe
SHA512 33ee2be5ec9d1e084f7014442c40fefbc6cd4535ebeb5071e8f1b0f0f2122c71c017fffbc1de50969c612e1ea9338219605056c51c843642d2e3d25db8ca15fd

C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_423865438\CRX_INSTALL\about.js

MD5 2fdfe23e0bdf0b0d9b7d9f79c1ddb806
SHA1 427278389f92e127018ab6d3c990957d93a3a95e
SHA256 ef8d6acf796f3c3051c5a86d1c4551e2748976be9869a1c7a4f9ea9b539a040d
SHA512 cecdc80f93aa751613d6451a8b2cd7086b55be25979bda521fcf8d19cdf1cd275bbbce95c731024d68250be742ced20588ca70c80d3bc4379358e694386dd355

C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_423865438\CRX_INSTALL\scripts\content_mb_precheck_injection.js

MD5 939e3feeadb38a710fd2a685daf6a25a
SHA1 66a775d78acfb857fef7e2c65e1f67212e7e4766
SHA256 b31305943cfee4a860bf5bb61843bbd4c726486044157bc830995041b12e3886
SHA512 2b6765d989930b804ea8b6d95dfadac06b8ca50d2741312ef49304b1180bb6432d372a836cbcc6d18073a489ddb23ef987753cf67d48c37770978e47f65d6526

C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_423865438\CRX_INSTALL\scripts\content_mb_activate_banner.js

MD5 72f681919fb53451642dad3d834d1824
SHA1 8c168c97591260fa5e5193ca7097732eb26dcd1e
SHA256 812544f35ac9423932a55a777e448568d3c0839ae9bf64ff5f3bb40d9420d161
SHA512 5a3dbe1fb4de71f64d414a366434903db124006c138e620990861ddcedfe437da127b67aa15ddfe073fc61c52b155dbd15f187901066d3ea85c605e566688630

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_aps_toast.js

MD5 41e5370c014f412d9163a5df7aa7e91a
SHA1 192cf99c2305c29f370d68b8f1db4cce4e5592ef
SHA256 2890b55945eb4d2720b30b31a8ae70f05613921629735c9524c69aa9b5abe336
SHA512 bd48f01ae972130fed1bab412ae6b2568f2ab0c542f79cd9382b805ab03f4738a889cc718a4200759c6e5e01fcf7e9a093875c1fbb48e552dceb283226f70aff

C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_423865438\CRX_INSTALL\images\browser_action\green_20.png

MD5 d498609be39540e6b441da31c3de20af
SHA1 1780747374c57bf886b33e957d561ae2367ee09c
SHA256 8526ea04f38e5632fb77272d9b03c0ba6bc4baa7fa25fef8adae81769e87f078
SHA512 74b567d12a49e3e984b2801eec23cd12c26383ffdaaba56b2971288e2e9d7da29fc94bc35eb12c8e00795d599ecc81154c606e9e5acac883f5e474e2fef7454e

C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_423865438\CRX_INSTALL\images\browser_action\green_32.png

MD5 a646de09c67221f0b5635b208852fa43
SHA1 4dd709d378ec9e3b7b88d3400c7c0d159dd7a46e
SHA256 0337efdfd486d0877b3eae8a9c251e8c56c1e6787f48a412ad4b32504a46e1d5
SHA512 cced6b598b00ca4bb968234b8b08ad40fd2f8ea075a76ef6b14644f48b012ff7f95eda4317e1827bfd5517eb70cda95dcd40c0b110a28739a3e166d7ddbfcec8

C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_423865438\CRX_INSTALL\images\browser_action\green_40.png

MD5 844950e5c560a509d18d08fde84cae1e
SHA1 f6b9fe291596760c54ef3bda7e86539ed1bc174b
SHA256 fb5b7a7cf4511a085f10c7892c30cd6e96bc1dfcfa77130187203012975c4b32
SHA512 b9e3b0efe15fe08dc36f715379f85e4152656bfa5cfcfb68ead4053c64c7c713c7c01cfc473147ccea64c2d210b49dd9078ca37b42c56353bc52939011a6c64b

C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_423865438\CRX_INSTALL\images\browser_action\green_16.png

MD5 916575e87ca461fde65edc2dcccb0134
SHA1 bd0a7d65b1511b0124ad926b51dd2c98d47d1f5f
SHA256 073a0ce56d034c829b3c09102dbf50b4a9760118a3a49a5885fdb44abf36a58e
SHA512 99dab1542909ffd3c0fb81dc68f9563dc1be20bfa1e3fd1c96e63261ea2b40a5bc814281de42d17a5924f20de8d1ab97cf1c55eca676416e4cb5421229475efd

C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_423865438\CRX_INSTALL\css\ff_policy.css

MD5 feceb462e4133beda13a210ea234ee51
SHA1 e32e8ad6bc1d213a3b444c4f017583189c3c4e5d
SHA256 1f2923645b40e5ea60a00f29945e03144656603bc064bf10901cdad1b5491896
SHA512 28aa3eb3fa94b508f838be2af0562b19d4146aa820e264f908e221904048d47cbea4bb66dd60c161e838fa511a6f9d7e96299dd20ad92590739cc0603afc307b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\site_status_block_page.css

MD5 90a02c68cb9471c313487e296572223f
SHA1 937bfa77ae5ea12772daa5332f700af632e1e15c
SHA256 ef6fcf6e424f02b5cbce437bd6fcfef2fadd11ed8188537264117fdc675372f4
SHA512 ebec11bcbd02d6dab852fa03a2fc0b6e424fab3d7d3e9238b1d8379751e8b2f38630d4cc180364acf411089b4c871cef5d1ab83f52dd007e5bc94e6bc8ee6821

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\settings.js

MD5 311b9e0ae06392b9d0332c495fa1e613
SHA1 18a5293786680bbac0277382152294bf035359c9
SHA256 39aa50a7ce35b397a38c34f5a17b08d90ec42b4ffc0da4e1c2cace142ee8cc16
SHA512 16d196ef1ffce2d54936c9c1aeee19083435c1cc8c765e27bcb060703ae7d2fd00602726085538ac0756a910d11389ab654f0a47c81d53aa0385a68382683de4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_aps_balloon.js

MD5 0f18a6f2b5b77c1518e3f7b3fe3e6fbf
SHA1 2830d44077c36dd4dac84048ddf483ecfb10d87e
SHA256 0aee6955f7ddd91f96763de684f33cc45eedfaa20d75cad99bef0366a14703f7
SHA512 87956c01bacacaf0351c6ca0b63671927ca08e6491170a955e9cf1c1bbb09e32af9890a63b0f2f3313e3f8b77ba39e7876501f3a8daa088bea8577f06b306d3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_annotation.js

MD5 babaaf5877dcb58d1bc4e03fb3ad7d75
SHA1 003f8b56bf6057e8a4dc83dd1acf16f07f30fbdd
SHA256 db6a89e0a68d694b27af76726e0d1981297858399175c7f0c965f0f3157b90d0
SHA512 22b9681ebf57d62f682eb21da8216194fc79c7de664906a7b7646acc4fc790e7c388e6af26545309fc35abb99d2482b21fb48757f7ff4850c5c9ddc6f236835e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\cs\messages.json

MD5 8c5c6fd0ff5566b17891299e6ec912c6
SHA1 1ac1fd6eab6652963f187cf038a3c3cdd41b3515
SHA256 2f66acd9e90fe321372c9d81bfc8192b6c88d07179432f88218fbb522c49966e
SHA512 f2efd6d802fa283a1a1c3373888db8bb4f0e872d4f15145311fb27958111ce839b748ba7ab226f6ea8debd8903a8b3f447e7282ba692c6467998d317cc74a296

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\da\messages.json

MD5 64823d82253e95f7d072ff7d2ddf557d
SHA1 7d8a7ded1061ceceb7bf2f2e05818d4bf3a845eb
SHA256 55d7aa51e49c0ad85518c0325ef9cf8d20ab408f8e27ce70bfac41678696846d
SHA512 e2c489e125573fb60699a7a698299818ba338d3c0dc3210558b633dd5d890c100943407e0ca86ac3a5fce5fc09b38cacd3348cf0c3eed0977cc63b23c8eb5c87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\de\messages.json

MD5 b5e14d7aaff68f904ec70524d48de4cb
SHA1 33aece14c75c7945e5efcac84e5f3ca0ed2d9a8c
SHA256 7c5b5d309d44dea032097c915d522acb44c748b02a573d3d5782634b406b6705
SHA512 dd4a67e9b4a0c7ba57454884695a9e0bdfee5da5b03377547772c5c3022a44cd020e821c2b738f96af99c1ce0945f33aa587ea890f244c8c35c82b3ccbbdaea7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\el\messages.json

MD5 b97e385a1fdb8f2dfe3026b128348d42
SHA1 729ac5da03cb8e3ba18ae46dd8721604dfb328b5
SHA256 7baaeec52068bfd9672ca378a29d22898aba080a46eb649fd6101f86461f919c
SHA512 464e2767d71d2176b0989adae313a0c5cbd826ccf089f6deea7180fdfdf1c1bbd3b956b068dc6d52512a2a5b2408f2675bde3712c70728767535d316efe57c83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\en\messages.json

MD5 bb2f9c26a7e2012c6b86d707d155aa26
SHA1 82492a98ba005e3c92d7d6b6eeab04e3f0d3e3a1
SHA256 01aa1c87c1b8b659a5cff110b11f432c3dca45c320d0c8bf0ee4942cd936b906
SHA512 67b2744a1bf5e8a3d551f11c9a09a167a580a1b5ad680dcdc288aa16af6ed180a0414ebeb5bfccf74c78457688d6a09c73f29f43b0a97a595b3f54f11be5024d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\es\messages.json

MD5 e784323ec9c9690491f2d62141836c2f
SHA1 3ccc50fced47b08183671a460006a32c5b4513ac
SHA256 87a0a5aa4b27e12a1fde8263017e929668a1f0880b54f456d99a5559806aa1e7
SHA512 b42a4fbbb9d90a4f97c6fa4e658f1d8c5920750c3d0aba91c78820d318da121ef0e5741aacc83988d06fd4500c237fe873eed2cce2fe8e1de93f1114986049d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\es_419\messages.json

MD5 3b5e05ec5d73c1e55624a6c7f51af10c
SHA1 296c5c266295cc47ce1d13fff9f0dcddbc715df9
SHA256 9fafa0c86ca1c5ac3bf1f23a30212f2069fb67b042c6975084b40503807f3b02
SHA512 5a0ddc285ea459f319da866a1566319ea95efbab52e106415b3dff776df1a7f8c3ed66ffbfe3cf0d1376e1979b729bb99e07e3086e734889bc7fb847e03dadf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\fi\messages.json

MD5 53ff5c711f362dd30205cf93f1f51f86
SHA1 611b9937413ce70d10be0ac606f004d9bb716dbd
SHA256 f5e0794e60dd0fe149f34916518802bbd528bf4cdad9388e70eef13946995f07
SHA512 4dec49f2026466b4c2108b68f645a6aba7ecbf30ed696a731e96962f966b18534c58e9196383d9c34c52f86dcd6723731245281f9e80d3b2abad2af98d584f74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\fr\messages.json

MD5 0d0edd8e008c87577b52783d8e9a1646
SHA1 f4855dd21f9cb1324488958f3519fdb0ee9f9fe3
SHA256 4f30803138ff93735d812cbd3a1e8c1fa0cd5d3384089aa1bc20d27786439ac1
SHA512 489d38d4c291159e8d6c15fde89fdad4c92d56797d720e91485478d018eafefb7ba0b08f8f31c93bc23979bd63de7da143ac938011583dbcfa87eb8053327b4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\fr_CA\messages.json

MD5 5c5db79d5444a9d7f6fd800bcc23fdb8
SHA1 48bc08c2fe2c71d0593cb600e9ea6d68df992346
SHA256 bee534eb4364a49fcc7bdc07b3ce9eb537e95edf0fe254b7ff870fa185cc3e51
SHA512 00a0435104a0e0601dc1d5033dead78b80840bd2b5694aea2e9debd8354819f89139d74826450aa8107d7a70c5455a836f452b4a1335a33f82ba5938b8cb7288

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\hr\messages.json

MD5 0a79ba9ff40da35fbb8e48b11c0f2b14
SHA1 8995930877aafd26615642e1dbf1737a90ddbe68
SHA256 2f3e9c8f641430e8f53db65080a9460c80f43c0d0833db17269570905de2afdf
SHA512 764e0f962ee424c6015eed694dcbba16cb82f62f14a72e250e0f26abcdd127de5bdfa037d7d24612fc2df710fb6171654b9cebbaff1427f2a70ead97dc9f38df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\hu\messages.json

MD5 c4b6fb1715907c06d905e05eb99ad256
SHA1 ae993d7f4b9da0e7bd774ef2063e211841bf46c9
SHA256 c0a65a9c1ef5230359ab6c2d74d9bb69a658d38c5949ecc322b896e8b95ba1c7
SHA512 fe2a7beecddf0976181343efce0d15f0ce5e2087fb3a8941452dce718e92f2c9d7f56e42804e25bfcda5f53a07170df828cec949cdaa0bc9d42ea3ee96fd0dde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\it\messages.json

MD5 bc20290b3c8d90a8bb7da36d970946ad
SHA1 c510948167c51e4a2919fcfae50e84ab3cdaa456
SHA256 33643d3986e8ed6ad656c10cae4662c92a95903a00233e56b2ba43a094a38b48
SHA512 850319e579f49242a2f775c672daf882df116b0d38ea9cac6d6288359811e64e5423a0d0c3611e10a7f64e9569417146c7c9f69c21eb56eb4b82c4216218d72f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\ja\messages.json

MD5 e276fade2b07dffcd458e0f2fe31022d
SHA1 a94e31ea67e1d1f9dfa12fc0da3d5abdfe4b25ad
SHA256 9562fefeec3e975b8da43a82746581fb4d4fdf2f61d37f5afc8af3c23e12057c
SHA512 b337c02ba6dd27fe5ee0d8c3eb2c3d67ffbd6a6e36ebf09f3674e42308f2c99a4dc977334295a4f435cc7ee64c6f27a74dff48e74493fdc1dc4f64def6163a87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\ko\messages.json

MD5 ffabe1cf4dde5600bc747c44ba4983ab
SHA1 8137e8f8681e13c607bbd150282360c4f6e79092
SHA256 de486faa3fb52b712e8b3befd0c47a5a6706abe255ada23361277580fc732143
SHA512 f0299dcaf275fdf4e1c0d403ef11f4556636a72cf6d086ae3f8c4b09ee2a7d4ebb4e028b8f69e1a8797baa80c0826b6ec73478d107bfc63643df8da7747b9e66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\nb\messages.json

MD5 6a65cc4806bf067b9a2ee7e3c4c14e61
SHA1 79827a4756d6cf45aa638879d00c5dd50b2e15fc
SHA256 d191db06a165cff18fca6d2f73ffb58f3ba5b10c52ff77d089c97a5e4892a5e6
SHA512 549885e78b0d28cf39bf8763c8a044780a63ae681c1297c0387d6e4f1dbd4ac3335081453f89863afe33c628e317f8eabae81d31ea5f19bcc55fc21e5a8cd6f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\nl\messages.json

MD5 bb11132a94d08b0388ee4fe7f28f532e
SHA1 904a70c5d035d4455e63aa063cf9fe1e0a30d012
SHA256 5df5b5b278eafc00ec19e349a8f2c68cdd6c43f914209b14c8f59e816ecc98fb
SHA512 afa94fe7a8cbdb848d24c5c1f0efe296d3892988ae9b00d4bcbf72a45225e459a419c0015aff1f7683dd5465915b17439b406095763776ed27cebc44ebaac290

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\pl\messages.json

MD5 88eda8badc680d9bb6b11f0c1bf36d82
SHA1 669da6e8c49b1e5769d932ac00b98fe33331208a
SHA256 936695715f05e73c3242c79f9c9a87676edefcfa1ade03d319eb375952c9c205
SHA512 55834e310ed3bab2e7c7c3f1aa07145b27c14978dc2d8457a456937b69cefcb3882e63b748d2e760b0ab1b97f6012b3c2686259c442a9394e9bd34202617d729

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\pt_BR\messages.json

MD5 70e55405dcebe4772576aa0e10e20d32
SHA1 a5dd3f96b70a98c2f19ef37868daa941de37d68b
SHA256 fd4baaa95740ffbde28626cfa708b913b3c5b801a17e098046e18e68bd594b72
SHA512 1f1effe153ee666463ac3a905b6576881d50f1e0dbd6e54d42fbed6954d3db5186a1ccfb28d071531099cc1c457a9033e22c8078ed3b65e757483f8b844d45eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\pt_PT\messages.json

MD5 3956cec584afd7416af5de4c4ef33d88
SHA1 faf5f955eaa6018b612dee42cc538958415f60cd
SHA256 c3a77e80afe5b186c8052eee82c200cea780e0b3e3704c2659935193eb55ee3a
SHA512 b97afb03f3f04ec29a581b1fef7e96038c4e7c6d16d919fc123e1641e2bf58fc91fde1e92f7ecd7f5ab99b7027ba2f1bf6024e6ecc0973f8080cbef6ef25d906

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\ru\messages.json

MD5 c80006a22bf2c0969546281f72fbf243
SHA1 67a66fd234f7e79699b521b66474d788aa83b8cb
SHA256 71a4050b25eb9edbf9e487cd53decc23093770c135cd2b0d14853700545520fc
SHA512 a5ce4399ab585ebfd34828b283f07f23ae7722e47709b0cde015eb2c46e676a19a13fc2249e28572fdea891fa30cd5d58bbd58316b801b3c91c4d8e6910e483e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\sk\messages.json

MD5 8f2c18e2a051a53e7185b55b2247bb86
SHA1 af7ff3772426836599a94f75e62338fdfd6ae316
SHA256 7ab379d665ca2a312d6239d4dac708795fc5908ab91f11f6e019f6cc1da079f3
SHA512 105db86e37bd08dc12a565673e9c8c0fcf52b29d883146e8a9e64c62e23f7a1ecb3df58ce4c76abfff1af8780dfb11062e0c81b4529f9e402f9a1261526384d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\sr\messages.json

MD5 902339e3e08d9b51bda781c116919065
SHA1 08edd441bb7a6fe243ef99f45dabb3f575da0c32
SHA256 05d26726f205b6b1fb417377cb5a7ff9471195517c20bf382a73b45f03cf35b5
SHA512 7d02fe8d91962a2cc5b1ceab18a7af2b36fbf7d107e89c0ebf0f102bd6baebc2f9b9582378b7f1f3fa79fbe6b0c00fb3598fb39b5efea5e820a5c7e9b52debb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\sv\messages.json

MD5 149e3da2a5ec6487a3a6100cf1fa0041
SHA1 45a810f4b2993b855f75a7b0f635c4b34ab721d3
SHA256 42e3e168c68faeda1ba10fc3ab190a6b1cbec93614c1e3053e6bf7dadae1c8ce
SHA512 029c0f7f8cfa94edbd5072d21544224edeb48fb3e6cd776ae4f466e35af55040d481929cb4c23cc8954a785f425429e10deb6ba4baf77001416dde51c6b22364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\tr\messages.json

MD5 85b89e76e757c91681de625e2e1e2143
SHA1 170f735e8eba9768024d119e03aeaf0d9ebb8dad
SHA256 babc4b4777477e6975eee6bd72bc208b01894e6d5ca789f2819c0d94255a6dfe
SHA512 af8118e473e3fbbfbd21fad367209945b5cd2b7e63cb4c8f2ba3ab74a1705694d179b7a482d4bbeb87fbe3df0c6118fd90e1ef8ae9ae78f2f18f4c62a255fed8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\zh_CN\messages.json

MD5 9fdf4828944199a682617fa7ff2ecd54
SHA1 877e8023357ac49f165c33781bd36686944d13f8
SHA256 a784a41771a528b3f04ab1beb4aa64c9b3d26a540bbabdb8ebec4787e844742e
SHA512 33b0bcf6e3c2d7e1ca11b0d996667038a45861cd25d11bcd67ffc071ebfbd9f4f137cc8a284964d5c660eaa05dd2221f96fba55bcadf1df460a178e130fa9e53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\web_advisor\info_icon.svg

MD5 805d40b882a7ca79ad60df3d018b0e6f
SHA1 e65a069d1bff4ab4b0eace108a6a47e039ece7ad
SHA256 5b036dfe0243742aeff3f5ef525ec9d0c4c25d30591a1f5b7b071c72332a6f84
SHA512 3b250b00041ded9b0d87dd74eaf5f05843375ffbc1b3e4f45e76d29ff78e663abbd944b41d845f820bff541fa6c4a6aadce83e6619cc731b72079ed86fdc26b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\no_native_toast\download_native.svg

MD5 c8ef16b50a70d00e82fb1b146827ed47
SHA1 3610f8b0e9d5bf0819740f4a6dcc548bb804bb4a
SHA256 0674b07783bda3911a905cd35564a8d6cae9fcd76a1bd97648da8ea46f19189e
SHA512 158d1ae406add704cbd857d99424612e22349e3370d2ea0d74fe595686f5769f7e6c5f9e164ed43bea616e3d9a4429f5d6182441930c3f554e30e36dcadafa65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\scripts\content_mb_page_banner.css

MD5 2f27295c48076e3bcd646e42f194b4c6
SHA1 ca91e5a9c906a15db7f82dab2c5371aca901969b
SHA256 132bf0a1951bbd2acd31052906b1ff01e6957c522fb1b33dbdd6bd0534d0639e
SHA512 304bedb9dd390c8fbfa34cc194b1c52a25218ef956f0fdc3c6bb770cf67665ca66e7f59dc28777dc86ef5d037c463903d2d40a0ba81b49d19692af1fbe2fdf53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\scripts\content_mb_activate_banner.css

MD5 5c588686d5cc5001fcccb71bda1ffe52
SHA1 72715498487763855bda33f5854be1415d80cd7b
SHA256 d6ac22b80ee716c25b3628bdb0e2eae7b749e0bfaee8cebbfc8e3a6d24a58519
SHA512 cb087e3840197bbedf94e7f6eb277cfdfca80c3693b0c078c27b78f65b2e04d5024eba4de39fa8d5a43773458894a30baf5d296a695b62f8a4a90241ca1e5c83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\topbar_iframe_block.css

MD5 db4682244b17ad95a607fc0fdc147c1b
SHA1 86debb7dc600df78230e790a4f43eb9289ca46de
SHA256 320e6dd481beb9edd0cace112f85ba879548541b1fce0faee2b61ea28099dfcc
SHA512 7a3302cf1128520b47014fc0003007ee7d92b118473de84db95fb0223559d7c91f68d8bb00aa10b9802d7d461ba8bc6429bd1ecd220729a7802638834aa7f399

