Analysis

  • max time kernel
    257s
  • max time network
    267s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01-03-2024 12:08

General

  • Target

    https://www.ldplayer.net

Malware Config

Signatures

  • Creates new service(s) 1 TTPs
  • Manipulates Digital Signatures 1 TTPs 64 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Possible privilege escalation attempt 5 IoCs
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 5 IoCs
  • Registers COM server for autorun 1 TTPs 17 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 4 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.ldplayer.net
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:708
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd4f109758,0x7ffd4f109768,0x7ffd4f109778
      2⤵
        PID:2712
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:2
        2⤵
          PID:3564
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:8
          2⤵
            PID:3708
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:8
            2⤵
              PID:2920
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
              2⤵
                PID:4704
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                2⤵
                  PID:2432
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                  2⤵
                    PID:4524
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4840 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                    2⤵
                      PID:4888
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5732 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:8
                      2⤵
                        PID:4336
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5864 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:8
                        2⤵
                          PID:4000
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5292 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                          2⤵
                            PID:848
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5780 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                            2⤵
                              PID:4996
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5736 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                              2⤵
                                PID:4380
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6568 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                2⤵
                                  PID:1888
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:8
                                  2⤵
                                  • NTFS ADS
                                  PID:4700
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6744 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                  2⤵
                                    PID:4292
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6900 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:8
                                    2⤵
                                      PID:5060
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5080 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:8
                                      2⤵
                                        PID:3224
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7120 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                        2⤵
                                          PID:4616
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5076 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                          2⤵
                                            PID:4892
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7260 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                            2⤵
                                              PID:4960
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7288 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                              2⤵
                                                PID:3508
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7324 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                2⤵
                                                  PID:4596
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=8240 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                  2⤵
                                                    PID:5860
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4840 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                    2⤵
                                                      PID:5896
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6768 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                      2⤵
                                                        PID:5940
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7036 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                        2⤵
                                                          PID:6000
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8552 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                          2⤵
                                                            PID:6100
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8424 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                            2⤵
                                                              PID:6108
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6948 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                              2⤵
                                                                PID:5508
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6936 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                2⤵
                                                                  PID:2312
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8272 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:5748
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8544 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:3224
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8564 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:5660
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8908 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:5828
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9292 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:5824
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9488 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                            2⤵
                                                                              PID:6012
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8728 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                              2⤵
                                                                                PID:4088
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9452 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                                2⤵
                                                                                  PID:5312
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9840 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                                  2⤵
                                                                                    PID:6020
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9848 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                                    2⤵
                                                                                      PID:5324
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10220 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                                      2⤵
                                                                                        PID:6284
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10376 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                                        2⤵
                                                                                          PID:6292
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10556 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                                          2⤵
                                                                                            PID:6444
                                                                                          • C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe
                                                                                            "C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe"
                                                                                            2⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                            PID:6976
                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                              "taskkill" /F /IM dnplayer.exe /T
                                                                                              3⤵
                                                                                              • Kills process with taskkill
                                                                                              PID:6340
                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                              "taskkill" /F /IM dnmultiplayer.exe /T
                                                                                              3⤵
                                                                                              • Kills process with taskkill
                                                                                              PID:6252
                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                              "taskkill" /F /IM dnmultiplayerex.exe /T
                                                                                              3⤵
                                                                                              • Kills process with taskkill
                                                                                              PID:6148
                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                              "taskkill" /F /IM bugreport.exe /T
                                                                                              3⤵
                                                                                              • Kills process with taskkill
                                                                                              PID:5808
                                                                                            • C:\LDPlayer\LDPlayer9\LDPlayer.exe
                                                                                              "C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1001 -language=en -path="C:\LDPlayer\LDPlayer9\"
                                                                                              3⤵
                                                                                              • Executes dropped EXE
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                              PID:5848
                                                                                              • C:\LDPlayer\LDPlayer9\dnrepairer.exe
                                                                                                "C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=328060
                                                                                                4⤵
                                                                                                • Executes dropped EXE
                                                                                                • Loads dropped DLL
                                                                                                • Registers COM server for autorun
                                                                                                • Drops file in Program Files directory
                                                                                                • Modifies registry class
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:4684
                                                                                                • C:\Windows\SysWOW64\net.exe
                                                                                                  "net" start cryptsvc
                                                                                                  5⤵
                                                                                                    PID:1780
                                                                                                    • C:\Windows\SysWOW64\net1.exe
                                                                                                      C:\Windows\system32\net1 start cryptsvc
                                                                                                      6⤵
                                                                                                        PID:5628
                                                                                                    • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                      "regsvr32" Softpub.dll /s
                                                                                                      5⤵
                                                                                                      • Manipulates Digital Signatures
                                                                                                      PID:456
                                                                                                    • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                      "regsvr32" Wintrust.dll /s
                                                                                                      5⤵
                                                                                                      • Manipulates Digital Signatures
                                                                                                      PID:1072
                                                                                                    • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                      "regsvr32" Initpki.dll /s
                                                                                                      5⤵
                                                                                                        PID:5844
                                                                                                      • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                        "C:\Windows\system32\regsvr32" Initpki.dll /s
                                                                                                        5⤵
                                                                                                          PID:4216
                                                                                                        • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                          "regsvr32" dssenh.dll /s
                                                                                                          5⤵
                                                                                                            PID:4008
                                                                                                          • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                            "regsvr32" rsaenh.dll /s
                                                                                                            5⤵
                                                                                                              PID:3940
                                                                                                            • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              "regsvr32" cryptdlg.dll /s
                                                                                                              5⤵
                                                                                                              • Manipulates Digital Signatures