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\sidebar_rat_detection.css

MD5 96f2086625cd2c9e535a567b4c946f0d
SHA1 ff3291bf60e9ce2c6264af89b54a092cf17db9db
SHA256 ec7d7ea7f7c3ad197bc275c82816bb56ab77770689f2da67b995064b97a42495
SHA512 73b857fb392c810e51007a17b5455b56571faa124dfb022b26c1de00780a8d7e38c9749c50d633d9d834eb0636d8fd1eb77a1620d147a41e11802367d22bbeeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\sidebar_mb_faq.css

MD5 f356541c0bbcfb78a2a1443ad99626a1
SHA1 8e9094fd208277b029e23ffb84ba99bbb895f054
SHA256 6fe34c9a4514575d7eb22cc303f6d26c735ccec2f291a94d906aa3431007162d
SHA512 986d4897d51b03f9398d6bd5a49807c679521f9ed7ba58e7ca13ae442ac5036b2559d550192179db2c2d4194596c19f7f56596292d6c63b8c170136eac8031fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\sidebar_mb.css

MD5 d4d50e801f7fb2c69a7daa2792a0d8d0
SHA1 06297cde5f99cb136097617f4d5898060aeebe6e
SHA256 abe60fcd9537697be4223f14136eccc7ecf64e64ee0c7060362506f175042ace
SHA512 8478ebd6fb0440dfdd885ef7ce4b742f756c48f496002caa965030f159e4c221cd48cf3ebb8fb3a22fb7f19201ca7008431cd405dedad3e5aa820d0bb3f95b25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\sidebar_main.css

MD5 c7d49f9190fa4a288d3002851683c8ba
SHA1 1325190d60b20d3205d34e05b0d44966c80e2218
SHA256 4ecfd3263681555657ed907fb703d46485770e3fee2c99dc562e7b2ec4e8253c
SHA512 7a87ab3b9d4ebe6fc83a98d4a0dadc8534bbbfec59be100357854d057089712228e62fbf71bf745610ca4725464f9e2c299fb9f8b19fce32cacd6a90ee09d717

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\sidebar_home.css

MD5 70878ffd25bbd9fb9026ae519c46d935
SHA1 f9be3c0663e5e6d710491fba8496b9a29527d3a1
SHA256 49db8eeb3aca9a0af4d5cf2b17639f700ebadf72cf2f7521b7213b373b3f8380
SHA512 141475629a7578687ba67cabf94f8cb3265eba7ee69c101480b1f243c5ecaa3d9b64ac251deedeadfafe733b27ea455a2a40116b437a9fcaab2494df1a10619a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\settings.css

MD5 452891b049ed18805bbe7648d5456a92
SHA1 fbb6ace83f515f0fbb91cd54e123d1d59099ccdc
SHA256 d7d44e5b9bf10f995167283f1b321fb98d7f4871c24a4d020539eb35e03812aa
SHA512 ec56891290663136c8b2dcce88ec49712c6063dd435d2e6d91563595782203edb02d7a7d21e03de91d651eed0e9c733b515fdabad76d73519cc20d9725b02d7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\score_meter.css

MD5 a00989118e2b2dd8e726b8125fc88b0f
SHA1 d0a6f3306325bfd88d1abe0c61cbdcf1d8a5fbfa
SHA256 7583459d88181639e207e43c5280327cea90c1c79a03536e5cc35219802caa41
SHA512 ab16d8b672dfa52467e94b8ed9ed5bbd7a715ea727b73e69b690f24e593d4b80a4fbd96e92fa3daac24e159c6eeb5959f202a228b291255a0ffb7161e5f4be93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\page_banner_mb.css

MD5 02aef3bfb1b3cd2b3fd7bf9e7dc81731
SHA1 7b8b18e7b0d802e4a2a15b098dbb0e254233c571
SHA256 ac100715d0037d785ad9a990641ce9725d4f9c6cb8b9312ce98b4f93bab43a21
SHA512 944674040d6abbac2b038be69376b7d78b4bb86d165e41f151724ce90ea949e7f31df0f3346d9333ce3d88f5037f5728317988feb2dc2ad485aa381358fd7b3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\no_native_toast.css

MD5 3720957cf83594e60cc5aaccdbd546ff
SHA1 e83d2d6a0468999b9c6bf3bd68e64efb26996488
SHA256 70c7c9f5ee97a1e770d0e055a4b8a5205a32341e61038a4df7a5eaabaed09c8b
SHA512 e9f95229112e92dfcb14aab397a5c43d872356344bc6bda1fc9bbce3cb62103d573b38c5197eab42ce6ea5c6d49d2f20e2522d4e18b14b2b07b0e488fb3be42e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\mb_page_banner.css

MD5 60358f1b6015a6c6973f04b7ecc53889
SHA1 6e8e3d904f518de6774926ebface74a18c3ba257
SHA256 3db5071fcec085d6a5942dcd5feb7a476a0a7bca202469c4fd1685352b1cf27a
SHA512 562523696fa5e3c90a079d77e15e26e576fe9b88cdb67c7d865891f93bba442c996a7b14a9c1bd78656125afa53132db1e8ea1c9b5f41387c21616f508cc6bcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\mb_activate_banner.css

MD5 a78334c874ae58b43d12dc923e2c4d91
SHA1 963942179fd8f2bf76dcbd522853677f825a2297
SHA256 8843b561ecf57f3bb4c02cf9286d1e391f77196251f74665fd1ea30d56cda41b
SHA512 f505f2aef15c242d9a1566bfc57a8c350a8f36d8d23c6ce59c3605dccab082ad4ce111fe72c8d12328a17f79d08fdb198bb97f2a35f5eab1cb2c6a31d7f31c5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\interactive_balloon.css

MD5 62a449df10eea0586f61bef393297f24
SHA1 fd9b3c40201457de0badd1ed6bc893d62904a59a
SHA256 c6bbf75bcc3148ea0467de755be65ecc1846c363a8a01d8072857e668464a6c0
SHA512 f991664c130e553dabd670f61368c78946aa531982a7fde98c82f65141e29c932ced2585684d3a687cc4ee0f0ceef5a8ca76b79c0fda04705ac5427d86d9c935

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\iframe_block_page.css

MD5 966dcfa8fc4e421e548f64033b374a9d
SHA1 b0c8c5a895c74f2f0461be8189073d7165cdb01b
SHA256 d0a4d6d80768a79c6088d95827ea4914bbc78678fdd347fb64b9fa379e935f16
SHA512 c33f05267a0b8727c355612a77881713e7373cacf95821bdbb44d5ea418319375b5e683b8fa3d2bd7464843942e5a9ed355e64486e292caeaa8704ea452d6a86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\how_it_works.css

MD5 7c5f05a62cf1093ca46738ad9d8a24af
SHA1 7f0782cc644077af551e789cae9b1233b2ca2a8a
SHA256 060932fc76201b566cde5c14d59109d643f2f2a8e90b2510a10af7d6b33c4871
SHA512 52f91f34bcefa82aa87f51eb229247c8d355deb9353cb317c27ae5665461f83e31052789d42e89ace9adac4024946ba57cdc95c75eabedb592b58efa9218244d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\foreground_sidebar_main.css

MD5 ba2246d636b696811ef21c0ccc0d640e
SHA1 69092b44de0fffac200ac1d0bea8c465a1146a05
SHA256 e6501107e8757f4747c5e71726fc05260ff8b21ac25be1c4c3bd47977e23cf5a
SHA512 4afc01fa1f7734b8b47d7db223b1c3911106b0202908767704a1a663876ba6614ed4e21c9a42d603dd997bc37bd9ec9f1afa85c623d6fe4fb01d832e9973da9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\dws.css

MD5 fc74805c0a5d1d12c45e6f7a8e29f531
SHA1 8fa36758e6501e4134177f860981affe11691d2d
SHA256 d2b17716d9fcba12a5f07535a7495a3cdbd825e4496f168988e0bac8db6fcd0f
SHA512 eb2d289d0863bf84a312ff5d252dbf8736567da2952a9295f7d04e24573348fa9879656fbff8adf030b2c60f6d82d0ff87a49d3eb09e809fe4a71882925836bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\download_scan_popup.css

MD5 57ef6c3e83aee7c42236c15897f58bf0
SHA1 f08239802d5b71e9e24247ffc7d6a208c1f32fa9
SHA256 fad7d1df11534d51102db7eaf4494eba51688e34cfe1842bb38aa5f25682d2b3
SHA512 965704fe17a747cc9529a0d697a66431d1ca178ce4ad1d6ebd5bc99f4ac0c7dcc7496ca221709fdccc9220122f3f70eb4b44c63934316e42ba9914b1fef2fc0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\advanced_protection_signal_toast.css

MD5 0098e3712dea4501553cd35f14089c3a
SHA1 4b51dd6664fd38f412024c4169b20a2a94b67d02
SHA256 ac11f6fec6b713d433de92ac42cffce837ba6ae1876650ae8f1fc6bca854aa69
SHA512 e683eb82b5b8270e91bced5a1e1166d802ef7b94a9b752f92b579748762b6e8c66dd6da47aba6a886d47b2b78b9d83b37b68aa869d633ee9e80e479ad4785e2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\advanced_protection_signal.css

MD5 171033eb5306b468e5e4d8b3453d768f
SHA1 bc521808df219b309f3f2621d209e8b4e27852e5
SHA256 1663a2ee1f3befc83238e3572ef8429c1663cb67a07ad71bff4e8f323543e36c
SHA512 833081dc7846210523079c510d3f195de4de4219ed892d81ae4dc5abdc5937776eed1849551b46db4910a4f332029f51794571d1492503bf8b390b5ca7dce840

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\css\activate_banner_mb.css

MD5 d9898c262251412f9b5da03ff5a992cc
SHA1 5f2ef88bdb1f72cba3551cbfb3828d20379db8be
SHA256 1b570e10dee9335a16b939f28b290b5a1761ed09cb4128c323ea3c2b3a956a1f
SHA512 0a44d373fa709e00ace65fc35a44e0e21bb4a96f85f392ccbba9c35684bd3372708234ddba6e252b0f8f22a9ac9d7a64d0c06cc0a8b804c84f5817848b9cca57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\fonts\Poppins-Regular.ttf

MD5 8b6af8e5e8324edfd77af8b3b35d7f9c
SHA1 01d319c533f62ea29f03b5df8adfd4d93d2d2a38
SHA256 78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527
SHA512 cbe58e542d1a0d61edc5d0fbcf70aae127c73d5354d6f566c7f1887076063cc85440e8cebb2a76272d7c15558482a9524c6ca5522de89c1e093a580f204ff945

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\fonts\OpenSans-Regular.ttf

MD5 d7d5d4588a9f50c99264bc12e4892a7c
SHA1 513966e260bb7610d47b2329dba194143831893e
SHA256 13c03e22a633919beb2847c58c8285fb8a735ee97097d7c48fd403f8294b05f8
SHA512 ce9f98208cd818e486a12848b2d64bd14e12d42d84b2e47436a3c4420a242583eefc4a9b42401b51cc204146c6133645975682e4bb5d48527b3796770efa3397

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\balloon_message\no_native_toast.html

MD5 f4d8a4034627ef71e909b91c4f6ec3eb
SHA1 d16a1c5894c979e8ad8a0cbeb2e6edcc5c0cd303
SHA256 581c1eb7fb4ced4f1f38acf103dac1877916b19c88e5944995a29f4a125fcc60
SHA512 7c01d7dfc99d602d6428c3506ebeb049e154ac86a5b29a84c7fe284421adabf827a5ae59350bf4ab9ca0f5942f76d52434223ea8a1b42680685e4469897d94c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\balloon_message\dws.html

MD5 d04478fa6b77f6a24a4fd53e204f95d7
SHA1 5f4507e7d1519fe8990971cc3b205de43fa4da69
SHA256 ab8c30846a98eae162a5018d92541b79d055d24b2b87bfec9d6a7a81db5cabeb
SHA512 5b9d98297153ef11075e764a0528bfdfdd69121e50551cb3b18f7895ff02ca1fb8ce4d8b667dde41c10c05e4ab7c677b0bfacd2a635e7c5dec1886fc960dc5a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\balloon_message\download_scan_popup.html

MD5 571c7ff2f447ff481a533d7b7da844f8
SHA1 a2d3f289dd9ee2adc11e26d58c2c746eeebe24c0
SHA256 ee278114755d401526f2546eb31938c59612ad0509854f48b58ba084f7872d37
SHA512 5fb2e9f29a5f8f989a943e7a0d289bd73a675698144cb46ef68502f1214c782e575398775c84cad5974e70bb44032f42ac570bed0e47c28371fbfe5391cdb705

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\balloon_message\advanced_protection_signal_toast.html

MD5 66fbf205033d6012ea53852489ad53f7
SHA1 16635a0da98aba32cb90f461066229278b37eb1e
SHA256 3a5a37596f87fbbec98b526c78e532e7e35818a27ec054638c9b30c138075110
SHA512 c777b5ab4197ca3519c9f9d9abfc5a766426f52bfa4acc919844d2eefd29000d85220cad6ad89b751ab4a0c79adad408ca414014693e4fa10336a3ffedaab8fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\balloon_message\advanced_protection_signal.html

MD5 f48166ae870ae1235ae9524556fd3ad9
SHA1 0add4427744c154e1c030b0c9191a08006273e37
SHA256 742fa6ec8afc0936124dc3e642f1241cd5750729864d4bbb1ecd7a1e806d15e0
SHA512 7b766c6994308d9a8fc3ccf5c64e611b5a763cb9424358cc8f03e7acc2dd693c1dfb3fbf2a4d34cc5a2250cf0ee5e70c990662548bdc3d1137bbe59d487fca78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\sidebar\sidebar_main\sidebar_mb_faq.html

MD5 2ba0afced290f475aa4601d563e421e2
SHA1 6a3f4b868d0f94684895678e3a34acef505b8f62
SHA256 b53a2189cae66b87b9cb02442a0b4aa8f7aa9cac923e6f06e0a3efe67bcf1606
SHA512 33302f6fa3705308bd57eda6cbfa5254e345e997eff6c84987e12cfd448c6fd7418b6e45e7774be3c89dd966443fea849dfaa499bcf3f89b31c2deac77678627

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\sidebar\sidebar_main\sidebar_mb.html

MD5 3a504559c0607797b729685612ae6772
SHA1 e21dee9e80c5c8aa855abb2c5f71b46932b9547f
SHA256 0c663cca3ba08b8eede98f540c8f43a591c9dc67b453c61a3b7e88f2b30d76dc
SHA512 996f18d79a438a305d33d7db12a84790855a7576c4452d09739baad27545f875c111bbf635ea97331038dac2e2fbe6abd176691c3e20c1633cb403dbb712faa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\sidebar\sidebar_main\sidebar_main.html

MD5 f20236509a4708c901ff95127bd1bb50
SHA1 a0f3b0cd16725416992d93f6ba4cb04d416eb95b
SHA256 06ce3b03cd35726f28b381119e10caa2de1a10d7582d4d0c39a8ecfb6b13490e
SHA512 667915517d4e659652c90e454e31eeddfb9a575680fa1f91382c445adc20544b59a4c9b6c6ced75e3dffaa62679bd407ff858c6029abbdc1f8e4903dbfa9bf1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\sidebar\sidebar_main\sidebar_home.html

MD5 968247b36307bdbac3b5ca80694aacbe
SHA1 31cf4bf1308dbc9fb64f039bef3e25e77f134b03
SHA256 5ec7a38b032b6d66300bef4242beef38b56d625c2960dcd61ed4d69c5b70a045
SHA512 63d970dbc68c8f4659ff92030b69c3a4003ada3d18d96534206e5c21cc5b98f57e98a7c354b2b2a7c13e07c2ea7efb8b1528ffb1b57295dff80539f462db1b3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\sidebar\sidebar_rat_detection.html

MD5 749a35a60dc0a330502d824155b6672a
SHA1 917c87525b5fbeb4265154f2cb4724dc11877f87
SHA256 29fc536628520061f61637badbc1f46861f53dfb489aee29658e8c1a1b46fc6d
SHA512 de8c4e7a16f51483db96518bb1b26d17d1ef9101d212e190c0e081661be8a44b8f3ad6a2ac13d2fd86f6c458d8f9e6792dc89cd30f1d32f8d40b835ae0df1faa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\topbar\topbar_iframe_block.html

MD5 356afa7be11255b3b53600f868e2c6cc
SHA1 d8eec6621b727f4ccb7602a6618ecefdfe9461d4
SHA256 034a1b86c206346d71caa0f48c7504cc2629645160deeada1098aca5e9bd68f2
SHA512 2f441de5fd81bc34f89313aeaf810955bc396219b8b4cad5d3b89d6beddc3b8c4f5e0139798fa3a505cb6bf033543a1f0124257e53f42fb136ac2f9767f5d575

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\whitelist.html

MD5 bac4d735fdabc6bee1d9353b4ad71b87
SHA1 b84c4256e556d8077113971db17c7a4575810637
SHA256 5af01e6ee63a6feedc1c3c6b6cb995325ad428f76de2d7a0815414e07561b553
SHA512 4b26e7308097546b1dcc34e99d4696efa7e510ada1bbec70f1fadecc7a8f8b2c225465256b15e69bda285a3565c7c3ffaca84764a38fb1494b0d4318d4b01def

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\statistics.html

MD5 0fb8b621003b72f5048bf81893b3c903
SHA1 527764d5b527e8c296cf8227ee0adda6b457de54
SHA256 e3c22394e39b89ff3ac4835ef3fa88e739f7fda118114c25898e64765f07b0f8
SHA512 cf2dc74c5d778a336c8ae25b27a33ef4f6fe806ae0694349941101b701a4c2b268942a4d4a0b665ce397e8846c5969330fcfc6cbc338b55defb95b626ef0deaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\site_status_typosquatting.html

MD5 bd56f05050672aad218d979589a32887
SHA1 f0d3f2858fa531721dd84650ca08e5762a8db117
SHA256 9c2d54d1485be028008959015cad7dd1d7f9a2ecd5adaac820059c1262c13351
SHA512 c95e3fd336765595a5031f04963591c2dd7c85eb49b6877e3707b507415ef3e5caac869f719c6de29339f6fc77d3a073cb01ff12be00caeffb7473e700ba88bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\site_status_site_report.html

MD5 25142cccfb7232f0395190c8bb18c6dc
SHA1 176c801b72c1ef7f5b0e54492ff9a49e16a0bbb0
SHA256 574c5e03279ae4d5b842fa3fdb7324f77a95d23e76c7c06a7a12be53acb2ebcc
SHA512 3c085bdfcba35135748a7c296d3e8ef25ea5258f7738c58abc4815c61fc6119f932f68e385ebf63dc16e19edf13d58786e4d650156db3d5c10e430e003449ec6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\site_status_block_page.html

MD5 2d7f6347bd2a528d0938bc4ef6312bb6
SHA1 397f31e99ba0d3ea954d00bd9305369b30816e1c
SHA256 dd513b8fe8e99a5d1f72a731613e7013096a9cceffeee7689b444b1d9baa9ea2
SHA512 e173c791b354eb6ef7b56f29c5e3cb0c0294e752dfcea88b0fc72266383ee97ddaf0ac7a8b60db5951567ee19e7f26f67344976128eb6b959852d80cbe95f020

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\settings.html

MD5 af3000f72fdcaeaffc087902501caeec
SHA1 9034bfd6f177de5a372332d9a2fe07330573388e
SHA256 6477002e391108ee21a11b9612d5fbec5a4e2b18420de6f44331037f62679a4e
SHA512 79114a64bf5359cc48606b6a1126620d264c7101375d6e7ef2daf8284a25be0cc222f37442cd75081760c74d8e34f16e5225b425c1ec9e2f82be39d44ba455aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\preference.html

MD5 eabc0d18d4c835cb5aab383a7d0644d4
SHA1 1910eff32b81f64c136dc269b562015c289df74b
SHA256 276ec48998dbbeafe87ff11b751505a95fe42970275602a5ed849e75f6ac6433
SHA512 dd6cbcc98f9c722fec2367491764086861d3a1c6b1a8463cc508395d60e1eac56c8af994dd4b7b86e750e8422b670ef710934b2dd9a4d696f647694edf3823f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\page_banner_mb.html

MD5 3f535c526fdff25324911c8c111a4944
SHA1 7b2b649566fe9fa80443effa2460ae84f3db06fc
SHA256 ef7f999ef3981bd66f0fee1eab1d5e09587b7e43593e5d76c36f1ef34b71b3c5
SHA512 5e7a38251cb991621ef419c8b09754da0a548c13451565cadd16ce0c1122abf968be100cb3120441acd7719c40f7cca26210f1931c3ee0eb9b773cfc6b8e1f6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\iframe_block_page.html

MD5 5f79955b3effeffc3bf27d356c1b460e
SHA1 caa29518c909dbeb7728834ffa80f041413252d7
SHA256 d0e292e4c787a0855e6c6531746c77fb3b857634ede424e2d1da23cddf2adaba
SHA512 4ec2eb5ca65d0b89d412fd13abb1808d5e298c25d972060257e06313829ec61b3ccdfd68ab20b00f5ae0a889166954ec15e09592b4e9d0b18a7706ccf1315aca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\how_it_works.html

MD5 9e9617698dff73216e7184bfe3cafe96
SHA1 496ca94a4e4f3c0bfa49ccbd11650380f1097ab5
SHA256 fe6c08e33c0e4d400dacb865c9d78344f9b01a062287c4514142bda8470ca814
SHA512 1fe17210e5fa49371e8cea64c8b10fc1379c9e98a546681eb0ef8bcff3b0fae6eeb8c60d4288859da9be4c3105ac31b3e2868dbe790c28bc9db340d3b60cb24d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\foreground_sidebar_main.html

MD5 169795a357565de1bb66348c81ebdd98
SHA1 9f0a33b3ec5c2fc05f67ae4da9361d1d776342a3
SHA256 b618545cb49087d585d37b5c0a92ad307d2f85238208f10cdfcf51204d2213cb
SHA512 dd70caabdab07f8905b780c3982194e70a3ed221c01691b74dcfc7fd983a9794f067ed6f72e4c63d7c910c0ca77154cf1620df18d754045be26da9ce09e32028

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\ff_policy2.html

MD5 5f77472567379524ca8a6063ac3bdcfc
SHA1 720281853b760245622e795a27b5bcad3da62f12
SHA256 18e1698c83bcd8b4be11807703fa96154cdc94938b92a96ac6c098e2ffb84cbe
SHA512 a7a17ed2f922022f3d9f879a4f1b182daa83ac383c930b5da8cf2b04ee661d94f7abf88d92bba54d1591bfd07ce5ed98a45ea9bde898d2b52e289f050d90981d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\ff_policy.html

MD5 49f1b6807a50254e0c94706205df1ff0
SHA1 a6a3fb78cb22fb7c6220cd0db701699e324a09df
SHA256 29edb822f86f3e95b4164413c2472d779e9422fd0521aaa835e4d0d45830dd86
SHA512 b6194adf6574046c0cbb5c0e65b65bdfc96741938667c6be6de39e1a09de86776697a6afab91bcd2c5c8cb6fc64a89502a78cbb2782db54e3fdd92715e8a3739

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\activate_banner_mb.html

MD5 7c3227b33e57425217171b45e90f4563
SHA1 a2efdd5165f90e3dbe1ed3dae663b1e20a74ef2e
SHA256 bcc90f2b88157a851cea663f3165be33dd0efe3e286ce367ab63bdc8927651ff
SHA512 c04fbb161ff8fe2b62043056a7b18ffbde323bb4eccf01a73756e7356d100c66bca9e43173ef14549997a8551d8844d5208a048f6d04f4df200e91c329f2da8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\html\about.html

MD5 0ddd77ea9aa491f607dee9617092762f
SHA1 1a9326b2b775251e86fe1f69e531b39ed8022d1f
SHA256 a668ac28c0463b3976e155322986f21c4f434ced974610532a5748055a387af3
SHA512 ceacbf09e6e368a847c6038d16b8ede4da17622dd4e66c659cb436300e4791f219837891edb68fd4b7937dc035b31007ebfd989eadf6576fbcd2575d84d5f704

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\action_panel\x-icon.svg

MD5 7301d2e8ceb505be25e2d20ce3c92466
SHA1 46eb43711906065f56f8d97b38545b61c1b0a6fa
SHA256 40f3837b4464532b4a500380fd134826349a87c3c92b2f329b82da8bc3ce9246
SHA512 bf1de37f714e80b175b7f86be8f1607aee9bd67a3d42065f9e8e38a8c635be5e53263b86006b883e492198a1ebad668d91d0f849087307c2a3d126a3d96c9db4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\action_panel\info-circle-icon.svg

MD5 16991d6d8d07165a6bf5921d48a33c4c
SHA1 107bd9d4dfbf3c50a080d7cf16325aff0bd4f7f3
SHA256 c1f809b57c384262f0289aa2049a8fb206f897361a0b62bfab8c8ce4fabb1b2f
SHA512 230d5eb8c61dd916bb74297853ca8ba75a9e837a823304f6ab194c1b4bbbe6379fb2799cc879e5eedc3947e445ff7ca37910ca87eef4bf168c73b05d271cf0a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\action_panel\ap_jumbo_rat.svg

MD5 7d7baf0b5707fd387853c8eaeb7b2fad
SHA1 86622c1a7a867226cc9023aa6f810214b5db2b71
SHA256 3973725865c3ae769d586406ae0b8b2dce72f3e9ffc5c7d4ecd713fa4bf4807f
SHA512 a07b6959e16baa67dfc1450c535124dae50236c6759f35e4180b7bb8619b3c52357557ae63be5a8ed97672fe28c2c55bca647f45d0ec934d41688f15efe68005

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\action_panel\ap-overlay-logo.svg

MD5 444999a8e3a0f392e6f1cb935d89dd8d
SHA1 1c8a585bf725e32acb8ee8641a615638ce5ef33c
SHA256 d852932ea3383467c93f17faf05f90848b124c245c088cf67b8f49c0ec929883
SHA512 4247aa4e2f9dced3816fec128960f21e082e9dbee84b439b7311a07836698264860b9d47565add576b25a0ecb3e48fe904b12b24aca7a8948295c929b75b45ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\advanced_protection_signals\scan_for_you.svg

MD5 a253e8273c7184e575f769d31b8ad010
SHA1 7e6c1d0277aae08b2cf2a8f7af57a668adc60077
SHA256 19227e7f909b6b97c5b9d0f9ff2331d676a5a639664a7b25b3498d7a53187be9
SHA512 233c7de0592b1660559f952408560a6a37be46ecf438d207154af54adbc2faee1bfff0bfdfcd3dcbc99bb7c9a144e3b32898e6a742b6837b721aa60a3a2389d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\advanced_protection_signals\question-mark.svg

MD5 c32451a00fadef2efa6686e01020243f
SHA1 266282c4ff4239eed6789b4643c589b85e040a50
SHA256 0b2b264ca5fe4820ec901be1ef38703edea8ba8c971570efc6b8015808718751
SHA512 fe04b43ef03600103ea481cb9a46c20da6173ff27255baf463f694d7f7885787225e4c90fd30d66fc2d60c448f0f0b80d691d60e17096afee3f5c02a1478b3ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\advanced_protection_signals\mcafee-logo.svg

MD5 d140f7d6a0eafe2262be880ae0ce776e
SHA1 3f0d58592bf919ab021ccf516ef8faec1ec8f23d
SHA256 5c6069dab14ef36a0903556cb9205f17c82eda2bce30653955a5132345f65602
SHA512 2318e87f23e1e90c65072a427a0e5cb5234da9bde6d9c571597cf67f83fe5deaf941463404715eb220c0b038e6377bac502e2543f6f14376802e485344632ddc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\advanced_protection_signals\close-outline.svg

MD5 1cb98cb5d4f511bdaefa90948f267841
SHA1 7d6d9e297471536f1f3778dc2a10b67b3e7beee2
SHA256 0f2927ecd197e38779e06c6bb46b748dcc7f3a3a317ac5e68c5c03881e32378c
SHA512 0ea99c682884848a35d329ea03363c92b2099077db7321397f2d6e26e23a362d39534eef820ff45781b9a0a875d2ab945f321122c07aa5d07a794718a90eaf85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\advanced_protection_signals\checkmark_bullet.svg

MD5 474522e4e9d5e6234dd620fcf9d0fe54
SHA1 e3ed75af7bf1ee444f6de9a55dcd6d83d29d89da
SHA256 2818f27403cfc7e148d6851ffc7e5eb483ec4cf1e435f0130d10ff9dea6457f0
SHA512 8a2e6733e872ffb5eb8f287e1d0e51d9e816e89f75111c957bdc50c5511e46d52bec96859463b93f97fbb29b5bc8e82c517f0de198345d3470d0d4e0299f7896

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\advanced_protection_signals\checkmark_aps_signal.svg

MD5 347fcc52fabe187dd2874ac17cc338c8
SHA1 8dd274842efd21cd8aa8a74e0b9a9d8f84d7908a
SHA256 8c2964ed5a983edc6c61d53dbbbabef568f47585da92b1ba82157a3863e66244
SHA512 10067023d68903d6ccb655e93525b81d4a11990ec3a7573bd649bf44d56daeb2bfe43359243b6e33cf88dddf6e9dd61c0bdbbe9277352bca4d087df125848ac2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\annotation\yellow_icon.svg

MD5 2077bf5b959e912ec79cb5c860e5305e
SHA1 d3f994e9b97aa55426262456a86f98e7a7b52b66
SHA256 36c77c784525e41189abc95e8a7fa29849b3ebe0aff8581a57956e4a755d661e
SHA512 1035bbe8a7e4d614a018a275427edd45f018c8faa84aa9762bc0eff3590dd051f17a0bf04f083ebca90de3672b7cc8491e581ad1d661812c2618aa044af6ca34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\annotation\red_icon.svg

MD5 6874abe7a6d62d5e2c1861fa95c66b2f
SHA1 bfdee904fc9aa92bfbb705d43356b66253826e4d
SHA256 c3f07a1bea96756dae1182ef31bd63bf02fba89d6e49165c3068d4b51f75a53e
SHA512 1786572d3525093563f60b344641ac2b0ed81e45b82220501299d3f41d5bc9bc3a0db40709e173555047f55df5e92f977438942ae35f984e73187930018d4e33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\annotation\grey_icon.svg

MD5 fecfc0c8d736d8ff1c122bc2365fe149
SHA1 646e7a3bf5df61254e990af3f2c9bd5f69e87729
SHA256 95064660d558235d12132eb7b9e5a13bfac9c41058310a0f6f0a8fabda426efc
SHA512 dd77c12623ca8173fb5848671de026a75e704ab5b194ec5f80e4344f741502598702e74e5b00f089eee3703c789ff83285b0564bf8ac852f437c447510b96989

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\annotation\green_icon.svg

MD5 444850203d1734f8e373f38848fe0b02
SHA1 0550b5e0baea3a64e8aab94cfa0474ef2a9a5cbb
SHA256 354bb055e779ba141e877976285f98a2bef88b5920631980cc02b9bd282e479e
SHA512 43559833e5a54df05b6476c5b973b6a4851d09c5f3d00cc253ef1f1779b6118707b7e4abfc5b2c61de20d52df90d5dd4cde937b6bad86c96aed9dc3145d39bc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\balloon\yellow_icon.svg

MD5 7040e9073a835f3d857096fd5c6b42d2
SHA1 2a578c98a38a417cba8697c43451c6d584f13687
SHA256 ac7937afc52cf9336e3459055ae1407617b6d7ae8a253c71e90b1fde6885fed1
SHA512 aeba788d17f3f083e893baf10a92d44d608b3efa2a433ba4d47278973ae869da9ad3df37d8d5edd5e84ca983893c2bbf27adabb71c604d43e4929b20b2956314

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\balloon\red_icon.svg

MD5 9d8f6bb24f4b6a8ee3fcded82a37b161
SHA1 82f9ed29cf85548888bdacf1137ec129aed43bc5
SHA256 9b2288d7cfed9b567d6f6f1b9f3f7b1550fbc9157a519323d7ad4f1eaa84f5fa
SHA512 d5bc008a85c17cc4fe30e2be7ddad9c046848cce1ba0e0446d1d5cc38559effac802ae5b5cc5ecfb7c2e95d2c0615d0af04742568bcc08db7cfc0997c3b9dd79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\balloon\logo.png

MD5 b90992ca471a92779e6bfb4c3f19f354
SHA1 f50778c2068149ece08758601b157f24002e5e58
SHA256 0712a74a294be497fa3c8776e26c12a1193c8621568405c0fc9a4859e065f396
SHA512 2166109a4e68759d6515e4d893dd5d6a65187450a80fd47e4a8ea050e2ba5f0326c8ef9c54db443e1a81e8d8343c67795cd4e3ccb6965f23317c3f2348a84be7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\balloon\hackersafe_icon.png

MD5 49bb82aa46e9383807dbf1fcb4c5038e
SHA1 79ef500c5bf345e0b4fd7c2b9ce591c855960df9
SHA256 c344e776f86f369d4ceb7e38250f0626ee52967943620fda157d156ff0941ec9
SHA512 ac151702aa332ab43d7ae867d8c70770a48d7d5514a992eb348b39b0514a3938a081ef5f4beb49d1ff4bb95a7c0f768453445ff720a05c1011ccef0ca54d0dfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\balloon\grey_icon.svg

MD5 f17cbfe43840090fe3db39c1817cfc28
SHA1 4644694faf769a48beba1a4c29dbda5c1bbacc4a
SHA256 ee84a3ae6209694503a0e7b8c8a52af52c30adf0efb33e69d89e977d8ee6bdcc
SHA512 fffdf486dfdfa7a68cf3cf15ce95a2d6872d9b5ab7af444e86826d46c7287bd4fcefb26e3a096e2893ff8f7f4ff317c636c08412338166f931c36f87551eca38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\balloon\green_icon.svg

MD5 eb73f8788c1708065a7dcda2fe21dffe
SHA1 c09f41ff45007c4f3cb208585a56fa9d4ff0b2fe
SHA256 31d5db151bc0274362b76935a80f1e18475a8766a1dfe6acdf5f7298b43f3a6b
SHA512 5984f95c9d6d5340c961ceab6e1d906f94c20021757913b83602b2f9e2db243ec4dfa90a26b76974bb1dd43bca46c62ac9ca33534964727f69d4c2c69e75d71e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\banner\mb_banner_close.svg

MD5 90232aa36f6e52e814eccb4c2702e1a1
SHA1 116b7ffa63d907bc8b929375d586a6105cd75e12
SHA256 580ad10d7498531238915332142d9b5d9cf9ba285fc8ff78b4f1a1cc5526aab6
SHA512 edcff6e99e88c20d89faf3b422dc9914ee446e92ab0d2ce70961432e859cdd3c89be470275c1ab1582dd84d2e2c3c43d860b38579230c85dfd04c2f250c3251b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\banner\mb_activate_banner_img.svg

MD5 81cbee177d786d0e951f5b0fcb5f9171
SHA1 eba1eb6c6dea23f204e25873b4999754e8ee633c
SHA256 c16b528e995a031ef6c69908fb14ea8cf828d055dacb629261d68532cc218b8f
SHA512 090555fe1511b59c0e82bb7b03101313462ac0be97c3453de7b796431724a690177a78911020da0da34ab6cc6c7267841b36d531f4b25375b06ab72531b9dade

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\banner\mb_activated_checkmark.svg

MD5 083b116dd8dc4da392723761c1fff525
SHA1 107bbdc07513113301a4421ca6dd3db69ddcb365
SHA256 b191734a3b1d499d4e92beeb8aa8f568dc183963c7fcbe110eb5d6b57d01c3ed
SHA512 9f167e60000d9a64a74359586c22f275d69c671bab9083d66276c7a7de636e03431d1bc4eddccc8baba155329f6ca0f9b8607c908f0b09384a3be013fcbd24d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\banner\close_icon_white.svg

MD5 50d1122c2820dd23bca8236a7dc961ed
SHA1 d13c17cc035a4f753305688b468550b7cc16e921
SHA256 7498cb98cfb650e2c409794e7a3eb378f83f401821fb90e062754a2ca2835fff
SHA512 7dddf76bb86161987c428edc782cc7f43fdd813a60ff58e1f37750aa7be5809b763654f731ed187098bdb1f82199f219abe9ddb31f3aef4f6429aeea845bb7f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\banner\close_icon_black.svg

MD5 d94fd7f63dada80edb405ea3eb056533
SHA1 d473fe5ab2c9dcfd5073fc746fcfc1bcf8c132b8
SHA256 77f9f86eec6b539c8c6c7abfa8b0b58b7463c2eec86ff4d732fba451ebdc2f58
SHA512 24d4bdd911475493cf1dc99162f68a4fc8c2b787c445277b3e8430d492f272445dc7952babefefc027b304a7f763ee3a9996d59351ce52625e40103081f39258

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\banner\close.png

MD5 c2b58e3a8a5af8b740a61e4c054a9e26
SHA1 5bb475c29dbe19a78ca2135e5f477da375b5018f
SHA256 2df3fa9311562e80c73708e325b23a2538f2e9ce9c1315de4f459517272e0b9d
SHA512 ea35f9f1f04d55d3b55cbe2df356e2faf9d4de7ee97976c53c06155e36481c962e155a6506e0dccbcb948ff04c1c803a27a02c05a0ef0e10d0c629b3a905f39d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\banner\ai_icon_white.svg

MD5 dcd70558f70e89f8eab07cfeed2bb36c
SHA1 f283c66da3acf31f3cdbf42ea9816bea6618695a
SHA256 cb6cdcc2f193ee9ef7c7f3c56ae492c701c62f35aa2e3c4b29aded7ef470de34
SHA512 43585ca8d80fffdcb27ca56adf23aff365095fa86bc3340ec77b964c670ef9c961a62661fb788fec720cc8947678aeb9f83f542845de1ce6694f6c55c3361f69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\banner\ai_icon_red.svg

MD5 377eac25be11574c53645346896cab21
SHA1 1e33caea728a51010fb71bb56e8ff2b673fa5b7c
SHA256 d9b19dc5a92bb22df573b86ad5eaed45a261ec41554fea68a3e1ba62d63b6213
SHA512 d7cf01f98764a7e31773cf17f780327ccf20dd95656f2b584989e2ef6ceac98b720e97f1c8387d7dff95ca8c9ed0c54cac9043e52d4f1b523d867e19e1173999

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\yellow_40.png

MD5 a0cdbcae4006b221911f15fabdf28896
SHA1 c70708f133c52629ce389191da78bd2fbe7cf692
SHA256 1d9231710b2f4f3bb8c36ca93a02262ba8d2861672c79f95960dedf9a15879ba
SHA512 0bd400cbba5d6548604e9936d1db7a4fdba28c6333ab6f1b41ac728e0c37ff5c65af112bf8c3b600ccc6a411353b56294fdb03120c2f0a4dcf1a308343a16a75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\yellow_32.png

MD5 ccd1384dacb82fdd12fe34ad50479933
SHA1 66b271d08046b637a79c2081ad3b28dd4ce9941f
SHA256 90a6f9e02fec898468fa32a9ddc51443fba828362cda8082e7089705318a6ab5
SHA512 7ae0e187a42c8c892b10727f3c40c9ef2b1d8d8c4dbf83a9c2c2025a7ce7f9c4d8bfa566ee5d10abd6b21bdea46d3109ab6b256d15493f4a3ee9e1c91328d36a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\yellow_20.png

MD5 626fc8d00fb42160da3429671e641732
SHA1 e18c2363a7ed0f40d764b8759da5e3179caff3d2
SHA256 836df926c2b31d262487bf03d7d39aac84b1e6016c6102d585f1590f8b3c7a83
SHA512 7ceae166761a5a06ca46ba61e0473dbcd03c457037ed68d45d7800737dd0629b6fa281703a1307ce49f4fc73d123ae74f29e6fbe48aadc9f333175acb05614f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\yellow_16.png

MD5 882f79f6dad6ce52dd41f3996e0b2c8c
SHA1 ca9a262f6d8c45fcde2ccd174ecd21fdbff848a9
SHA256 87603c2520b498e090eb1feb2253d5f982565c958f80106e16d58e9f6411622a
SHA512 54e521086012cc1f9e73ca3bb003e6bd22550e036c2bb5dcea6ada9052fe3b96d7f49decfb8fe7ba6c223c7d47aa09d3b905e8a3530fa26ef886fa064ba47f25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\red_40.png

MD5 ac9e077afb0a4c3a13d92992318904dd
SHA1 43c0a522abcb58349c4fa21a24a60fab6e581569
SHA256 de4fa77630c39914c178a24b44edc266c84c2c8eee14683a35b3bb083c83b3d7
SHA512 a0accac7a3c3ce3f50dbe22c57fc216a15cc72cc65ce56e1352f7d8061b3576dd1881bd78052ad1c75ceb28eddecedaa6b74d557895ba164be226314e99718ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\red_32.png

MD5 3fa1923cb874a4138b1b07d83ff989be
SHA1 7add70363058af580edc3395c62ce1eb9206ffeb
SHA256 0734a4e584b57ee2d712fd41c5c14e8e24803cd170bb47324de7411f608d53ac
SHA512 398c815399a42154ac1dec13f47898fa0d9a1bd466309dcda13ca3628812c154c217e2e7559e90e7a7306472c8b8c05459482410f5cf2547bcc7902cd443ef13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\red_20.png

MD5 279a0be45f69e5c53f7424c704c825f1
SHA1 e3352d8356a4e4886e28bf3818719fe3a35f83ba
SHA256 5e3ff0bb95c60b49a9c1a91f473ba6084fd57a0cc8957eb54a2a0356d9601a1a
SHA512 8370b9392fdf45e19a5f547cc04d4868df235bd7af1b5e90452418216a7db8d377a25f00305625a7408fb14d2ea243686eb7f9613635639e4930d1ba56365d24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\red_16.png

MD5 f0df6f75d6f90b2de500837c6627db34
SHA1 212b109b779a0885da08a0959e27c68de4aef043
SHA256 9080fcc550cad54f1a7c5b559898ca69ab9b3d762f2ab0fce0a65f5c8ed943e8
SHA512 995d28a813940b4362814670b9b94ea50bfac2eea20d26144e46e71e33796af19136c81c683fec9347856bd791f1ecf5baccf0c9bcfb9446eb0276ec16f1a83f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\grey_40.png

MD5 bae59237da0bbbdabcce1497df6ea17e
SHA1 41af46bbedfef67ee4b78fd0a9c04f65bec08f0e
SHA256 e1eb0be733c2f45a2ddece29908830c197622a130fc9ae6a1404e01a3d7c6238
SHA512 f7eaf0862a947ed712971976f492df813d5c389322aa500fa2a1c5e9af0dc8604674b31c98680bb42ea111451d06c6ed8e8a2f20fe49a79e913c12a866305289

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\grey_32.png

MD5 95436926367c0138f001ddc4361bfedf
SHA1 88c0e3b0525bdad6ca53a17d2b8a3c750dc9b61e
SHA256 8e8cab2fb80826fb45a9db3e1d48d05e3fdc208f02a35f68e8f26b1df841ac82
SHA512 1d5d02112e38de9f81ddf9b13239082459814e16b81422c3872cbce3f4e51b9862e8a4b47bf53d15d4615f175fc1877c35617130e916a37376b81a05fe2ef007

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\grey_20.png

MD5 2443e421470af435608c99af44852157
SHA1 ce014d7d39e19f21b63acdb88d6778d3b4c643fb
SHA256 861af3cf0e4309b3e29b8cb71b6f031c1fb956faa2dac2a38e24b7c29d426c75
SHA512 4e8482dd242f2fbf40d3d3913bfa39670d411b7da948807b76c4ff379228ec5252c297364b2c4f81fdfeaeb5d813426d48b51d02b5ba189875d04fd98aa142e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\grey_16.png

MD5 9296be76cb5d33fd677e956eb01bd3d9
SHA1 5a07cf95bc611cc7d6155175e2e1b3b94a44f25d
SHA256 876810fdfb23e4f010e10566b1cfdfee8a7e9d0f46f7b525f1a9d56948ac2394
SHA512 ee463e6c147d782776bca5e2667aaf3511eb9348f7cb4a4d461b624dd0917d27080f6c76fa11956b6ef37d40c3e56acdb222437f4f4e845b6a52cea42967bea8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\disabled_40.png

MD5 b7c6e336b833c4ccbf5626ba167c9128
SHA1 b37808e3fb72ce2aa42750ea740f623b3c5c7455
SHA256 56953173a2237381de9a454fb2609a3c1eae7636e2dcb86ac497b63600b2f661
SHA512 9a059cd1b70415a0f38967cac5c70867d80561e962821511c4d1f15bee213674f646f6ef342b5c7085eb492b1443ba7809b4b062e9f35662c289c5edfd658a9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\disabled_32.png

MD5 453db4da9e01eca0a7b8d2ca23bac936
SHA1 a2aa109281a38fde7551702cc4716b6e7b59e3c2
SHA256 c6e05c900b520ac923116c022cb2f524e3ec8295cf7e6d6b07b551eae90d8062
SHA512 4b8f2749424eb278761bb33923d53d3fa4933eaadd8f0f0dcc020d28995a03543da78f99a433cb98b7d8e1dd972c3dca717bb70232e9134c6e697d013355cf0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\disabled_20.png

MD5 c4c8fa194823f8a6bdb4ad41b944110f
SHA1 064160fd6c5548c665f4183faddcd1277bf7b7c8
SHA256 5eab6a9e0eb02d50c2af920ba4f3021975c6a296d000fdfaff04664d7119c9a8
SHA512 b310fd0390ce28d8bda018d279c2c2e5d09c0ac7b98ff2eadbf98875c17b9d96700c8c70195ccbc9183815ee36284da6cce95d439d697c1f4cd85e670cbcf228

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\browser_action\disabled_16.png

MD5 3eccef0297c8839c8701d77db6f74e9d
SHA1 0dc8d9bb5a81f432d15d05520b611fb3a2eb328e
SHA256 1cae56ab357f8c9ca1a47d60d1f2b2e3a32c41b7d45af55b7867dc7b4342d0c4
SHA512 8974e1258b06a28444aaa9557cc33a74e0adcebaeaabac7cc86e6aa110481e04fedcf58494e310164abdda265bccb25c975672dbc9f77171a2b6a58f3714317a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\download_scan\webadvisor.svg

MD5 aa94fe6f7192aac14be72ac6a98b437a
SHA1 e996bfe46d56845febbf638514edb6fce8457c8a
SHA256 a4279bff1bbaaaadb2f89b2dbb2c77be7daee304ebeb776885607bcb4d8613d3
SHA512 4d0ca0371558326bb18d888721f923fa83f793dd9d53b7d98c2fe7972fcce0257bbfab150c284d26d10648b2df92e8dc4cdf89709c0d4c93bb336a0fbd9003b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\download_scan\seperator_line.svg

MD5 20de99f72eed4e646c823f6683f7efd2
SHA1 98d0df7f2426563eec5584da4202216fa3d929d8
SHA256 3cd89daf88eb5ccd1fa1054fd10a872d0c01e40491125d20ec26ecf96712c573
SHA512 e3433a4879789a787f9409a3736098ac6c181d33b22d7ce830a0edf49409858097ccef28d3bfac71ed26ae6adaaf82bb52557c2630a90baa63f7648955935a09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\download_scan\mcafee_logo_white.svg

MD5 7be675b6e967d8d55993ecc5d0685e03
SHA1 1dbc9a3a299c6d88e5a51b7fea4225cc2dbd618e
SHA256 855cfdfcfca492037c9bf50e813f431594eb408750759a644c1ded9348c07559
SHA512 d28a32bfa95dfe4ab4cd42c970904b8f73f59af8f0ba1d7a2f257af2f5ab93207bb18a81f98a2025c0ac83535f32b7ba8501427cf2f2140b4cda11911b2e909b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\download_scan\mcafee_logo_red.svg

MD5 23868054d056d5052692b09fe9e4e5e5
SHA1 b3e5caa5593e87f3306afd207ec765cdb5b6ae48
SHA256 634cf5fbabb8573d98046d26efb66556a1d38a1ddd27da51e3187c785c07114a
SHA512 7cc1c3ac3b86d1bc690b1e4c86359de072cb5f62608b805ba6a3630a8f3cba78447f115974520eacf312b68be42423431cce695dc6f10ab763fbb5aaf77422ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\download_scan\download_scan_icon.svg

MD5 e152a06f544c2445e476f9245721cadf
SHA1 fe537df1b8ab747e4f69fc7b90f6e65ee57cb7a0
SHA256 afb3cb99272b60d9ce409d2db3584f29db0de5e50776db99e9118f9fa18dc943
SHA512 d2424563faf06896cc63849cf8418423c6470e36fbe23db0549ca74a927f7618bde2ac605e795a3e553941471975006eeae1b2f4a5aee12cac7366a6ce3d9dc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\download_scan\close-outline.svg

MD5 854d9f4841f3fd6b71c8f0c216590549
SHA1 c5543d1eb7ecfb19e24e5e26d070e26d02efc3a2
SHA256 9d14b866099d21c67b28a6c870f3a4a535f81b88bd97102c32edd346d2f15868
SHA512 74278b6d68184c8e9d04fe25b4d40703d04e4d085df18a3baf0f03bcbcde20e4a1761a7d68abfe442d661ceafcd33bfe46a47cb22ecb614f8c60e1e28fba1129

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\dws\scan-email-logo.svg

MD5 ea6e8b4848adfeb2eaaa27de5962fc37
SHA1 2a0edb8bedf9d57bf39e8e028233407ce424e538
SHA256 baf530440ab599a4db465a9e41d2da8ecda41f0218aca01e9aba98f3ba81e705
SHA512 83f32fcd1e14eb840abd57ed5aa11eef415f1b3981f2efb227ec5b968388f07052d1c434f432ec0a0c337d257040928dd4efbb26aaff0d88c825c2a290049063

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\dws\external-link-logo.svg

MD5 52acb8689812d4b46cb56a248eeb9f65
SHA1 dc2cf7c46cbb87a917fdad6904547ecca0871aaa
SHA256 d3d5aac3a584ea056f6b372c2ed6e923e37c11aa5f7a529ccd0dc8ecfc2874d8
SHA512 af09ec04dabaededb5c40cd12f3849009e7d855874ddece241b1bc073324f9d6733419964c5de1fc5b7c82b41522edf3983100eabb5ee574575a085d28180dbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\dws\error-fill.svg

MD5 3cb989496c8ddc97be225c95cc37c439
SHA1 508df201964be2d37feb6c6888c53cc639520117
SHA256 d19b7b0fe7a1344005a9fbb4c43e62067e4a7aaf648d91f6cc20bc8489870ffb
SHA512 0f2bb1e8c9438301b7167311baa2eadb55ef3c6a32e903f99e9b461150f4e5d4ca020e4ea92fc7623cf45f408a7e088f8fbdfa5b256eacde7566124cae382720

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\dws\confirmation-logo.svg

MD5 69bf1ef2983de97f65c4aa42e7472f85
SHA1 b734db797e7b53014907831b6250573a2da5910e
SHA256 7f3512a5cf0022bac65b5d70b92b63e5e92066b748371be9ae293f8000a2be93
SHA512 cd2c4c803e702b15dbec84bd2cf1dac6c9debeb96ae9a9ac491777539f9290ed6eccdf9f9595e52bd154770fb0bd66c7558c185a300bd325ac668170b5d10579

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\ff_policy\warning_screen.png

MD5 7aa3f70a85dc324c718aca5f5b7550fd
SHA1 5ea50652a9f1f03ef952b3bc8521265a9886ea6c
SHA256 82689d858aa23889913b86277a1ce2e93e61a2ef56513fa982029e18caf3ff44
SHA512 94773f73fe61e8c5b44807ca918c47ce6c6761c849b781edc26c89dfa36f7baa477ae900dbabf1eb2279152cb7b1bf76d0e200e11b3b9e2adee3833d2ccf9403

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\ff_policy\happy_laptop.svg

MD5 db6809b78d2ce694866854df42cafe20
SHA1 f194c987b33c82fe59096a4855570301e275aa73
SHA256 a99affc0df5814b03a8992d86bf91de675ff5e8a15ef45d3a536fc55317af4e0
SHA512 66f3f864bc924f7b3ba6e29fe02a783ed4e13b5c0fbec82c381b3f71919f7d9070fd2e912309192695669b929b298f0a1397ee906f703fbea1947f68999e3490

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\ff_policy\alert_screen.png

MD5 12fca4c20c37942db74987c8a0fd01d7
SHA1 52de7a95f2af5d4e529eb9eb5f62600118e43eef
SHA256 3b1a9b3aa7efbb556e23ca353cd0d05cc82384d411b4e47567f8c6968c69c3c2
SHA512 dc78ed1f6e0c23d8296c84680efa294c12b2076f7fb7cf4a8cf17860e6a110466bcaf6613e8f261e93fed3ddb3c1cf89b5b5003f4a5c5d1cfcbaa7bbc790e7d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\how_it_works\youtube.svg

MD5 da42649358713f7d5fbf23c73791c09b
SHA1 0898292dd6f3ba291230c8f79ffe0f52524ae91f
SHA256 92bda42a1ec1032c7ccd17c8c8851583f6f1caa4927db744c4c022f69e1717a9
SHA512 de0d53ad1bb9df33cdcd0cbc2ddac12a5e0aa8631bb3e8c9d337df32367d2576c7a2e770e538e1e7dd912835e064db95d78c21767c6531f2eeb7ea906f325e76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\how_it_works\urlhijacking.svg

MD5 bc2d8ea056bdbd741342cb93079e96c3
SHA1 8caefb53af0b68f8be2328c2f4cd5c78535fcd14
SHA256 00f6d507053a8747274debb069c02501642d102e597cd5a27c3daa56568e69e2
SHA512 df05ecdfec6549c0d1fd6d9d29a822be7b69f1fe11307d9cc257ed1b9f027f603c589dccfc810b3e05c5326b751dd70f7d0f5e07d8d4c39bd0dfdcd6e1fecb38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\how_it_works\twitter.svg

MD5 90870165c0eb49b66ff6b7a5854f2dd5
SHA1 75324bc9579b0c3c15a82c7cdf070857a64fe99b
SHA256 78c333235dfd5ac6174fcb5e778e6a3b2d6a6f3fb1c2e62f272beaef95622fc6
SHA512 5106df2f9b97e531acdcc2eb6a48e9a81d6a99baa4644ac1a41deda9ac14f9e5972d5c1c385c678094378f6c77029d0e585e69dbcf8da7112602bebd09a32f60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\how_it_works\socialmedia.svg

MD5 ca93a52102d359a45dde07653df642d3
SHA1 dfc0f23bfb27a3594829e3b91c5ea2d504211fac
SHA256 f0e67190ce067c30af0039bc1a62ba5e33701644777b329d29a2e6c2d00b00ca
SHA512 5f0c34d58d342d9358294b042a2325325e75dfd1d929d1ead9243a4b4750b46b3350140ab724ab849f2d722fa5dc2f691e6ddabad5b89ff30eaaa93de3331562

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\how_it_works\securityalerts.svg

MD5 3102cea620263b4ec9550765f201361f
SHA1 c7a6054dbbf5fd799ba4bb53a78fff8a4ae7d6be
SHA256 0446b3c4e074bb1a0b43ef9a655273f6b5033d84970ea1802a21804949d22c3d
SHA512 4965a6e37ad9f96fdf6074fcc27f0e1ba041b7a9753bfb5071fe807090bc654cb5aa29814a2b771845ec3efec560c0f9d823c8bc91d7cdca974c180142de5c64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\how_it_works\saferdownloads.svg

MD5 535cf3e3104ca11b733ecd85c288be4a
SHA1 6204d97f515832ed77cd522b25fa197e3714e098
SHA256 e25cee5930fac5d01e23bf80a9b2159dfce55d0b99e0f001a4f65433b9eace1e
SHA512 cd6199728b48321e548366629c74a2956706a3e60c4f5e748a33b3d925449ef2b0df18ebfc4024b8d43072cd909a16cd9ecfaaee442090dcec62be58bcb7cd5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\how_it_works\phishing.svg

MD5 d5ac8d0033d0e73693484d210a1927fe
SHA1 ab5cc965daf2e715c9f95fda886cbe32bfe82fa9
SHA256 fc0d125482a0b5e7a003d92b693c636780e724c5a79db36c941a05c5d42835c9
SHA512 2f0321266f137372e6fa49e8e87916a3d109bfc7556948ce745736810e27cd3e293e4bb131f7cd93746fb5591dc61333690a34447738d5982077c9694c22e291

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\how_it_works\facebook.svg

MD5 f2b7c996810fd9e7b0698fab23df1943
SHA1 3bdd4cdae9379d8262fc5c9c3a58127f8b391635
SHA256 b90b8cb8fa98bad759d6868b3cccbb99ff3404e0fe5e4371e5b422caaf95602b
SHA512 5a7eb3a3cb94b3eb21e77c0bbedb23ff144dc110e3b72bea6e5cfb22b34761f2c155b4392491c903595e0b9870021a23b314622c717b6150f3d4432a81623a14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\how_it_works\background-human.svg

MD5 92b7e1ac77450e5eedce133729c54eda
SHA1 952f069f83093aef8eb2bb80fe76ee6c7828fd03
SHA256 77fda79cadc42c3896cc9f8912cb0a4a31380944a8220aca7b51cacf33664b70
SHA512 44350a425f2758f2c46aed2195c99ae0a32a4ad3da3d0ead6cfb42e194d4853c018f012dd690d377ec4b9960c54cc88effa5543f6e6004907d761391da1de1c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\how_it_works\background-bottom.svg

MD5 3b1a1232507e6bd4cd280944a71f1471
SHA1 171ae3970304d1911ddee40e47e5627b2d4fa197
SHA256 31ca680330d42c3a21b02b0681f077a7d0b7c9530a8236708ad21b917a0a498b
SHA512 baae280fe94e6726c879bbcf450f1c23e6a417b3d37a0e1dfee83980765b7ca7bfdc5c8145902c150384a465cc07e8618593c6019808586e9c7b4109c75f4a25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\iframe\diagonal.gif

MD5 aeeca2f21a1eb806a8fb1b305cbd8490
SHA1 1eb1534778af34c0aa2d6ddedc923e7dd4c9eede
SHA256 ebe37863c45d88a32d3b15a220a6ba3c18ec46271e4c675ea6b6d2330a6eff21
SHA512 68930ad82e8dd9ee3c5a0ca85d9b0e06df7f21ad36d33a8be516787049146b18239200f0f7600288ecefc182b12329bb1a44766f30f9767e7b03f710214c3d86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\iframe\block.png

MD5 64a5a282d53b093562d16c27d2fb0866
SHA1 2b5d22bcf322629447d8bbf244a632918cb37e04
SHA256 b7533e7192c16c92e0efec5e38bb4c9479a487d6f6334ea1878df4b0287739cf
SHA512 84666e2811babad3cc30b9c2e068450a94fa92f0964db8668aaa85a8cb33f4f83a535d1755e90040dc97724b36283b9b00d5478bab0de14398ab4b36c383d78b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\mb_dropdown\ic_snooze_notifications.svg

MD5 2060d707414c50bd334de5b9e874528d
SHA1 f65cf8f27e6816f1a8e9ff60c0365d017cb4607f
SHA256 131ec1a59139e1993c30fd3058a900754c9d8f9dc9aad761909dbb697e121a97
SHA512 0e505955ee66b0345a8683f40a2ecd42f3dffb8dccdf5e7f5f44e6c38a5037629948b4d111cc061f259e8d116f0cfd3bb9dd1ec2bf49a4ce58167278c33d326d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\mb_dropdown\ic_notifications.svg

MD5 2b6d200b766f5a3ddfe4529a48797df7
SHA1 a38d8403d73a9d73a489b9b3af5e808bf6664004
SHA256 5b141ce171183828dcd2c8b64a32329493161e231594436d97d290521ed123ed
SHA512 8935be25e1d2dc5078dadf08f39f4fdae19d16f426230eff4026058a975f1d74b8481d60ab954b5e6ce447319a0d57dc2e2b88411c8af000f9361256c16c2801

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\mb_dropdown\ic_close.svg

MD5 3e13e2105b39165dcf85684398e8ca08
SHA1 7cb84745208025e337f7d2d63bc7048568619b62
SHA256 a613f9a6f9bb09d76160c03ab2e59db5a854ac3aac61bfa3580df49c60e9ddee
SHA512 b1380ffaddd05810735fcf1c67483ec48dba5a6a689c309b7770797cf7ec6c045e9746fd07156ab793453f15a1ad0769a7c86b576da41667912b883b7fb895f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\mb_dropdown\ic_chevron_down.svg

MD5 6dfc625c4dc5d74b20716bae8f2ba74d
SHA1 25fc7d2614e31d1f28749b7d854bb6785f470237
SHA256 9c545289402f2802df4bed38fa936e4a849f4d23b87730142322cd56e8a26dc3
SHA512 ab488e905eb89971077f6b74d2082a39f8c193930ba7c33cebd5ad6027ac845ba39e67f39217bfc8f7d589e5faec403c6431a7ba00db129e70ba803bba77b9e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\no_native_toast\mcafee_landscape.svg

MD5 de2e3d1d3d340dd79149003f9604acaa
SHA1 91e26ec2db5f9895070565f12de70d034302788f
SHA256 3fcdcaa254e6b96313bad0f31acee9e09e3bffe596b6de855a25df4b45cc26c0
SHA512 45f0bbf386cdfbf02ccacd3ff17fbbefa58f0240a0981d5246a7346b26947aafae960887a58ad4d444342cd242bb9dd41880a5f7911c0f579511d1bb45615854

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\no_native_toast\install_native.svg

MD5 ba62dbfb7b82197469739cd547828859
SHA1 278833bb0c854412a066216200225cb708303099
SHA256 7d525193664c518933def7afb44f2d8810d24aaf940e32dae5b1777d37c793cc
SHA512 99d919032bf019297612b0908a0ec9df2331fbe40b4837246047bd9297fb0c2b864808d34f7becb441583da9bb16c677cb18b4734b8f07d425a27837909a9606

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\no_native_toast\close_btn.svg

MD5 2d597ec8fc3fd28cc675a767331d83a0
SHA1 5c7e8782fd64f471d030f4d20ea35b4b58c5f993
SHA256 a821b14cdb81cabaede76ccffc6494748729f561d243dea9be8b08423c3c5611
SHA512 dde4dce5f6f932a392f19f390b32faa7702b6364d13f7f92998fbb28bb3ab050a1b7549d067a05d71901c122b1431a3b4c0685d9f42f112d804af6a8918c50ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\overlay\arrow-up.svg

MD5 4cf3a1b20964ae2b7150ffb77db9d094
SHA1 99e0efb3195d3eac4b450a36ec334c1e14809a3d
SHA256 553e55b2d10285f54dd2faf204751af38f7f0da2a79060b5e82c8bfe2c2f7f31
SHA512 10a30f15cdb8a99b5d5d06a18f856a2d8f1c4b749e2821517cd0c91f373872fc89e3b2606b38cdb71916fc1f162a1e2e9a337b65f594ce9d5e99bfcf8f5a8d9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\youtube.svg

MD5 95ab7ba91f3f8d8e331bc046bb9a89b7
SHA1 877b5ba3e36585db17043357cae76516df476458
SHA256 72f99ed3d833dacb35530d45fb5be816f02a7cb19d93c19762981b4001a8ca68
SHA512 f1aa009a36a33add029c61a812a68fd415a4ceb438e7e4561c6ca9eddf3d2d8725b6cee173e4df0cb3c9273c16d42dc0003568554da1973160d6f12cf7082fc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\youtube-disabled.svg

MD5 1da29c03897d34a49a2859ee7e5144d1
SHA1 4305531e08c68d2b892d1e4eeb0e7495ab1b05ea
SHA256 59644e8db54b3d4a1fa8f71f15367fabb8d8715f8ed76b3f9c7b4a2b3e1eb565
SHA512 a559d95b5b1f6de463da0406a19e20c1ff9fe3ef42f6ec16d1217d86defe6ed454c7d85a0512e075c83f2628c520622e6c292c15a65ce230e77aece97ed2d76a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\x-icon.svg

MD5 3c501ad9f83b68417c35b0c6287d6b1a
SHA1 6e8c5f254609123e6b77e0b609746fce2208a51d
SHA256 993247a60eeb729732329d8a1c87683629195a55560c91c28bceb8ffc38482fa
SHA512 c0a9388af7dacfa5b24d51ca987f539e383ee3d2503357f5453812458acc0102fb13d46fc552ff3fb057056f271a369456f3037e9b9c84e3528bfbf7bf6f6d65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\remove-white.png

MD5 b14973ab6e5372cba0d017b2555906d1
SHA1 f33f0f03cda1b3689722b6edc3b26a4447728350
SHA256 d0616a4d04f40964b1d64a6a4ce419f87fc16eaba8bb94156a66abe361935b92
SHA512 c04cff1f3353fa02940a8e56fac1c5b86a266211cecbc23f0703f0a16d30f9f4ba3e188e74bd11165bb6daae895a26c6d1df29651af9166d1fad1606ebec8cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\remove-gray.png

MD5 10a8b5a8a34affacae5ccd390b4cf437
SHA1 a5a7c0cab2e2531deeb0ee691fda0f4e0c0acc5e
SHA256 8a0ac48fa60727d3decba5b405df3acd05eedbefde23ecd750ef3d5bf45e754f
SHA512 ccb9a2f1be0f1a29c9f5c1146f5b05e23bc972104ef35959e726f59e302e288a454b6876216e8ee09f96c0f0999cb2eb695aee6bfc5dca58e0e5e158377a07e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\reddit.svg

MD5 8d9f86a9a69c4e2362376ad038e02b72
SHA1 c55cd50ef5cb7120b40e61562b26735c0956927a
SHA256 ea22146ca6462024b2edf567ddb0b411e0f2da4838aec95771e375eedf7d12da
SHA512 0ad8c0981167746fa30640bf8dbf257cd1a5731a9de6667fced7e2e58735ba58d3ef62c460ab36be6974f7511e6582b6a4fbd13fbb71c0cf6beaa6040b921778

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\reddit-disabled.svg

MD5 8a54fb9d38e1072b28619e29b430cbcb
SHA1 7cfa6c000a324064289ceca1756886ed393e95d4
SHA256 2c0d774c77336d1359467b9ae86bb69bf3200814268bf4984ada050fd5a51fb6
SHA512 88d966c0a1f4ccff61897f1d14d5570322be7d7224add262c5965859c385203f46edc074a63f4c324e498ad1ddb828cc7310392b916f50daa0658faaf188425a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\mcafee-shield-pattern.svg

MD5 33a6b33703566cf94eb42b8af280aa67
SHA1 5e35b60f7ecff1cbc9c97a23b3a6bc3c3c429207
SHA256 d9b86ec7a86abfbee38265d0fa5e4fe6b5c09e3e6a8301f51269f18b7a3d4712
SHA512 eb30e52ad6181081388c41a490d8864b87eba34745a7d0f9343f67f8dfb86b08cf351d68835a4c2788860fd0743985acfd4d3f02ae1377f8e554583f412223da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\linkedin.svg

MD5 3fe661e5de95005a38824476ecc23e85
SHA1 d6282115581c0e282cb0fa3134ef52ec45f5c1b4
SHA256 db2b2d6edc31e2eac165d11fc30df2932186e79d53ffec004a43225501bfb4e8
SHA512 449debfc95619b5bff6d8e3411e42918afe1269e7b23763e39b5f1205ae906b0e85aab3becc5719df016126a5d09e0ae6edaade1253625651f62e4f4aac6e962

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\linkedin-disabled.svg

MD5 e03ba80f2fa98e92241d24d881391ff7
SHA1 1d9c79c6878e022ca5aa08ed63760d87fbe4df40
SHA256 725140d10f0836acd3ea352722ab08c56d45e9f69a20133ec5429035273513d7
SHA512 ca73ada6655facb3561e30a0f8f71f572b8f68f765a7450c18ec9b533dc41e7acedaeb21c905d035beb4646dcce999b456744cc0637dd77f1d30b7e0789a2883

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\instagram.svg

MD5 8f4c6e3f3a5a571f7f76de7beb1054ec
SHA1 336e4ea41ca48b13fbbbff115ef77c37f2978aff
SHA256 1428af01f67f406ece2d31831f7e25d65d8eeacec04e03de96a9659d49a133d5
SHA512 dba346b78fcdc694b7c17659aaec336920e6ce116006d6f7f5fe17242e00a140d6dd1101ebdb052770c56c38de4964120e5ad0f374191ffbbd3a1139143e82f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\instagram-disabled.svg

MD5 494be2e5f9239b8b4a08ed072d9d81f7
SHA1 9396526589a12e18e914c66902e0a01aad911bfb
SHA256 aeca7a435408051f8ac1be787fcc286bf422dd6d661a17155d00f2a5c1ea3953
SHA512 36accea0088b0b3a26adbc390b233a7e1d859d52dea8a8922c79e0aa7ef1f0cd84b82bc75053b5b98d4f4ac3b521a9456b73a96170ac1ee8ac30d8f6e302f417

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\facebook.svg

MD5 f569bfbf7409b40b64f3ece7dfe2582c
SHA1 ad1fe2a23418896651e79422c031e96d331ee123
SHA256 0f7450652e611e8aa86e8e6b3e89e00aff6f8757d7820828d94f9d7d04f449e5
SHA512 ccc663dd354e16a3b8b0d5a381d1e49f9bf4d315416e7d37be82dca722c76503166a2d226a0fcec82495dbc3ab42294c247c7f7fcb2195b968fde4d9f4d27751

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\facebook-disabled.svg

MD5 fe2b7520a61092c32badff400f00d496
SHA1 1735baeef0548ff304669d82ed537a9b6939131f
SHA256 2e6468409d66b796af3095010f94aa55e8d8c810947289ad376e4167d19afcc9
SHA512 4757dd3c666c399003a660cf5bf53b2f6fbd0c06a50bcd48e784ffa8510a4d4c4b9629d1e279adacab4f77053b9d6866666c7a5fbdabad2d96b9e0dc8b6bb67f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\checkmark.svg

MD5 8252bfa40d72b6d1ed58fc100eac6e63
SHA1 a7408f4145588ee8a7b444ae6f222fba7deef5b2
SHA256 fe4a18ba692b3fbf4aefd5512cc3c9eb58b56561b3079c56b1e2b101a7023902
SHA512 0ca4ab2ab92438344a6ec7eb00f71a2433b1e2fd88a1adc055edc392dddbdda4619f71305cda21a1169d7521360b9833a278a2f2c54f5dbcc9035143155689ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\checkmark-disabled.svg

MD5 1d6686bfc594e62391c7d5c2b1b3cdb8
SHA1 a8b7d88d6f2e3add358ead563a022e90a8861a30
SHA256 0e452d7cb43d92add3ae9631e2a1d32cfa042efd6a04cb71a29d0166d21cafc3
SHA512 1bfe3117f6f9ba7f5597d960d63926daab167b2697d0f608d4074447583b617ef844ff2c2c467089b5ae0939654855cb1c5c76343bd53115c42d7ed828fb3d4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\add-white.png

MD5 7fa9e475ab0f70f1715f97f458399b9f
SHA1 99b9f148d7dc68bbd28e410e8c50ad85c8206a5a
SHA256 e9561a833692998f7179af1a4909b3d38c7423970b2a329ca26d7470cba4d90f
SHA512 f5e4f38e18636f3581cd0b9f8f183e2e4fd6b34a473fc3fbd882c5c3371e0a5529950a40f45b854f388c19f302f2a011e1a7b7645c8a954d2e3c3397402acf33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\settings\add-gray.png

MD5 290866c95a92068264d23970c501e005
SHA1 8c754920f13ef23c0fef5db8e66f871c0be3a655
SHA256 7c7a7933f67fd514d67bb717333d31fc280d0c0fb46270bd45b85ce9d38e42b4
SHA512 e65639ba538c43baadd64eefc0eef0631ca14941c4ba81cfcd625bf39e40eb528e786f600a60d63c2ab0347b01a59c50684d799fb7dd29856d66de42db32f244

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\social_x.svg

MD5 c5d67f046cde24f6b2653be12f8a0ef4
SHA1 8ef015c184c1ef3203f081b92d7ee9eb0922ea62
SHA256 fe1353a68a7d89002e60f01899e9be72184d09d7f1e32501c8da62c260f8ce57
SHA512 77bc416ac87792cd0c2eca5794a71ee80a454bb66c12ad59303cb98e5256a71755fd21dedae432d5b70b6a0dbc05d6bd072b64a4b4fe5dce29b9e05f9aec86ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\social_linkedin.svg

MD5 244c302f18a26a287c13375c24d84c8e
SHA1 1e88b3a0a541948481eb709a5d591ac3562ec8df
SHA256 3e21583b1074d9a3b217184c295136e17872f3fe9ed6062b3d1175be5fa57bff
SHA512 56442ea4b2a730d934c010d648abeeb79672bfb21be47b6edbb6d25605ecae0bdb273d9e8833a1a4e7cf640469c75379932edd5ac70b35f9f9027bb14ae02974

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\social_facebook.svg

MD5 4624a2e4b9b2ddf885c9680860523c67
SHA1 1404e5a0356f398fdce9cf3fb521f779800c0c85
SHA256 7c2709426e7cb36894d4874b94bdfe39fa051b3fa77c09b3eafc972232155265
SHA512 995e006208b6462f151a7658d78ec2a77276fbe25be1d1f6b13bc9dacd65f80c00af1d7c477671f98a2220c3b870faaf4df1b0e8f380c4c86d8e5429f2ed2ace

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\sidebar_logo.svg

MD5 3e58f3f4abc887f82e200934f8f2db4c
SHA1 59208d42abf2516413648488580ee82f5d84c609
SHA256 b9c985c56c09ccf318f5301c35a37d988bc717de9de21ae4c7dd817fa2252cab
SHA512 2488442b14baf25401bae9c3bb27bd5742a538f15ac4fd0cfb5e9eb20840651118b99d1afa9553ed4acf927352d63a5a11ded840e6a2772e6c0a19a0670da508

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\popup-logo.svg

MD5 650d3a2956d151d8cbb9b84b76f74ac5
SHA1 14b1fa01a91b5f47bf9b33c949c09d46fca877c1
SHA256 6ba2ccc2dd26ea71b6ef652fab7d3994c2641dd74c0228308c0ad6935b9f3249
SHA512 5557e53f9cd2d10fe05fe7610de5939a8075e929394a025d4c9efbc0725e56e3cef020f71306aee248eb599299f23896e432a8d906028dd2bd3b0bd94cc98574

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\ic_settings.svg

MD5 1dab673817e0fc5c863efb0793d7b1b1
SHA1 fe2dcdb5155c5db9754e4193298afc1b1dfc1801
SHA256 2552afc14c0d44d5ed40a49ce2e3c2ee067d88298cf17bde665b021fd16613cb
SHA512 ed02f8275776df1be8aa634a280a23053ba5afccf11781d957367310dd675605d0377c73ab50f254f1c24ab7fccf00e524d62d14336c724962d340c85c44ba7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\ic_search.svg

MD5 712dc1e4820e4b66d1197182ae159f99
SHA1 639391d0ce8b0f7bab4bb26ce8216c40f7d0f3d9
SHA256 f48d9e4eb136bb945a50085e7cf9405c188a5b3b27973542aa7f23e699d79da0
SHA512 43caa1bf725ff029455b4e184da5251f9c2c49a9a0bf7a7da84223542185557215e06c574594832195f7b455bbcdf764af72f6283470e44e662cdbcdbf44ee69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\ic_info.svg

MD5 77df97dd24db39a6ad87eab57dfce8c9
SHA1 e1ba714b7e572fd5e7fff01dcc2409c3993d5755
SHA256 b91800791ed8fac522c1087c0f3b3bcfc09935415bf2407d1d56a32bfb867b65
SHA512 ef898580e727b4935ae8806719b1dfccd3ff43b3e790d0999d883e9f5214a56cd3d662f5fd842870da309a46b1eb6328cd1b530ffabe7f62e3aef83a429b17a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\ic_ereader.svg

MD5 c3a8d05c5f318caa9ae7669d77a39a4b
SHA1 65c3a56a6336aee4f618cbb0c5631771adc88fa9
SHA256 20bb95b2d1d0912a4c1f0981fa32cbc0e4306b2d4c7440278c44904935c7f4e2
SHA512 62552debd41c6eb1d8d97feb0eefa47d0a652c660c5c165344f4473b6e35a1f081ac2349d5f9ae04d47bd48e7360b7c958ba77d05c1d8ba25fb9424a944fdaf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\ic_chevron_small_right.svg

MD5 42540256abb194eb88e97dd56de85dcc
SHA1 d712b984b1abe588cd71535adf19e139497a02e8
SHA256 0dfb82df7409da4b63c196f8937bf1490dd728ace092414fd82505f44b25a3b6
SHA512 6f2643941804f8a2051ea4badad4832ef5fea751585c8a250bd17a0df88234fc184938c52426080b0bf578dfe6ebd1933bd0e301d49dceb62430670eccd95667

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\ic_chevron_small_left.svg

MD5 e8b741dc79b08ad9c15e9ceb0aec6458
SHA1 b0c45ae87d161d849dadcb24ad4f5fc7030cbffd
SHA256 1d35dbda1d0ae0ca61bb46974ee322b41461f9708cf9afd4fd8e8b4a156adbd7
SHA512 2a4a481cbcf15be6cb23daeda6362d4fb0a2f53a0dce22721bbb7705f148bda8cb25f89ff46005543b862901e7c899b2b800ee6bae215157af0d7c13afc26cf0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\ic_browser_security.svg

MD5 4acfdde68ac89ada9f7b57e11f16ffa7
SHA1 83accdd30f050ba5aeb3eca943eccaf20c8c496b
SHA256 72a5529f5d2435cb99ca5fea0a343cb64ba17536bda43163af9cde90f20468ec
SHA512 e08e7808bcb9b4448305f7d2015f88edcf2d1759ed517ca5c9e132e8d8f57e5886ce1855ac6887194adbbd4d14bd35ff8644793601cb1e9cab6df851979bec1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\ic_browser_history.svg

MD5 d293c1d1191875ddc377b994ab1041c7
SHA1 6a5dc1d7c8f518b47dba965467d44d7268d015db
SHA256 b6104d80df687b685b290ec033683f2ced3d016997d30efe302f5bf1e68670c8
SHA512 bcf62649933db50efa0de2c67fb9ee17257193e1ded73227e8d889833af96311cf9694257cb0aee5433d0b58b2e9bcf84cb7dbb05ff966bba065dbdfd44544e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\ic_ai_detection_white.svg

MD5 6a40d677a200d395cc7498a5cc671cba
SHA1 c32aeb5acbd6194fa8f8c9bc28d3460e80de9ccb
SHA256 89d19cabe3ad5227f029745710504b714719a5fb9e7f1f30c8487328cdbb7746
SHA512 4a97ccf2ac94edeb63da3ba4225dd36c3c220163f6ec82e653e1e43a806cdfc5d7dd0f5229fa5ee1e877da9671d5e17ab79b6fcf295a8fd2ba45476324eaedbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\ic_ai_detection.svg

MD5 7078ef55fd90f1aac13affc6c243436b
SHA1 5b6dcd0b4b4b936054e600482eb7d60b3272ff59
SHA256 ee90e35a72b87c81550b24f6358f6c3c786128e87da22f2eeb7ca7de1f671ba5
SHA512 7905de40ba0e255eb157b78ca58ad5065263080804a6e758f7da4130daf4cf3acbae150232034c4a04a0febc1475a16e4eb1b2d93caa2c31a4a74f7eb866a8ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\home.svg

MD5 d0ecdff375c24f74221f68225039b36c
SHA1 bbfd3c9315144f38d6097d9bd21a0c6da795000c
SHA256 f9598b5b10ea88a26757dcfd8ee2e2022dd7e1170980418505b98e837015f023
SHA512 06a21fb271c3d2a1f9bead6d0ea6f77bcf18033ab25c039ec2303b959d103277671dae386ef1905c9b68d1e710f42a499a2234b548995ca531f67711a05d4aa7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\graph_red_icon.svg

MD5 8fd03463adb60d452df47e352f2ce4c7
SHA1 640d6e9ecad8ce1557267b76cfd6161cca28f2d5
SHA256 2ed8d54b805c65f0108c73a30cc3fa627fc79446b1f964ebe69042f89fa84e28
SHA512 06dd67654c2c8f78338e371d8375c9ff36df9225ab67f8a55324ee1214ced6b3373c9928bab716bb873e64cad72072df405a4bdbe234df296087b0f5bcc7eacd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\sidebar\arrow_forward.svg

MD5 f995441602bbfa894146b13db27a6d7e
SHA1 768243ae3d0737067883b7e21010fbaf141e13cc
SHA256 568f058d7e8ac2211d2226d2e422a3f6a9bd2fff80f870a26bed4215317a694a
SHA512 9ece1aa3bb3c4a439ed530c0015300a0dafa99602087d7e8359ede529c41a10a210a239326a4823637822d37f6d79081d388f25d1094a9f0e835ae6cf2ff9d2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\wave_yellow.svg

MD5 11d1f40a53bbd6eb84c41caa4f18c989
SHA1 214154b9ea931c8f23e84e549fbf6de4b156da23
SHA256 e339489ec7cfc3142d62cd46c14185cc990f2a66d2833f94aaf1543bf23a9bc6
SHA512 c7e7f6ef317f874b38da86a0e29d280f77f782b6c4cf3fc8a7dd02ace2d62578fea7ed692641f9665debd9d1e9074fcafbc637411684e0b3199ae43ac0162531

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\wave_unknown.svg

MD5 59d0ed068bcdf2d9d046765ba93418ba
SHA1 ff16c32872df7cde003cd2946b0f809d8aac3056
SHA256 44aef871c7ba47dba8e8c79b921442339e1a954bde7ee52da857d11f723e76e9
SHA512 cb2463b93be53fd85c67ff6a48aff9275c5e8e4e5a04e2028d26ff1318b7b7d5e9cf5fd0993431f687900260e3a5346217701dd969907f5a158bbac7d8dc852b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\wave_red.svg

MD5 11e63557a03e92aafaf2a9e3ec1a6f10
SHA1 4963df7c26135be1d1aeeabde78efdb00e6af988
SHA256 a1dcbd3bf0eec977abc532cd32ca1ea81b3832cdc353a800413ea2b1785d8261
SHA512 639cf73e43017f5cceff9789bc26f40ecd0eb07f2a5ef79474e220f1929f1191dff98acae3a0ee6c824e8873e1daeed41d601f44305d0756fe1c938b5ce05f8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\wave_green.svg

MD5 4c5d32afdab60c45a088141dbce107fa
SHA1 964a81b73f599aa0301d9430ce006f01d4dc8917
SHA256 dc63328dd136cc3582f7dadeb580e9c00b62f937ea05d0fcc75808f1b0fc057a
SHA512 38ae34c068b538def1b742109b00bfd6524483289d62e73a854c3418572f23fb7f0ecd9aadc6028a80c9934dac9ef0424f6d25a684da3492532e3056a592ce6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\warning_yellow.svg

MD5 c6c7c219d1f7f74addcec8ce48f193a5
SHA1 0ecc4ae1f29027928f9bbad299942fc6bcb11c60
SHA256 02584615a227a5bcffec51320549404a772df8f2d78f6e13779ec91f6da70ed3
SHA512 5410ef0cb7efe69a8dbe54d7a9c79b4233f719c893cff15b8d55a886d0ec88362be4fc707c4754aadfef9bdfee0f50facccca2ce3eea12eed83fde6d3f528a4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\warning_unknown.svg

MD5 9b1966801500c78203a89885aaa1a528
SHA1 a3f59595c710d16a88b111ea4b87d7ae5b670bab
SHA256 298e1d2b8ea48987a2df6c4ccf0a3aa0a3feeec429ce68b66d4cac617b45f4f3
SHA512 e9b328aa214bdce039694b6936b2f55b926d0379fe01d757d870b2d303727c6349a3a0e6074d76694c6470fb95e4a3df4204863121f9531d5fe245f9eb747ec8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\warning_red.svg

MD5 c5fb6e2c21002496cf142f66ac2c5e2b
SHA1 13fa6674097eff4a7730746c5862e0067f77a1b1
SHA256 c301ddee10d154d56eed3e8e1b0d84ec685b55f1bfe0f9e12e5ef46f6589b0c6
SHA512 e1d12242e5ff6ffb8ae262fc146f8e60a6ed11117ff6e23228bb836e9c705b9c6321830aa171d77001393639bf342a4726bb25590f7c30d48f5fb6edfb388f51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\warning_green.svg

MD5 3d867c84e1e6d2fd30e61072133eeda8
SHA1 61b9740db47dea7ddc7c8929d03b9c927067d77c
SHA256 5068c87fdf7e527035dbf48e28c16e97a64e4d2e71dc869cb798b9b6cb926fdd
SHA512 96b77b9b89067a00867074dbdbbc42c84e9c529a7c0d3a70a53b8918ad76babaa953c84d98881a57be61203f44b8dda606329f41d205cb6236d15edb7c79e12c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\thanks_feedback_icon.svg

MD5 398983b7e7c9ff221847cc8916f6b0ef
SHA1 f1fc6d77f305dfbbc9c3bc1cabf254c886effb6a
SHA256 0dd21dfeb6ae5368a599f2ff0828e04a4f095394464c244a89376b854055cc9c
SHA512 3d0eaaa67f99e4beb24f15fa2f5ef86d193278774a0ad8db256e2b223dab2db9e0fc2615bc2df631df2c29bd7a9f95e131f83d36a95a3317b84da413995b23a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\smile_face.svg

MD5 f01e50bab229fa30c2780904ad2d89aa
SHA1 8de1d01e2746419a20c59adba80b7552b19f97f1
SHA256 3f0f3fd76158e1e010f4a8de042b0bd57f9aa1ab0a6ca7e076eedbfe44dc3698
SHA512 af98663da6f17a8fb47853063e36cecf992c0ae1e0777517c656a23fa161a08ae5e9e346979e5f85e1a427a38cf915bea88e55fdefe0954ae70c3637413afee7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\side_logo_yellow.svg

MD5 e16190dcf46d5a978b83fa873cf5c6d0
SHA1 a757fd5648ebce07f8c1271a58f648e7aa45ac35
SHA256 cf0f2ed2ecabe6894cf40093bdd82fac51a26ef754c3a597f6dd9f215647c454
SHA512 3984563f0d5a22e6c1bf0212e2bb46f2ad43694b5379eb44bf7dce6a701e02cb51c96350c686c65a6800561db739cd216c75b81ac73deb914ed7c6d10d0bc4ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\side_logo_unknown.svg

MD5 eef13b8c98033b4d6e7bf020fd0c7a72
SHA1 612dc1cca9b3f3e037f771efa920a74615172591
SHA256 56509f804340038f1abe9b56deca61d110a3f9020805fe31621492ac7b87fd6e
SHA512 b73e6b0fc19e688fccf5932113abe257a7bc5022fec66d596954626272a81a297070016c9d580256cd01b193354f48085a2b6c07a46ce6062ec3a1ba1a356919

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\side_logo_red.svg

MD5 f14e3d0982634c59cdf07afceaa4f5e1
SHA1 09937c430395dc2b26b22354d9c49cfd29bf912e
SHA256 c16eedb1e76ef8d8ec21fd9080e0d1bcd529c05a6565c6fb9838728194bbb16b
SHA512 48311c5740f6481987bd1c2af33fde8b4a1adc98521642f5e36c50d8e6df2e637052d0b940255fcdb2da376dce5072303fbe94719c2cc81ce31cdd7f674312ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\side_logo_green.svg

MD5 c497ec5bd201ed39d481d45806966867
SHA1 9b83d45664af236386322d3df77ac826475e19d4
SHA256 3665a2cbffd36668b06f473c2924180bdffdb97774ee62c6764c83878fb6a7e0
SHA512 a08a1b3ece19973ffe484f087c276ecb9171cc8a9d7664f880bf8637a7f5d54976053cb933fad344402d5e21f7ea4a0544d89c1546c5279a23b76aa8dcf5bad0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\search_icon.svg

MD5 60b2f7207496a45ff9d0c56d3196477d
SHA1 296727c74f6cec5223e77a1d4ed95bcb4561dbfb
SHA256 c145b6ddd558318f0cc8eeb11f6ea474c690769cde2271677e1005a0fb00f532
SHA512 7f8d46b0e52efbd7853ad50e4a0b733d155e82264664633affeafb374c906a69a8364c002eb1ab111330787b4c975403e0708ba2b9dd5f8f0b05188c7d0c4ed2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\sad_face.svg

MD5 7cb45d712d0d3da14b000209bba4dfd6
SHA1 6ba4472c9fcf1e1ff4d6b782d743493e8cdf5cfa
SHA256 c19d804fab52bc557024db7c4c0034e01fdf45cab1ba34eefc5bbca37e987d1b
SHA512 a78e8df9728b826550d986bfd1804edd7cd36da826be188f7776336197bc72a217986354fe510cc5aa9391ddf6aaf2c6395aad71f44d0161e44d04c156b26948

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\logo.svg

MD5 ed708c571abb2920ea9e8777d072d33d
SHA1 cb224b6794e7cbc6b092b874e45d057b466145ff
SHA256 c7b585a3f5d3f0fcc6d99d09b2a03ab0a47cfdf40702a5a9b0899ec2e422d95e
SHA512 942807a857b82ae22e1dc4a7205713e4365f703a07a8388ff1ac843868b2a17bc5f12ce306cc07ddc9e7a96ee4140d02b46eed334aeb229da0d2e6491ddd542e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\site_status\close_icon.svg

MD5 097943f80730cca1a88700e0d73250b6
SHA1 df6296484e33a1ccab52f477e9e3f28a53869536
SHA256 9ce40ec068ef3eb9bc375a51d80d2d10aca5fda5ba839e83e1a1b8f2eaf02b92
SHA512 6c2b23dc013fa6ab92aed6a8a8f970ef04b5c2e98623b2d1e6ce0919a94bddfafd484a44eadc909cf03d6782aa1c1d6d38872aa9da907094936d5eb9ae730aba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\youtube.svg

MD5 f3c95f1ee512e5b481fa664db72a0072
SHA1 517c78a4a90c91d7057fbc80bfbd1da11cd712a0
SHA256 b58a353116e1fda690fc595ad5a43c8f389edc10fe5bca49bb4375222fc72455
SHA512 a08870bee50f39df2f3517b5b6f6f11f7ce899821fa0b5761742b690fc588716b0085dbc6cb08503ca45ceb49b7b1f1900afab7ca4ae4423f2651ae94467dea1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\youtube-unchecked.svg

MD5 649374ed8f7b7d6f7077b08fc33361b6
SHA1 89781fe4150a9f295e56ffb1496ae8248022849d
SHA256 bfbfe1db8f3a86a17ffba3a316b31860dfac33ccbbff7da850f986bc2455a1b1
SHA512 1e7f5cfe0375116d4594ede7a239d85deb3df2cbeb323a258fb557df053948001ddd55e7f40ac75898330fd8e6c7a46fdaada6ae58c8ac2de6aebf0363888f28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\youtube-disabled.svg

MD5 79dbc4016cfa7af54854fd87f17b9fe1
SHA1 f3a8dc59c9f49fed2e8ea8bf8b545dee717b99d7
SHA256 48a0372476a73e3802ccc5c923c1f59cdead04df96a9b8a3e601e97e5bff74d9
SHA512 d1f82c7074008dd519af186ece466d29764c2d0a6f514fdf37dd0d803b1750e82d7ab5aeef62d59b50f399ff9a14ac117dd4dd1d0970aa00ed7b7ad8bd7653b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\twitter.svg

MD5 3b61fb4e8abd2a4b48beb4e992344dc1
SHA1 99f51f7613479683b0d66299f65bdb9d94cc2f31
SHA256 61cc9bf74aa7fbefe2386868a799da9d132e826f09f17ea082b2029fb193b6e2
SHA512 a7dbdfa9218231d74a80e62968472643b38c8a35d7eb533c623aeaf9f7e865418dcbc486168463fa60bf1205adc9b83197aa2ea0d6e001ae79613ea4d2d4c609

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\twitter-unchecked.svg

MD5 49c4d32f0e66654208381ea6b518c921
SHA1 1867abaebb561c02316b71425ddc74cec57f6f13
SHA256 59c28fa052c96d215cc420ce2ac9fe572381206bb25a38749705595f7bb473a3
SHA512 0a4b24d9e058f78542d4b4273cdab0cb3e410463a3e827e44bf98acfedf8d6d0b84b4148e8bd5ae03d5a3e3641403f5a21ccbb727467559d25dbfef2d18166e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\twitter-disabled.svg

MD5 7d822b99ca9e51042ffdaede8a5a254f
SHA1 dbdccfa7ade6f0a3eb56cd7317ac407abdf0bbf6
SHA256 6f8318d5de526eb76530b42e9ce055f59cd4e47cd419c571309d215a2f65a252
SHA512 a9d33fef6183ed28e6b8f22e19fa70084bddf3ab95b6b05fcc4349c45bb86ac7e30b7743afb82218d0a8c049d1ac5ccca3290f34c81038759cc5fe07de086b45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\reddit.svg

MD5 fe709438d1fbb05fa19700835f27c170
SHA1 873889e53db11489adad0831d7eec2da09396d39
SHA256 1e683942e2ab6bf905719f7f5ccaab451caf8b978b63666014df66ffd25c1b46
SHA512 b14a991c57d2a627f06c2dad7fefc9d32ae6c4134c1c95649bdf02a21a3ee11d6cb4eb7c37a3025ddf35b73454082da297ba64f179bfbd51800f23c680bbd21d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\reddit-unchecked.svg

MD5 2e1a647ad3777312e5d7b84f70230501
SHA1 75d5e0ac26aceb125d3acb20ce668f11cb121cff
SHA256 95f3634e5c1798fb16f6b7a6b56e9b3374d4357506b48fea1999d53e97f9dafd
SHA512 aed533953cf36e99bfe551ac5759670f365cf3616b7fad36197312d9d7aeafc7c5789c6260d1427a9c7aa4330679088d98ae0ba4d17e40e99daaa07d88a5c5a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\reddit-disabled.svg

MD5 0a940b4fce5870418e3a07f68a205365
SHA1 a2f1adc4c0872ae151d95427ea7963042eedcd79
SHA256 9fda50b768261bb956594e4ff9aec0bdbb6c6156d530bd4ac5ad095848bc3f6d
SHA512 ebb2ebcd9eb4350d7df5e4d5e4662da49e51f1f45361963404f1ef1265c09d9a69461ef129e74af932354362cd13c89ef3e850c030add750670d2f99da4fa4f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\linkedin.svg

MD5 39bd4cde50ab7548ef22496b60ac253c
SHA1 b83bcddedf49f70205f3784ee311ee0288e64475
SHA256 84dd4440b78f9f27a4e3324ca111b7dae3d3d61395f3b15f77aad6eb90f9a970
SHA512 6f8e35866e0dd9c071d59cddf995421ab974e7281ef0ab1f874e8ff125c6eb94414e944da83cc702e6ec50c01702fadcbb47739ede8bf93a43f35a8b5516a2ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\linkedin-unchecked.svg

MD5 1fa339c46439b60bf6add8b64c4a0b66
SHA1 850e2f99d80107e5ed111da44424717cd97cfc86
SHA256 bad9131c52180e0c04e7422aa0c1ca4e74591eca508d282ff13ea1482d8ebba0
SHA512 3362e659863743e6a75f02c53c80d62cc781268f04295f77a72e4031a82b07e3f89c1719e6568c2ee11fae9ac4fa70360a4ed4208a01fa8bd850c29e975f4c66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\linkedin-disabled.svg

MD5 bedece397325b64371952b71ac9c71eb
SHA1 c18a90a282a4c972e35aa8fde8b3415a283193ac
SHA256 39835ca910e695adf4bbe6757db12aa12c7a0092dc7747f9cdbe17b100ce4642
SHA512 6c222832120a822d637631ecb58aee47d5c9e3b566562fdc7fb86e5d9e6ed615533e9d23485fee0b030a476ff98ec5f02af29cbe9701b4c8f6d661c646ab7afc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\instagram.svg

MD5 b7e5ead698b9cf7cf78845c94e7173d6
SHA1 2f3c3e38b0941c2cf1106bd96d53b06fd6e4c127
SHA256 e6912780b400cd01f5d9f9c2e99a8f5720c45c772ebfbd4417cad15d5d481f9f
SHA512 f2effc116ba13c21d5cf5100ee00269127c490c84cfcae1221b08ab11c9fbf62a59831c10a78735d12bdd42547e55bfb0827545820752ecb134aedb229c75b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\instagram-unchecked.svg

MD5 ecf3516cf67f667176040cc186fdcd2a
SHA1 581c0905c382039489bf98f8f9386ef73076ad79
SHA256 b3bb02e9a212d25fb481f46ba2f3255aa59d5f954ae71d52c6fb8babc5122d4c
SHA512 a77cdac57c711bba2e570535ca8bba5b94285989eaa462b62fe7feff7f26244a1e92d39ff028ec900d3d54d4a57041ba24423e5133c72794115e3acda874b706

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\instagram-disabled.svg

MD5 600c76c70ca6b17faaac5ccfdec7c478
SHA1 23a1ef44bbab865f4dbc343178a66a2f8cead620
SHA256 054bf6ef7441312c83965511cad648c27bdeda82bcec365ff7a3343f4c374450
SHA512 8a5515343736da079db4ea0bec0d5bb6d0272be6c4f04ff5ca41286b76fa29fbba7d7b9c59b4e0d11b5be4fba1589b30da8bb5c726c7c8f74880e6939ecf1e19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\facebook.svg

MD5 763803444f3005e0faf8f4aa76bdca80
SHA1 352a65debde91eecdad9040c7000bede3c102403
SHA256 bb7dc0e71bc5cc7f5d979b00837855653aa0582b7d8d2bf3866246123ff44ee4
SHA512 4120b60be1f40acf8d64ee7a9528ea8a147820dc069a4cc3376b4272e76cc494e6c1a5a32d697cc03074fc8461139a1f107498eb58e4a439bbf9e3d42d99d55d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\facebook-unchecked.svg

MD5 c37f963fd30c8fd6c1bb752364107183
SHA1 cbd1aef0c5b99a158f7befdbfb2d8999b441995b
SHA256 b0e118aa819ff4db65b841b3b205bd90e90348a05ce6bb350a1b7548a2c9251b
SHA512 78253ebee64fb79405c207614fc4c0d4eecae7f73b748a084f9c15ac6857b9fae7e7ae9e9e339c007ce25ebdc6d7bba7bdfdf7d2638d79b4706d3dc658164fd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\socialmedia\facebook-disabled.svg

MD5 814d8b8c7e574e45f5d52f19f80b75e3
SHA1 97a5a7e4dd6db4c4a9cb578a721deb653e18f21d
SHA256 64ee3637e6c7aef16e327ec6934b90466170d35d5c607076eea93cc7ebf9325c
SHA512 b102e8c6472cb5821d7b5a9c8b3304bf104ea62858de090e12113c48956fb6d32690e1cb686269de4a0bba1f78b3414a3d25da9ab30a843d210d87fd453b109b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\statistics\pages-scanned-icon.svg

MD5 9f74e34b99cfe1c362f09f5142836939
SHA1 44c714a4441f0a7a130e6cab0e75cc811545a66f
SHA256 05c700272b683ca1670a5e039cfe5098b58b4a33b64e19e639e68e9f61f47b8d
SHA512 91b80315a53e0809b801067eab17c5eb38e44d7214be778cd2522d5a198d2b63b2cf3db2552d02e779dbe3ab70313da8dade61dce096105f9bfd20647c1b9bc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\statistics\pages-blocked-icon.svg

MD5 711a2cf02bec3f69dfe89909861a62e4
SHA1 6ad9f51a9f2713d17bd93f78083702c9a5c9cf7b
SHA256 31bfdd4098f6606a017d6c598a638ac5191186c0c7ea491bf38e59dff249d97e
SHA512 387aa3ccce05b92b21c455ecfe725411e1258617e610b00f53327a53c63be3ec7c016b5f03a631287183c94d6eabc2c20a7e8382f78592f1132dedc00ff237d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\statistics\downloads-scanned-icon.svg

MD5 6ea0c55b5563cd9feb4cc13c8e5bad8f
SHA1 b21a5cf2dd61bb95b156b24c56e6a311458dde35
SHA256 3e6482187200fe72e4b063d0f25a5f14b4492047f90aba44fec9be64ab68772e
SHA512 899a6054aac2a06f285a553ce6c76a22b8653c4b8b8ded429b1f5a2be002176574c3c63b8aa21b2c2dc8c02c4f778cff6f8ced027cf13105c9b25a8443c0219a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\statistics\downloads-blocked-icon.svg

MD5 160550c817acbf5cabbdd3b20e903e37
SHA1 1c771f935ae29004400dcd83dfa8db1adeeed9d3
SHA256 f330184ef8b79ada42f82c0b0bf77a24046c6b74a69fec0fc2605224a12dd062
SHA512 b8d746e3a3dcea7685eca1f9cbbb44dd8b18343612ac0ce4aaa4a2d19ce318af3fbd6a746ca23d5fe1d2b2bbf1bb36f9345037cac84a2352a1b27efc8d368be6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\web_advisor\x-icon.svg

MD5 15c44de5bf34f917db329b931143b02d
SHA1 73e7f9fcbf7d139a6e701ac0c1c8971d29ffc72f
SHA256 d04bc6cda16e1e3d292bfb19148d7f0cad21cb96bfebe0ed9e2a0341d3750953
SHA512 e42e9725a5a3c80eacc070f6b8e1c4d304b136c4ba55353d36e6e8af8ece534f7325b1e835ce3ae844584f346247070b6180dc35728cdef7b97336059e3970af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\web_advisor\white_mcafee_icon.svg

MD5 7c7f3d088209c673b10b2825c943233e
SHA1 a844ffb567f9d730814df4cad20b3aef7643829a
SHA256 50229fc494498f88523c723063e67490dc1e4776b6d3b0876fd7931c1e1b5c75
SHA512 9da0e3ba21bf441b7a07a0b6f66f550e00cf686099cb00ec9e4684370cfee3669951793af4aff0bca5b2595f0932852027bf56e6fc4e3d6f7f71c530e53e27aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\web_advisor\search_icon.svg

MD5 51a47620b1c48b4c432921d35d02d123
SHA1 14297a9827ce5ba874e4097ff8840f06b109ba44
SHA256 ff1a4e5ad768282559f2c0575c36a49e3c5c846bc5717ee07853e34fc7494235
SHA512 35a9fb65204eb66ea548f6aba6bd468d8d24f6fcef9633211dfb88bcd81084a799c5bcd26b73cf74245b11117c0fa74b980065f0927a291c2724cda64d81b711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\web_advisor\mcafee_webadvisor_logo.svg

MD5 602508266d365ad23c2c9bf5e352054f
SHA1 1dc20de9ca11a5ec24017b3cc6aa077cf85cfe77
SHA256 f09f1b00347486afacaec4e9cf7755986b8bbd6ffefe1e464fd7bb9928f16b2c
SHA512 b20c2ee4c40d1e611bd9cade5e2b29a04787289e70336044240c88824e454f46379c4e5bcd94169a53fdc4782f7cb2d9af31ea07ab59507f0c1db15b8c189696

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\web_advisor\mcafee_slogan_white.svg

MD5 10f404e036b0309e755d77e4e0348d5d
SHA1 820ec8420fbf5de31ace37d22c61d23fca73d3b2
SHA256 c4f3ebf83f24aba4843a588d064fadfe68e4cfadc925833e16c1aa0e30b9eecf
SHA512 d70de232e46f3c44bc544c65a6f46e46fc465243f3061e0a450f04a53f9309f5910f67bdd736c6322901ff2fea6fb6727963f6407161125a6fc585ad7a97a2d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\web_advisor\mcafee_logo.svg

MD5 9bcc6f675f54cde7cafb533091009f32
SHA1 3cf028339a1627fec086a438ca4e7718d890fc91
SHA256 fad79478bad5e3484804e956f3678b2065525f26e032939a4e03af0e274553f6
SHA512 a80072b5a697b81aa6019ced2c501584e2330c8d4f4fa8675133f161dd1e181507ea8a6b375871c28cdcfef1166e5cab92b7906baeeac9f30c218824d651fc97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\web_advisor\mcafee_dfd_logo.svg

MD5 68db76b7e24191b66129255027f82c94
SHA1 e83f02c658d6d71507fd9fa40cb2eb7135e16b3f
SHA256 0109dce78b7f1722f3afef6b68ca982c6b5eb7473b2561b67bf62e91bb7c1ec1
SHA512 65ffb879ed6093d8f001243abdd99d34c52a8ccc8b08e2160395ea8fa68799cb2010b46d12ea8af0f23186af8bc559dcec53a24ee85b31d0dfdedfb5de32279d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\web_advisor\mcafee_brand.svg

MD5 16405c6c43a4537a23405324de6ec0b3
SHA1 b5995e25af58e19deb9fd85b739d10fd8cfbdca3
SHA256 db412f891da3f9e41bea3a05dbe5d013cdcb21bd3091b7f4780d1c51b1ec44bb
SHA512 66bdc7349964f5a08d52a437a22ab2c806dc86f62bc06e1cfa6b863ff7de0000cdfaa340fa1d6b17f26c5a72f0e7c49993b0109eb82c86570ba9b1d88a94153f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\web_advisor\danger_icon.svg

MD5 d25c35fbd95038c5c82f2372980faf48
SHA1 76d0c8c5c5c3cf89a17a5d2cf04c7948230d1dc2
SHA256 9c5f1eca9c4e95c817a9fe4f581c607318150d611f08107f612b7adc366ae7c4
SHA512 0f7d90cd13c38fb2bb1eaea574e7a6887ad8221596818612a3405971bfed169c951614946f1500cd98f439efbad34bdddc3bdaa3e8dc612248dd64a6b99531e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\images\webadvisor.png

MD5 5d71c98e5628a398c359918a39698ab7
SHA1 d552c8967cc38c42c316fe3cdce197d1529b2853
SHA256 9e41e1234b3dc6430bf77d8b3806bfe54de2b52bac007b82acacb34e767959fc
SHA512 a87a57c4f88b18e7b7d5c44885cfbc82a1145ca16a27c0b6963431e8235f801db18a9c005bb01316008801701214019a7686a2de448057fa28a7d5ca560ee36a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\json\engines.json

MD5 58d6a17772d80d45cf419d6142bf0fa5
SHA1 9137a8a4e4d650e7279ba733fd4d7c28c9a295c9
SHA256 f431d76c4516f0e327ce73e748c0c611952646672fbf6891c240a7d96aa5be90
SHA512 2b0665c37ebda73379d18e8cd63b33ad48cb0e2f081e1a8a71f9182e8ff209bd7a9e731233a7e5824359558c93a8e7a7bbb76eaf6fae93111f272975ab7b952c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\MockingBird-Package\scripts\worklet_processor.js

MD5 86907ea981517823e04161f266aaf02d
SHA1 d68fcca8c05491d4baa14cbecd4b12dc12914cf8
SHA256 587ff5586f90a9a887846fff22accefee4e02eaa59746e96e11a2ffac242c668
SHA512 cd78e5d7f29d02dc7d400d515cc1b5b7e8fb6b7d8322a06c2ee4a566e5ef63ae0125f97357206e593eeba08d866a2fed63594883801a31a37cb70ba270d25823

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\MockingBird-Package\scripts\mockingbird_content_main.js

MD5 f58c820f1a27893f841b26d5b9e9a43c
SHA1 e277212e0a9399835b4f9d972563e4c71405661b
SHA256 e13efbe608480bb7ebbde2a22dc56c8870981aee037f5b50ad521a2cf458457a
SHA512 84aeaf3c02d8b32c592acd788afba699e4c33d159b468733ab720705e0d6c0693bc6e62f27bf1f9233e549079f698862318718d2594452ad3f0ec2b22c158238

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\Sailer-Package\feature_collector.js

MD5 78d57885e5e4d3f8aea5b2ec1635e965
SHA1 abba46a8d2ed14d38dd004d866f472da80b6b79d
SHA256 d29f575650cf543ce89dcd43e657c1a97f6dc8c0af8f85248cac4b3ad4f36954
SHA512 18f1c3880c5415872b2f443431f55a632e3d8f3952d3b8eba3d72e367ef16dec803ea1404d598c503a97931c0e7242cfb53124699a839e248374259b128b63b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\iframe_form_detection.js

MD5 21ea0dee1965a65a3e7ee4f38aa43f3a
SHA1 ab5c69c3f19b5bd7fabe4aafdc01c9d6a4ebc1de
SHA256 5c3bdbf37d19394cae5f4b028fcf8d2b73ae8769323e5e271154f3cddebfed7b
SHA512 980169632d0b75e6d5b677e74172a9c805ead69b63f858e881dbee3c76e8c02c54a7b8f245515c9fb8b4baf03c1e855cb7c237e4367035a411b299ca0077868f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\iframe_form_check.js

MD5 fc3b3f629a8f1199f723e1e2552f940b
SHA1 4fa3cab26f83389fb32c4bedd99ff0e5f083801e
SHA256 f9d36ee52bbd4e32137b761f0e7b4082845ea1c90c2b752541306369d4b0f307
SHA512 a7f015ecf4147981431f4c26e3948f7f5af6fe9ed1224184f30d28c9d7fe838b428292e6eb20681d8f735846ea9784b3a44b262bb09e42caa3179f802cac47f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\iframe_block.js

MD5 e2037ee87f0335bf031037010f5d76c8
SHA1 8c47c7945f6ae7efa8268e72a3f7f9938cb78c63
SHA256 6b1d5b5b9836686be47b5480811a4c1ac57776ba7a512b994f5cefcafc2b59c7
SHA512 e8fb1fea7de5fde249d0263e1e1e8e4a3b2bcaab9647b82484c12b45ab44483f3dd90ad5c33e14b09bee2d3ebd9c95bd7e9d16f9ba4fef1d9fd14c4c0afada54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_site_listener.js

MD5 4cd97b0e78c090521cce946ed9e7ecfa
SHA1 44a08dbdcc2164cf26d295b1abcfa8a92038efda
SHA256 3e71aec33cd1c07998785b5ae9a62b38b7bac40d810711ac659c6bb8e31c2070
SHA512 d2aade7a04592fa093ea700d7f9020c1a1a04ee89f8c79f0497c2ba19a4406fd8b04b190e3c6b7b393bd1fb6f829017a61e679ab3176040bdae02570891c8ad1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_rat_detection.js

MD5 10e759e58e9301f87f83cb906abc35bf
SHA1 713021631c012d4d700730a89bbc22e2641f8a00
SHA256 4ebcc445c38d93787409be0ddb0ca9bfb699387f97b46105c72a961579a35a30
SHA512 38c7acd6f4fbc718cfd7c15393f11446fa4657adb2a8ba1689f337ab7cf5f81bb19931d46db5e257332b4ba963c54fe34543ad7ce23f478b7d3cae0d33b1dcd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_no_native_toast.js

MD5 5ea6210a5c099ee50f592dc1555592a1
SHA1 74282b8bd75b6e8edc4a0d955c8b5619e729a36b
SHA256 d20d1bb7f02e9aa966026866fbd3ea7ade93345584937b620223f775a1473c2f
SHA512 23edd23b25a5b39aa6150a2e22b1194642d5570a04110e52cbcf2fda9ce7facfbc4d178db259cd591166c7d7d41d2c2a44ecbe18b74b21ad1c97a31d93301122

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_mb_video_check.js

MD5 b57fb5c7ddad757dafe13a363c443fc2
SHA1 4f182b158ca0ac297521e52e81fbb1a30d9fe3fe
SHA256 89db7b95d9245182bb12f88dda0e2752b7de6bc60ee786243c7fabddecb66b72
SHA512 0274512d74b5d3d04199ea2cb854bedd89efb8ed3e81f68fc008215397616d84f8ebc76cbef8ce7a7783830f3033f193ef13fedde477efdc60cb4e344971fce8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_mb_banner.js

MD5 20c1b1cbe96fa57f70f9b279f286d6ec
SHA1 eecec9811e6949a51c14b81b68db565e0f9473dd
SHA256 d5229059bd611691dd4f42bf2a515acfdd737c5776d39363d9140575e2093584
SHA512 162abfdb6a9a6cb57805301784f9585e57860125f64f3dc67da3cd3787f8faaa4ec64e13cce9fc95f1264213a10c9e3ee380e3aca7e4dc3a09ce85e569b15291

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_injection_check.js

MD5 9ddf0288b1c8668ff55fdb38f3072c02
SHA1 e76add5f884b7e370bb2dc7005b8a63297151348
SHA256 9350dd08e265186007bcea995ddacb0b2afb603ea042a9da2c6f256a0e5a47a6
SHA512 df4057cbfde2f4cbfa7dd5353011e1b870abe1088a5b96bc8797491d5af5d49953353b05138153497230dc2f6085525c1b358793de7424adf1a14112e8437903

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_iframe_helper.js

MD5 f8c6ec2725d24817a278cfa11caa9199
SHA1 3dea0b4661500e102d4bd8322e9e43b53cf46f46
SHA256 899315e4ad060efe29dc008d444616cfb83a59527d93a778080b99d8bb2d598f
SHA512 796ac1ce975dbde7e8be511dba86aa766a615c679933c6435bc481c546e008c30262a995f607fa103db9e248405b0bc3ac7416d2b11c95b2ddc396a9d0f88dbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_iframe_banner.js

MD5 d81303724065e2836926112c9193fb18
SHA1 0eb3ff8becae36c0d83ff8c7e38ddb093d84d95f
SHA256 f41915972e8449c2af64e83ff8c1ec88297ab69eaba3c67f3be2655e25df7754
SHA512 19f500a92fdb14ea1efd3b7ae1886c106c119602be92e0d719df63ec977e461c2203f12ff2a3e81c6f053bcd1466970da58e041ca9db16939f31c7ecce652263

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_autoplay_detection.js

MD5 783dd0d66998c5f5f9ae20234260e7ee
SHA1 77710158f087d73504157891e1262379577f6cd0
SHA256 a2cab713db49f36b7ebc2d37188dc347bcf57ad799d24b7a35c7c73ec33b3714
SHA512 03a2884cdb06d2150eb331178ab045e9f681dc92bb268483bc8bee4fe69cec3669347a83ca753b09d0e6dfce5edeee70fa2cf99e35ca6a2218dd5df3174ca33a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\scripts\content_aps_observer.js

MD5 69b2f7f3dcbd0ca393f8704c8905b518
SHA1 948bb6ab65ca71ed9d95d59a123f77710cc780dd
SHA256 8448c0a0df8b7d613ce2e4f380595b18fd3f9ec2f27d04c838798452a9ca2058
SHA512 1e915ee38e039511dc27a861400e3d0c4f25013036c424e201a44e9e3f948dee33458b83ffad0c3af4d85a796be7307e5a51fd83f70f05407a164fc46c8ccc6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_locales\zh_TW\messages.json

MD5 5d7b067e7a48e210eb1cdd3ea4b29fe4
SHA1 64df2081c292726ca28a55627891c2560210858a
SHA256 4b420cc80affe21d22495fd8ac53272009c0a040d6b298c15b750213cf92d058
SHA512 a0f0f7ca7f0c464c51e520dfdd52d25a8f154d7a5294770d851e33c477e78426af831aeebfce3085bfd030802ec2bf9889fa05ddb5832ad6ec5e88b135847f17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\_metadata\verified_contents.json

MD5 3430dfca4124d287fc8e283161dad819
SHA1 eab3007329d0330df48586aac8d4294a55edcd6e
SHA256 1844facb956ac5369203ebd48432148934c59ddfc75ed92b781700a47827f7d6
SHA512 9b3748928ce458f81ef5f54b82d4a7db2abd0f01fd310037d4288e391b1fdea615d9a13b5f22a9bae55fbb7329ee80d0e56cd40e194aa5e83145164af7141e27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\wasm_lib.wasm

MD5 5595ceabf201e0999eb1c75161b0ffff
SHA1 70866b4688de794e5bd46e5724752822d4dc2ce8
SHA256 bb1433393d0650869ffc6e63cb733eb6e179d83c9bc311bf8f86da0f85b070f3
SHA512 053e24a8569355c0c1e930bc8eef154d27ca81a0137cbde537211de5fb8ceeffbb1286a3195c2e57d6ff02d04cbbe88519a722fe41a8c7d29df42414f91b994a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\wasm_feature.wasm

MD5 7b3c4f728ad69b286da8074a9ac18d48
SHA1 3cf9ad45f2ba38479d2dbcf0e534798c0f7be5ab
SHA256 13946aecf894abf712069e5ff9f3f00433a446f781a3219ff7d92c18dc334c45
SHA512 820eb8e17634553ee9e2e03760a71d33588d83c8c162cddc1176113f21e0c6220dae9798fe80004c03d0698737256070dc3c7047a0ca72e2422c7be4873b6b0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\site_status_typosquatting.js

MD5 82819edf93be39ae6e76992ff278ec23
SHA1 5bf4a9c23e8a9ec6c4ee2fb39e8431c3f08be98f
SHA256 f17b44c7e361582cbad2861f5140c5bf8c77065cc924f0c11c54aa6a4f2fae61
SHA512 687941f8d65eead8ce1c6b023da27cf09a07241b5a5a3847f5341131ffc6825995fb458aa8fd950f66e502bf2f63491ea15f093046bb91e1033caa1f42818cf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\site_status_site_report.js

MD5 32800181fbc8d6df04fc92a6266cef95
SHA1 e92909d2596ffa7d864ebc0ebfa6fee1593e2b89
SHA256 eee999705e8e71cbe20239ef4369f677e776cc3d718b438ffa7352d879ba14b9
SHA512 73049b8542842ef6ba5c6e38a57e875a90290651dfd1349d6efb8ce56fb8eecd31bd70970f8719fda27e97f0665329d3033ee7bf7624cf9adb9677ad46d228da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\site_status_block_page.js

MD5 175f719c91719579f2719253f497e244
SHA1 142c83a97fe8b8d866260f0b1771ebc177d22628
SHA256 855fad1942305abd7efb9dbfabf0d838070d0821c88e634f4a7534463447f2c0
SHA512 b19fc301c3b770b1c4acd40fd60a78dd06a0a5a6554b4d868f6a17573b0e56317343a9faecb41cdd1994bf3372dd9de3b8aa02b0b62fdb1bb8860ca0e69a7c8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\page_banner_mb.js

MD5 942d5dae15b0de7ce72f6445a91b9505
SHA1 d141d736c5b8e7e56648ce0f8e6deb8a1564dd97
SHA256 0956b47d9666f2b1ec41781e62b323996cff229f0817692dbcbb705a9285e901
SHA512 df43e178fe876b192cff838d1dbca094e85d2bbc1b0070d09998f181fb86bdc98c542f274c1b32115274d8bd415ed00981134f60be657610c2b8c829c2f40f3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\manifest.json

MD5 7bd34bf258436c77e09ece97140db53a
SHA1 748d9b18c8ff3853a5e20a9163c497b2bf6b1594
SHA256 c295a9a03a3a37492de9198b06d6394d4074b4600135ab295ec70756688045a0
SHA512 6f2236fc0eb4049659de83dc6235974faa1ebe461a0039222d84a221154a4906a01d90b90c6937c1935e3e2ae550b6ed5a5677c89598179c5c95ccc386d5ffc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\iframe_block_page.js

MD5 caa59401fd4cf428f16cca0734ea567b
SHA1 c1dacece2b62b40cbfe9be213858924f0515a44b
SHA256 005f69129394c010facbe81ebfa59598f7e844d2f7e173965a7f99c31d29a79c
SHA512 731f8b89b651bb0a7257fdf45106b0e9ae6bb5bede0e65bc42f641de1d76a509f1a5945009c7e0f4c4163f6b2367366c1712c64b8a4dfb8fd9a5a0314bbbb05f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\how_it_works.js

MD5 dc04e05ec7ec2cb375a2300f3125408a
SHA1 a12e12e024030cb166351c2ec511d6941660debb
SHA256 0c4b22d571ffb9e21c5aa3e6a41f13c1c4c05410419f997af70d8774c95c252b
SHA512 9bd13f1de9dba2aca795ea737c0678925f471f99a4d378f005099827d6f5e1e45f78bf3cc468fd6875199c151532523ccf6cbb309bc2cacd93ada99261b04378

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\ff_policy2.js

MD5 6dce799d72489c6f08b8367911fb7581
SHA1 023716aae6d3633e259aa0fed2d640f038850a3b
SHA256 18f5bcd5ec8a9f195b521b5da17ba972ef7599ab7f21d0ddb16a3c5bc5127a3b
SHA512 eee4e56794d05e19b356708c37bed2a43655086ef255b01c478435765354c4846be69abb2e2c5a4a79b39baa2dc8ab018f4a3354d496507dc2b34ceda0097330

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\ff_policy.js

MD5 b9aca3cdaae13b1ce58e094eeacc631d
SHA1 560b8e70b594c35e8f4cc3a76a6b0bd575cca88a
SHA256 344b1d91d803f724876144978f90c434070effd12ae266edd811eb6c438062ef
SHA512 a22aa746bb5837610a16e75b88c934a15e395d3c2f0ad0d571b254e66c8b8d66661b7e7f38ab4c4479a9a3c98ac4e741c5852d0523150ce37732541321996fb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\background.js

MD5 20bdb652d04d3d02aa857c9bced68e9e
SHA1 43cbfc99ad669aaaf5b04f9bd4cd5cc747967d46
SHA256 3f37bb726942d278807f77e8096af34ab97dc977aa708793c1c5ef5eb52cb934
SHA512 a72cf8b791b5789c7ca49a100f5bc021ce1c2bac172bb6da43bd93116649730e28c9e2701ffda310c9c75b841c20c3323918c97e5ec1a9768c47c64d5754780d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1904_341303031\CRX_INSTALL\activate_banner_mb.js

MD5 971817a50e045e716a5ee07fc14bb2c8
SHA1 e8ba1ddf58a64192ed4e8c3bc864fbf84fb47ab8
SHA256 43b4b6ff00eae1fa9e1959e81bb6471d81ce7d0085dcb706acda738bc12a78c3
SHA512 dfc02597ac688161b892f4d2b637f7e2b1707a4112a8815e18f16af8187abcc2a9af927a8437b13f127f3c507b1ba5e3ef158ee23a8eade171db306758e0ff2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 869f3a261a35f882a656b7e49def0abd
SHA1 179a151f960312d13728d9d26ca6a4e0b6c92c6b
SHA256 ffc0f8dd776f22e73866714d5fbfa39201ef3ef838e0283f5a0ece89863aa8e6
SHA512 4d091b13f9cc4d705330848fcd15cb2090aeb3968637e01d03d237867f61aa83b371490bd16037e54618c0f1d0d00a2f49e7546b68649c294251729fa8ddd902

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 513a1c974c5fcb70ab699592ff9abd37
SHA1 4791106bd92f2d6435ac3b6f777334d63c044193
SHA256 d0ebfd3910a40c5e091f6953bc92efa5f8eaf9e0405e398d8790ac97802c3d15
SHA512 e618766dd8539ea5a13918d77087b7af75d2faffafc2c973c440a5b9fd0dc071ed16a9ea6ad70224a6a0927b584afb18203c26f5251799decc620d954cd31168

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 29cbb15cdb5213cc18ae52883b7d80eb
SHA1 db33d785bc83cf16bbc855d6ad9f67e1684a82d4
SHA256 793afe8bc025906d44d3584d3e915584762bd3d317355d2d44b3bf7bc5137196
SHA512 eebed669f3a99557d6f62f9414a9d0c2f53eaf285f28383af84f4bfb2e5836842f58b2e25de42a612bcc254f6dd04721ecb734a49f4c59ccc526b43a97b534b0

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 c512b24d5ea45552ba9581d00068d209
SHA1 9c5a38680adc0bd1e09e2edcae3dec58883b0157
SHA256 a704a5ce1bfd91f4a277070b8c481fc7c0b28ddca477ef09ed8a8137c3f1d493
SHA512 aae2ff38ae9e3b3cb819ef352a208e4cd7a482217b38983e4dc78b7dd778aa1b257094f25cb1eeddbced0fc9d7237b3296dbf5c41270c066fccacb5a7d8f35f7

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 d9c135a0d2d33052a038445fcec0c20b
SHA1 975f3ffc05b907742efb8e6345a9d8ce86f9f884
SHA256 cdd0a6224c82569c33c70810ec62c4ba8b227c448406cf2ebb32bf86dec69586
SHA512 6c610bba1e7ee07e3e223637160c7189c1a59fb7de0138c0eecbffd5499c1b76c6f6bfa88e7106eba9d8f53971389bfbf7c47fba4450457a644ef16ced57046d

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 d1c467294a5881327d3f473e6ce2364a
SHA1 d118b6e035de8d179481c02f0526ff58cc739adf
SHA256 7afeeb2fed1cebd6edff23b0bd00f1cf0c6ceff06d6ecf731dbb7a2f8eaa74ea
SHA512 458ea32a7c7a0d9b9986ed151410eea7d13d2c5a48350dd5ad0f109044a5cc22e34cd8740da8750a5d652fc9d87c3df7c6ff84380a8c476fc2a733713ee55731

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7503bf28fda296c51833e27dc309ec2e
SHA1 1531ce1e04658a9253ab02b437d6ae7ff1024724
SHA256 d0729865243a1b98f852c72570ac76ccaf4cc8f78a4c32e1d639036557ee5095
SHA512 b04879e883d92ac482eef4ab0fbb89ce82c7e0c26bff08bc71ad288476f16dcb3beede6c84375cd4f2d82fd8219d61d165852662fc39fad5cfbcac19db58956e

C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt

MD5 61cde744a0a5cb71958e9938865c77a7
SHA1 b4ee4707e5021212a76abad6d931ff09eedfe702
SHA256 e8ab9e0caefd290b86836d5838a1b14e740e21cc2fdacc37d852c1d5768bbaa1
SHA512 b504e0186d4a5d57cdfe936da8f328fc9ddf6c2b0ce6257dcf70ed4caad9f715a2eeba10d009163cd8baf86f26627ab2b38f282d0d9089ac2f084ce70fe6feab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 36372de49a245cfbe48bff65b62e422c
SHA1 57a127cf5f98365d039e59a80af31c071e8fae4a
SHA256 3a125dbf75790aeee78b5c9328c27c173d836b85fc41ee2e70df38da2176cc69
SHA512 74b113bfd9a1beb7cd3c4b6dd89ae669a004ccd3c387cee5fbbe1aa4d2eb3c16ee660da7a67fed1fda43ab3565cb4b830ae3ffcf3e81f5eb7bc940910117314a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e818bc9db6902a654373e5bf708646d5
SHA1 bec0f2dd87d48a9e3355bdc40f7c8a89f6932280
SHA256 01b9d3f5d7afb49335dc10f244103716c06cf829d00ddf02b25be9f68fd7c546
SHA512 04b3208be7b23dbe76ea6ba7d0d8cea26775fba280b97ed7deaf78dbf35b05635ec058329289ec7e069211eb992cd12f4b621cb3c71814ae8a5caf903a8e1922

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 51973ff09f10d846d350f912f9bde75b
SHA1 274086ba78052d88cbfae4ce666ae86ba64759e8
SHA256 8529d2f3a7c3e8c6ea7dd9ad7006538c1f9ce0a61299261cd18060a91a4ac7d9
SHA512 093f4c0d92fe097dbbdc4be7b447db23d4a97d769a2a63c945ebf9c44d055bf31ca02b174672b58ea8479292069bf84900a03f75f67e48cf84ac06b2709e1694

C:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 fa2c08e402cc1c1fca849ba2e4eb56aa
SHA1 133dbe827d469e8dcfb792734f1fced97690efca
SHA256 bd6ed960624c4ffb99ce82611f23365733df329b1ff3216590292ee8034a4421
SHA512 d96f84f06784f6d2c2182301ae4437303f5f3ab8936e6e3512606c28cc99de268bd186a4eb73b092c1e54995fa849c38080a26fe6dc2b8c1e7171781677d3eb6

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 38f88ca4211fb378c41412c23af886e2
SHA1 7c904c5fdf84d13ffd47703be39380861b5a6a7f
SHA256 6b149b8b72bf3631111f0e7b95b4dbe2646b786a3de1b414110438927d3f9c38
SHA512 6ff289ee872bb96de9de4a3ef82d043f93542545f1555885bd4b6aa008892a8e3fd5f59eb4ed76a402aaa884989725168206aaec6582ea37bd556e7f642d681b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 395970be72d1bcc7755f95a04b3b303d
SHA1 f4019b43fd95f1748e2392d5cb1aa4486aadbc13
SHA256 5fa3f4cb4f4f603bd8b9a538b54658ebbcf9198d99f2b0e1ce447322b22fb312
SHA512 2f4968b8564bd3bbc624a6838ec33de22413afb8711e08cc36b082863f4e146212c1b6173921ea110c65a0dc20b97c9e187a8ef006005711efcf4237db0bcd1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\21a0b771-6a43-4ed1-be59-caa5eb20d78f.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c64e54106f648b87998958247c64325f
SHA1 1e4ab025d004570dc6576b35d76c32467b3c7a91
SHA256 99ead9f7030c2d1398ef7d6a4ec9384db476d5022e5fced2b33a53de3ba96aec
SHA512 4289ba597bb15664419226c8dd57c19bc98fa0d5774fc6c7c49e8f55ec0d384cccfc3ea292f23e792a1f9dc25e050d3c21c09a7240d91de6fa38a13fe93c6d5e

memory/2728-6442-0x0000000072B00000-0x00000000732B0000-memory.dmp

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

MD5 5e4d862db5dc93933bb5c3553bf45fcd
SHA1 4f9e50a695f7f0ffca84a5d50557fa7f64155b4f
SHA256 731ba8c387cb151249f198825d103cdc333fa47c190a06e45b7bf04b47d518c2
SHA512 74ae931de0cbf945e04f3a87565e212e03096add5b9cfc3da96f5ffe4a7da91dc32eb5854809b79f7e9fa605d52ef6cb625e1293b0d9218770f522b54ee6d81b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b23930cb5cdcfc9f5cab6c9fdbb151a3
SHA1 c345a43c20b1040d205713161484bd1ddc48dab9
SHA256 d0ddcd5e41bfce95b11d0b3b296ea8f9c26808b3ceca335b2a5d987b1fc1e02d
SHA512 f549961abddb505455f3d0a1b96e83c4b40031d1dba6b9f195b930f6913eefea20b61f3c142cfea134333feac9bb86adda49ee64f5296754a133194e6e66381f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 80a6eeaaaa22117b9c62417f11fec834
SHA1 555a8ff31c9349eedbc67313a422a8a9ae4677f2
SHA256 fb88669d7b5856320f37f4f7b9f28810c6d5142b2c0cf5692eb899e841960e49
SHA512 8f8599d7658405774e8ca266ccb5cc6379ca43e28b6c87ca96c69d6f0fc672abd2760334c8cd0a81bae3fd5096062bb6ddae73c689751459ec22f27b60986d45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b0a3a5a75de1bcdad66b17c4e55eef3
SHA1 24ede711204a324c88cb50d8bfe8fb0b31e0432d
SHA256 e108bf38b055faa76fce4305b5d83e0ebb7e76610273e6ff61f6351b08c4b95d
SHA512 4bac57488d29c0b417ed0dac2eb70b8b6a23457f6bf3c5c2f83e6f23f22b5821030c271370fd20fb5938f15553f7819215e879c14254b173da21baf00bd35ca7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

MD5 05e9679509b61424a07cc4d4efb7247f
SHA1 db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81
SHA256 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b
SHA512 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

MD5 8aeebb3355b86f314e4ae0938d997565
SHA1 2a8d8bc05c112fb6130457e84d126bc467f8dd4c
SHA256 1fcf73d2a385a8533580ca82e1914dbd8cc7bfc470202ea77f7bda24988eba41
SHA512 5dfc9b3eea87dd23b83bfd0a37cf399bfc98aa90cb2079a905d2f9d77254aaf7b7ab5b69ab184d9bf29b7a7947a8a66d1ae55aef37d9e8bf59469d9d387582d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f2d82a2f964d15b669a6f133b48be9be
SHA1 1d1004986e1ff17c9a9529e3be3ef4ba2b03b8c7
SHA256 b1731844260cf967219a840f8bf52613187b7eb4204758013df8e8a13a0f097c
SHA512 eba7d658a48b9fd6bb6ded10ad2beeda61fbb43ed6d92fea0ab58dcc050ff53e14783148c35ac98bd3a3ef2310fd0a85c06657555706eb9efa75e7fe08255df3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

MD5 24e2a32e7e8a190a08af9d386f5b59b3
SHA1 4a609894398d5e85d07af10af19f85edfedb7f17
SHA256 a99e8f750e7601902e9fd11052906362b1031381f9f6fe63ffe2c4cd2b8a6d05
SHA512 901e49d54709d2232b1dc521a1f91098d38efa173d1a40247019dbe74cbf624fb2c546f4f643e24056137b08c3365cc2cd67841ec522fdcd5cf77ee9d613f8f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

MD5 9b1b6df6ffec0d1308e172782f36f290
SHA1 54f97c1680948a7f4efd2d3ffd789145d7b99b2a
SHA256 f568178c636cb488de354cac12394939e3840c438dfdd8fc6803cad89892cae6
SHA512 41b015c2e2548d8db403291c56902b0f6f5180272399264d1ef8c8b8080e08a73a9fc66ce7abe6e45bdc66871e69ce4659316892466331ffe61c604569c2daa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\689471a49c9589a5_0

MD5 9ad8a86a7ab81fc575ef9fa07d291fb1
SHA1 1e01a05ab15f6ccbfcbf6de23d62109ed4021c67
SHA256 78417d407655741ea121531dcad1f3d49abfee808d4407383ab1e473855a9fe3
SHA512 00246ab331f7fa7b2b4943dbd91069c2a86f54ede72e2c619675d47efb052c19d4edad970ccfa297315c8dacba8e27c1e58d07e8f1c7a5fc89faa48c1b7c8b01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

MD5 91808c5070f5b15f6f48940a47c8ab6b
SHA1 af6794f6a411dd2c5104197af4e980d563c6c086
SHA256 d6f30167028d4143724385adda7f76ff7c6953d941f08720340aaa7c891f1482
SHA512 b41e10fe94abf3718716dd7df42e870c74fa7f3af0f40e3467bfbfc3b678a021c8e8fbde10615ac56f4a277ba3d2b0fdbf11ac59dfdcc23f18f780ecefc9a84b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

MD5 a2aeb8da6803e505bc5f5ad10027df75
SHA1 4639d4f05fde601dd67e3667d5d905b60e5d5723
SHA256 492f8fb5210812fec657c64720ebc406fcdf270f31f17dabe446ea5f61ced6df
SHA512 a98bb2f179fc91f363a1f024dbe0ee5ab32596942c0472a52ca28ce41054fd2720de0e050b6c75b6314ddef231eae74c375255d224afb4615661936d466ba13f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 75b43d50888d676182f92f4a0b4c8bfc
SHA1 d175b43d3c3551ca5f8cd9022953403a42821d09
SHA256 ee3feaf8b654eee805956a1aeb830b84ae163512acaa102c1a3eaf728cf10195
SHA512 018c0026e386cd5ceda6f2e271ad74208c357c28968ca28c79c52f38ac6b8337ac3f5139280be009f3b56796446a6afd691f5d29485fba0a3dd982e23dcf85d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53b92fbc4d68952f_0

MD5 0eb0222d787d6a0167a9acefcdf67dbb
SHA1 7271b9712cdbe9f9889ffdf57a9743f27d581c29
SHA256 b0bbb914a0efd6e1b83107beda7c07a1d66f4441077bf78f49f47375b87244a6
SHA512 1b0399af4a0cfe73daa12bc46efdfd8c1cf19189f1af0c60a8e6699170be9654a03d0c8a06c8e447e75ec9da561d2c5011cb77ad42aa5f0537f0eb8e718eeb6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

MD5 d155610d38d34dccd977ac213ab42e1d
SHA1 a343e08abb19f7d4110c64de08aee504cac318d3
SHA256 6ec5dee6a9dfb42ef97cd410c2e3387f53d2eff7d1fcf159f96b5ab129036ab5
SHA512 eb735bd87238215d54613f6065e61d48e1578908117af2a215b88dbdc3c4d155cd2b60e035ff2cde17605445bd89129de07aceb74ce8c16dcd355e4214986c8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92063f2bbd648a4f_0

MD5 876db2381c85bdea347519adf4a21511
SHA1 9e860f04d65b8898cf25871870ead4bee8f63568
SHA256 88b3106082ce91860e4f553c2e1b021af494e48c798b99e3bf115592261268dd
SHA512 324dcb688e8335ec404e6ec4b5d310a6836cf73fbafda091a06cea736b1b3a373180fae736eddde6dde96ed5de1b2122ed3a22539749ab72bd759e453ae3266e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

MD5 8a42ba5472aa4afa3d3ac12f31d47408
SHA1 2add574424ac47c1e83b0b7fae5d040c46ac38a7
SHA256 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4
SHA512 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c644062b95acf88_0

MD5 c56a4928e74f015ce2e08be828296d05
SHA1 f94d448c4067fde1abcdbbcf26cdcb61a603400e
SHA256 01006272cb832a3ce1dce5388835b386437082bfa67cfa71048b87eaa91d5532
SHA512 618ed9087fa4fd34a7a48e93064570b15ae1ef91e374d5ac78c97644062c597bdf30ccd3519db90421fa3cd645ce4d0013675ff4fc19fb0893c917b831b0ed8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e3e0a0a253744c25b09a58cc91b172ee
SHA1 4ba6710ba34349bd31657a051366f153e05be85e
SHA256 56a3e13fdec76edfb6527f2ea0e86ac0e6fad0272d6b68770af023e923efa23b
SHA512 744a6829bb27c13963a78611528edf3ab9591d05d8bc103cf788bcc413673653fb423b1f8250f8de07b3bf5d6722d4b6128f65e0c039061462879e0fbbfce936

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ae149.TMP

MD5 f9ca65e4dc0375e315a4433d205aa312
SHA1 0cc68f7133dbf5d920500a84a911388654eeb8b2
SHA256 abc26c0338fb15a2ce4f6b459b3997b726061f6d280377ceda3262e7b37166c2
SHA512 e24386e78e24c04fcd678bfd1435cbf364a3b610d15afd6412870f6fcfdc921d788b922eba5e8bcfdeb26bbb4761d2ff9a400cb5a6c670cbc1b90b839f53d7f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6a874ce69cb8caec075e672a0a0ecb5c
SHA1 fb7a6390605910f02450595736917337a1fd4a48
SHA256 1aef2e4e44c75ede35284b54433e8f70906219cd8738ee166045957a4a826ffb
SHA512 aa3461ae50b5ad890530196c905986c165a81a38a45e00209d29087cfdfa1a6ff5650cbec6d43c0ccc814bf108235dbf69d72b8351690506529de6ab54a38799

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b44947d87b5c13fa1b4b62c136185d27
SHA1 42dd44ec72535258f09303900252b39d5eeb6d19
SHA256 a5cb11b58a26c5abd02ff6e0e7e3ee6313f4c9ddc9b6b3866ec7a394bbd506dd
SHA512 2e9cb93314aa6878f9718ba461128a898198579f86279d6c545e03be70ab276c4d81cb6b6700ba2929a9df396e7990e69c55f9e453bb0bbef59ff0bb5f97e350

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 333f0df4a562866c167ea9e7efbc6715
SHA1 8be93460fd1d789fe047c846863985262295ace0
SHA256 e9dddd82d683ab210e8f30c1abd62bfe98a51d429cc8ceeda9f083dc279518ef
SHA512 4b14b9258665369a68748164a77974e7abb008182265b1b4cd6d85a1588f420c81f89272dbd087b6064d8a432d9615e8508ced208f67d6825245b6424bf2d11d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0

MD5 422b4a0f0c4825e60d97d6438f25f042
SHA1 86d944a4a31fcc0ed9b5c8b002ed9348fcd6660e
SHA256 3920a23abe367d920a24b52116beddd032943f9806556f4ff878fb8b7bfd5f06
SHA512 309ba90241e6450e276eb42e2f919a3b2eda12e20b2190e2337390d69cc781f3e3603a369e249bd4bfb4ac2a63ec9fea0ce27d231b78820c646d651500990190

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 35de428bcdecf9293cd21b8841e066a0
SHA1 866d7882035d6b56eed565c4095b7c825534918a
SHA256 22d42a9354acb1607394a86eff4f6e9f23fc5c984400d4f972a55852c0098b81
SHA512 8dfd1888da88a4691ecd2e75551b6e57bc6f529d6658aa334013716bc7a10dbb952fc346f350d89d25005f5e07f205cae07969346470ba5228a835a6761d8f7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1e66d8ca039cfaeca559f03c49596823
SHA1 5ba92538a1297a81b1128205ffd92a3dfe3c4e04
SHA256 306f8caef715cd8390ffa6dd427bba2e45b8c331a45b94efe2fb95cdc372aa94
SHA512 69e6e13e51792830623419c9697d9bfa72bd8e533f9861c56e53ac22b3525410a5ce073407021deb94fc823630283aee1de793390d7fc9b2e9d1a3d04d6e69db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 948f15ca16830ed2bee6619df537be9f
SHA1 ec28e7403ceb608b8dcc5541f0be4f7b913699d3
SHA256 5d2fd66457170ba3278adeb631945e35d4b9ea04a781120e98eec463d48d3cd8
SHA512 1b8d6a9ed30f48a31d4e50069ebfb1303f7a5c4de17ce290152d2a8997dfb2ab648a708263d359918e1cc3669b6d324dc373c1515e94a68fd8106d9c22366e97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a2bcb671cc87330366d5608ec5891f34
SHA1 c5f932d9b41559d4dca31736d7b7e26f6045cf94
SHA256 6ef0ea1d2a4df41928435008e309ef05959be1d07ab62f31382c83543e02c496
SHA512 86f9ced785766b6a7adcc1d7dba130be18c2e8d244ce398698e2d599589fe9bf81fca51335d3477cf569a0d38feaeaa17a3b6ba94cc4e6ce0fe708be735633a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 72f7172a1a7ae03b9c68c41f73866eab
SHA1 741b72ab79366b250512ec7b0959ccc12dbf0d49
SHA256 a141870d293d4e47043e6cc748897915f3cd42a6edf0ddc2ff9275756b145e90
SHA512 5b1e8d27b5c310adc2bdb658a9391d6aa1286774fad1f09bf2c42e8be071727198c23c16a417369222275aa89cb38af34b8c7bafc19ba52ef46473b73018dd22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 a7f18ced0b7ae5afc8646ad46af39dc1
SHA1 25b7bd51226f7684762b2ae2edea768086651cce
SHA256 d4f3edb3b631a952d95ee8135111be8de4b969581bffc465d1bdf7d92eecc38e
SHA512 cd03e35b0d75fd39343607ab487cf86420abad0c91ca6d9d4803ee942eccb3a5a6983a5f1bd7b0bd5f7921c61c05c18dd4ee6fe8621fc5f03fcdac9c53531dbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 b093a97cc0320dbfc47a8ebd5afc03d2
SHA1 7d3d0d78fc1dcdf2427b0f3111a78bdd9f3b01fd
SHA256 4fddd93b3d903de9c3646243a29d57b07b3a4dec2353d8707f3b4dc873cbb495
SHA512 edec8e02fbc8c6a661d401eb62f95d7b92593cd1a754aaaacdbd5ffb0d8ba4d6bee517de7830f9edcf33479f5a095169eb1781237b14c4bc265cf0fc5f52f315

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 d2b12b425f7dbc9208bac53bc4faa33d
SHA1 fb5395c1dd948e309d4711cf3e22ae5be70be400
SHA256 32fb0010233bbf956aec8a7e826c8246b057e7872e56b6ba694690daf0370826
SHA512 dcf927a0ecc2b89fc23ecddb146c456636ad01ac2f19d5a88f4b3b17fa4b34eda1ff9847171823bfdd3bd7263c0cc2082401f7929b0b2fe3736b9847cff58f6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 7f0cdaf91230f9789ca4162aedff612e
SHA1 965de571aa794dab64076c3cc64dc8894b843f23
SHA256 033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
SHA512 444460846fa2bfddd7990c792c6fd8389c564b5c967b5cc10fb3717117c5424fa33f23f8c4cffefad176016a79be5557920908cc82f7942700a0fac71eefde36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 0aaa843cc75c1de6f1fd7e2383f529f2
SHA1 05bf143b610623e1d1227d606c33fdb72248e2a2
SHA256 af7a9d0a1c78c09c3e88f25e9127d9fce4cd2279cc39c7a0a59f50f1ed723d2f
SHA512 10e5059da50646e5a046c8596e68f7a259a271317bf3b9adc1f75a41374834fe8af4ad24ece2e39c234743a9a8b1f9b970aff4239522db6d180729487d3ae0a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 c09b23a10ce12c0122b6a3d52f576059
SHA1 e214c79ade2ab8e5ab7adaa200cfe982381cede5
SHA256 335edc4bb8a28505e6fd253fb1f147f7541de511336120e7908a5b3217bca362
SHA512 0a27a5f3a6fb52d6afc044cf568b17a737153569e914917418a800a53578ac8968031e6277b6fa3d00860469530ea5a0633f1ac0ef27476fed72094798b1e463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 463c66bf0cce1145ffff7de835f4fc88
SHA1 774e8b5bd5846d84d31447feb326d2956b85bef8
SHA256 91377045fb4c13198cd8ff977f0bbf17944de098cf56e1ff918821791dd3d125
SHA512 5053e0ef371b78d4a663961afd38a5f313a81d3de6190504976f177f83950a47b0ca8e5f0fa35ee46c213f5024bfe208872ff6359dc98816a7e10f8986d0df87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 a697f511129361a2f4b23e4f35f04152
SHA1 976921bfb7dfba6252c23eadccf60743c0ea50bf
SHA256 541e61feebd03e9cb297efcfde030617f020bb3da0130adf1a87ee53b2f2b817
SHA512 e6efa0cb93bc4d1ab39847585f4afb740a4cbd48942620d94a7a907099c395ede995e15b0ffb03941a4ab24a309f7ea04751881270cdd7c5e883aecc783fc0f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 847c4e34c9162acf4b6857812cd3dc2d
SHA1 d4ee14a3794041fb661cb8d497684c3a30032f28
SHA256 bfd486b27ce892b5c77ca52d096a02020ebdc2b10615a53ab3dcf77079ae2b88
SHA512 2a9da1bb2e7010abc28a055f778e62a7282a9b215793bebd56ade2cced2dfeec6ea29b5d7a2c103e33fc7251ca608ffc5087375da3dddd3421e79337fa81644e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 b3696c85ce4fe13e866b19c3ddf0e9d1
SHA1 88b2b575ef4384cc467de6380de18c6ef4e74f5d
SHA256 e31460012085e6b435189f927ccd3ec225967583de62fd1a9f3dfbd080a38f69
SHA512 6d491b4611847d91db5fe7c54b829ba0ad98ff4aa04a213b3025125ce63bcd6f4b78ccc466bd66238d637359676085f4d6381331100ebfa5f4b34576bc1f146a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 fceba656f5d1bebaf438f5ba3c25b4eb
SHA1 e1b97c2f9659f8cdea7e6e613e7248d4e43a7807
SHA256 62e64bc06197e88c89a678de3c7a4f5a927ad4327d03c1cc8ccd69a9a324a8e5
SHA512 60f75b9fd1e19e06adeea58e2fbe279dab5478361d81a4a69a1d104060eff7ad32ad78df34e7bb117d2578ce260c40ce307e150f584babcb3e0631bb6397291b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 720bd519a405ee75239ff7fda90fb5e7
SHA1 4e3124110ef8839c319779877aff02e3cd9a6a0f
SHA256 19e0a2c8a6b9437a392ddc3e4b00dc7df56117efd0ef307f747589979ccf5fb3
SHA512 af19f96c5d27c45c7367508c0a06c7d62b17f0969e4ae44a10072f0e8cf7afaf3480203ccf4198eb62e9e253a721751931511b5c1d8eb8d22405025d934befdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 26a16f9a9824edd9310e9f962bd28a22
SHA1 e96541a91a7ed2d3429d9e3383fc503594f4f206
SHA256 2caaec097618eb9a612eb5866d4a70672bc849dc75990127eb5f14f988fa200f
SHA512 2248fd3159d2becacbdde99bfb2c0e637cbbaaca2a779d6cbd8eeb6fa10345bd241bb3d86d1143e28efafebf066821aa7b304d67ef1667a6ccbd7426ad22113c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 06d82bfe795e2dfbd3b78276c26db4e8
SHA1 96f5452203e64fb08d2a55b733a652b19d80c7c2
SHA256 23c7a6a2057149e2ef23dd2046a5cd59302727f6160993007db441001a3abc35
SHA512 4c3daa5c3d8832d928239b6294b019b2aa033f739e11efe2d0899e135b2febe3c6f461d418d0fd39f95d98cc83a4e60c9598f63f36706f070d1c5348b9ffa6eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 500627843b8b6ba09c22c9b110c89415
SHA1 4eeac7afbfbeb20e33365cc74a555ebf91e02467
SHA256 dfbbec3b67ff95b9d7013601358fb7a9f452e0003446a0a981bc94878960f770
SHA512 75c05a55a2ad56df13761c248e10132f8875199167a89c0eba06f89c40cf9c7001b326e373de3e6ebe7c2104f0fdc3dd34ff4de707542ffbf87b13b21ad370a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

MD5 1891317c1eed0e80ac7905f8d795e46e
SHA1 0567c8fd0133553ee5d795fa4fdea9279df2cc18
SHA256 f209b3ae7b4b18ff2ab86911f3e885456a553b689362a4895bccb47175b352dc
SHA512 14fe6bd8388fc743cd6739410cacda034581f99d00e3720d85880380ec504906bb01f83bf1857e46d7dd4ddee6b40c0e5a0c4a34110c3f0ff2f02d985a571863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 a4ad7440aff0ddea176853cca1486e53
SHA1 3f5c884def7f423bed5ed2142d42c672e29af5c8
SHA256 1f826b0323360b2e481c3a4273bc4fab05d58ed7ef26396f2f8fbc93125c8c19
SHA512 a5840b967e526506f8b96e8507e0a2e0afe2cd3b8b1092393f05fec3a7446978a3d743f0a667113ae60fc9182f0e6a668b9334257d3a14e58f668e0976dc79a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

MD5 9bd03f8c387217c428f7e6fce75be551
SHA1 985706134208889db5a3c61b4f8a6b48eab352f2
SHA256 a82f4b4d3afc121b52cae19798b5af8f903d23a27bdb5ae09954be031a80ebcc
SHA512 52ea833022e3e27c77329a95323a5d5dcc4810b5c02ef410d04f35425059974e0d78d274179f5b4f6f202e842c74248699892b933911ff05046f619ed88939df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d9cab3584c808d21_0

MD5 0a7d2c660cee32e4cdbfccb7157e88dd
SHA1 b0bbe562be28fe305b4c594d4a07154e3a4d33a8
SHA256 109102e65eb536a14f1c8aca4371e6b912540cf7e16e0636486443768c184130
SHA512 f1c140b3ac738bd2b0e500151b325f69821fb088df4bc7a9531f2d3e2d3eb05a2066a5751546db5c2c265e14a8a121559870664b3e8edc3dca894586ba7e6306

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d16c6ed5afc3a566_0

MD5 e3e0464a27c452b01cf2b63da264c906
SHA1 f7d669e5300655efba0b73b2e53739494db1f408
SHA256 c7692876bec47c23db661535e16b7fae84eca0c0916b279899a692eb2411e85f
SHA512 03b81bbe91f57b56603226e4589d0864081d7f3d77f52ad62521299abee920f95d8d7857caf5c6c899ec408c14eabe96d7a9ebf06e4d8d7f38499ee51f13227b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53b92fbc4d68952f_0

MD5 eedad7daa1407bae66e4eedc3a353546
SHA1 c5106851b59ab876d7c668e7149345adcef01600
SHA256 0d63caac9470b02ed789a6fd00decba58e1e77ec8deabd47567e33d7b64030fe
SHA512 0355f3d5ff1d886f9d43b4410a80abc69d557554801c44760856076f0a2fd6affe58825365aa7e3ad81fcf1b230a98ec53d0465a3bd64e5331f88b94679a0750

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2b4d1930bde2443_0

MD5 a0c757c480bd91b981b2373fb6cff432
SHA1 3cdaf074a85c058dfaecffa0d30828553e816750
SHA256 7e1da87705b448d3d8d8b399e3e3f98210df41569f0acd04e32a3035ca6bed74
SHA512 073189a347b29cac57cda057711bd7dc0443dfe4c273bc1830e639fc940ef5189d0c7ee29691502f6f93919eaf1dc32df879c49bc0e4089b66f3a83d98661a6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4e9e66b8a32fd8c_0

MD5 8b958c6f81a799fedd6976d4d3d77dc6
SHA1 fb1d9096bf5d922b5269fe4fa9ae8aa2ee863977
SHA256 3e6faadbe269c934a519ba30e38284fbf7c6899160192b0356b2e13ba7a737b6
SHA512 5c87f5af14090a8ae2fc36cb6710c93065be9b808e9dcbdc0d535d8f0124b3ecc02f9f161922d8ddf2fc19c6342d85b2b41821849ecb0ff6402abc049e5ddf30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635c5a48473ec11e_0

MD5 ebaf5d7d86fd81ba8109e5cd097e25aa
SHA1 66c8dd570fdaf709d97bc27925376db1537b14b1
SHA256 858e9f376a5786b77fad8336d89fb2cfbefa2fda231512379e4a1f1715e8ccfa
SHA512 930962dd5f7ef0bea25136ae74c450d0ed75c6a00a0e6df41d76911111f6ce49fdc80e32199913b59f4a06b2f7c70add231db6502ad8ff630b4ad93f82ffdca3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

MD5 cfa2ab4f9278c82c01d2320d480258fe
SHA1 ba1468b2006b74fe48be560d3e87f181e8d8ba77
SHA256 d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e
SHA512 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

MD5 4bd4a9871466edf53de08b21913eb00a
SHA1 8008220d48008689f617fb4a2eb11d46c51b6250
SHA256 8db54d687f604f86d96a8b19dbbcf83d6a29623d4dc8cb9966a26406944e80fc
SHA512 6d7335e087c17672eddcf6b90108aae4ad58d830933cdab14e1366d9d055392a81dd33c481a986f594eec5df63311b021eefd99706fb6539a4c41a4672167483

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\986a89e6056b3972_0

MD5 e761ce838161bb3b2544df65c82ccf49
SHA1 95d9256c61664003696ee54df2e51425e019575f
SHA256 4133e4b87e253acc1ee6799fb835258ad718cf67675200cdf4637d0092273bd0
SHA512 429cc8de075e50704a22b901e008709ddc6d5f8e11a3fc4c43de285740cc3d62368cfda01917d76a2df287024698f4019da9d26251ff0cadf3524c88bc97960d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c644062b95acf88_0

MD5 5aef91f3a4b05967b2df0d31c51276e1
SHA1 48930e26a8c26acd9a9352b8ac9411bf8dce7765
SHA256 9faea28e7c078bb13f35144195c8b6da35a6a4d27fc20f3d1db279a2a69a3079
SHA512 0daad1bc2860b6d46a4ed6b074ddd173bdfcfe47ebecb80dcfefd9fe8693e6538c9631bd8cd6b7229cbe12995bb221dff33aa2239cf4386bf41d38f86d487fcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c04f4af717c5dd4f6092fb58a842e720
SHA1 612f1a759448f42d04a4b196b4f1ceb7e92874ab
SHA256 453c29640242b4543cc5c857b6e511cc9b15829cb0863214eac5b86e89e88222
SHA512 9cdbb1d5fd0998ef2c5bbdb2d582e6cb682b8872c7ebfcd00bf4f32272b08361d862244bfe45afcd031f8968d4d13fb564f97f9589105e489fa0e0d15635093f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 80c8799a2853ff777ae85c8161172ac1
SHA1 36c694044b0b91d2b6e1295e4c6e549561b0e786
SHA256 43bf9095a02d44fd801fc70b124aa0086f3c2586f0ec5856a6044c0e8f07f173
SHA512 7bf210ca484594f76f1b044d889cd038290a253136da8031bae964d561ad9b84a10a438a93a6d7374a83557b386c71c6fa17c5c8980f29f25c20e03b79693b94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d4095366e1ac7c800cf4965653e8b6c
SHA1 a294ad30994348efb9bab5903e1c97828453c29b
SHA256 fbbb85c0244876e8c4714f2d4da7da3eb41096cb0d3be1882a7a7ffce1fabb0c
SHA512 5b10dcb245488e25295ba3a9dd9d9a5e7038807cabf55cdf037b9182c171a97b51539e0c874a174e8fbad1be82d46dad41be96066e6ad614bbb544896c643f9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4f5c7f18acc477ba376f7a9f05bc3a6e
SHA1 d1742a8048ab56ed7f9ee18852e63075aa402686
SHA256 0323b059ce067d6e8319c9de4d27b6c0793cf2289e68b36a9e86a1b2e9c40c3f
SHA512 65915f8a1b73a8b595dd85092e5b14af6f5cdfc94fe4b1204b61264660109292999959ec3cd8d0b5e819345cbb695de59ec2422fec3add0d77473ade1cf19569

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b46aa.TMP

MD5 bd082cd88583727df325bd276f9bcf4f
SHA1 51807fe5d06b46062fc93cda25785f488ea28008
SHA256 0cf5a05045784c963dd6f4428db0062d1ef9079d75ef3939031e3f2f0691ac25
SHA512 27be6aa4a4c4eb86bca5ea05885499b1978a5f89aa8865c7501234069f106c494bf1bb53efea7f3fe1850718018ea3d5162d4c5cd206848332f9e52445a6c90e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cebbd6e812cba0510078065c8c1922bd
SHA1 d958d42bac030cfc87d5805ce64a9d8d271b1431
SHA256 962a4ace1a049673585d7730de4fb6efc7d6050070fc4c0fd2cb716fc53d9c1f
SHA512 757ce3d72931e5d5b04b948d096664956cea81f7b17ba6c70a258f5978628f187a40864422bb173d2d119efea68d26ea518831a74cf6cd0f808c511bcb84ba26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 41a3a04f5524f829a01800bcfa4e91cf
SHA1 7482f88337912cce714a7522d36331efdeb901ca
SHA256 19f313aec0af206db5f3086169138b45394e5b68a329aecf9c9ecbd2bc9d8e9e
SHA512 08abbc782e490128552bd15676023bc3be0e868aa00d0618fe9f3df58dafbd7868a03761c0ca5a193a1dfe99471a46c81df47b9f57695776251d0807d4be19ad