                                                                                                              PID:2232
                                                                                                            • C:\Windows\SysWOW64\takeown.exe
                                                                                                              "takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
                                                                                                              5⤵
                                                                                                              • Possible privilege escalation attempt
                                                                                                              • Modifies file permissions
                                                                                                              PID:2720
                                                                                                            • C:\Windows\SysWOW64\icacls.exe
                                                                                                              "icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
                                                                                                              5⤵
                                                                                                              • Possible privilege escalation attempt
                                                                                                              • Modifies file permissions
                                                                                                              PID:2556
                                                                                                            • C:\Windows\SysWOW64\takeown.exe
                                                                                                              "takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
                                                                                                              5⤵
                                                                                                              • Possible privilege escalation attempt
                                                                                                              • Modifies file permissions
                                                                                                              PID:6440
                                                                                                            • C:\Windows\SysWOW64\icacls.exe
                                                                                                              "icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
                                                                                                              5⤵
                                                                                                              • Possible privilege escalation attempt
                                                                                                              • Modifies file permissions
                                                                                                              PID:5604
                                                                                                            • C:\Windows\SysWOW64\dism.exe
                                                                                                              C:\Windows\system32\dism.exe /Online /English /Get-Features
                                                                                                              5⤵
                                                                                                              • Drops file in Windows directory
                                                                                                              PID:6784
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\4158258D-5C9D-4F6E-A485-216AD6DEC417\dismhost.exe
                                                                                                                C:\Users\Admin\AppData\Local\Temp\4158258D-5C9D-4F6E-A485-216AD6DEC417\dismhost.exe {12CE8E5F-53B9-4D18-945D-175E24B42227}
                                                                                                                6⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Loads dropped DLL
                                                                                                                • Drops file in Windows directory
                                                                                                                PID:2540
                                                                                                            • C:\Windows\SysWOW64\sc.exe
                                                                                                              sc query HvHost
                                                                                                              5⤵
                                                                                                              • Launches sc.exe
                                                                                                              PID:6280
                                                                                                            • C:\Windows\SysWOW64\sc.exe
                                                                                                              sc query vmms
                                                                                                              5⤵
                                                                                                              • Launches sc.exe
                                                                                                              PID:2928
                                                                                                            • C:\Windows\SysWOW64\sc.exe
                                                                                                              sc query vmcompute
                                                                                                              5⤵
                                                                                                              • Launches sc.exe
                                                                                                              PID:3632
                                                                                                            • C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
                                                                                                              "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
                                                                                                              5⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Loads dropped DLL
                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                              PID:6916
                                                                                                            • C:\Windows\SYSTEM32\regsvr32.exe
                                                                                                              "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
                                                                                                              5⤵
                                                                                                              • Loads dropped DLL
                                                                                                              PID:5588
                                                                                                            • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
                                                                                                              5⤵
                                                                                                              • Loads dropped DLL
                                                                                                              PID:3432
                                                                                                            • C:\Windows\SYSTEM32\regsvr32.exe
                                                                                                              "regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
                                                                                                              5⤵
                                                                                                              • Loads dropped DLL
                                                                                                              • Registers COM server for autorun
                                                                                                              • Modifies registry class
                                                                                                              PID:536
                                                                                                            • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
                                                                                                              5⤵
                                                                                                              • Modifies registry class
                                                                                                              PID:4984
                                                                                                            • C:\Windows\SysWOW64\sc.exe
                                                                                                              "C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
                                                                                                              5⤵
                                                                                                              • Launches sc.exe
                                                                                                              PID:436
                                                                                                            • C:\Windows\SysWOW64\sc.exe
                                                                                                              "C:\Windows\system32\sc" start Ld9BoxSup
                                                                                                              5⤵
                                                                                                              • Launches sc.exe
                                                                                                              PID:1960
                                                                                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
                                                                                                              5⤵
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              PID:3928
                                                                                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
                                                                                                              5⤵
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              PID:2720
                                                                                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              "powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
                                                                                                              5⤵
                                                                                                                PID:6372
                                                                                                            • C:\LDPlayer\LDPlayer9\driverconfig.exe
                                                                                                              "C:\LDPlayer\LDPlayer9\driverconfig.exe"
                                                                                                              4⤵
                                                                                                                PID:6552
                                                                                                              • C:\Windows\SysWOW64\takeown.exe
                                                                                                                "takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
                                                                                                                4⤵
                                                                                                                • Possible privilege escalation attempt
                                                                                                                • Modifies file permissions
                                                                                                                PID:6336
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=1548 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:5344
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8164 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:8
                                                                                                              2⤵
                                                                                                                PID:6424
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9192 --field-trial-handle=1820,i,14938324052363521531,10465075147338136788,131072 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:6396
                                                                                                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                1⤵
                                                                                                                  PID:4732
                                                                                                                • C:\Windows\System32\rundll32.exe
                                                                                                                  C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
                                                                                                                  1⤵
                                                                                                                    PID:2332
                                                                                                                  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                                                                    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                                                                    1⤵
                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                    PID:6180
                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                                                                                    1⤵
                                                                                                                      PID:5524

                                                                                                                    Network

                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                    Replay Monitor

                                                                                                                    Loading Replay Monitor...

                                                                                                                    Downloads

                                                                                                                    • C:\LDPlayer\LDPlayer9\LDPlayer.exe

                                                                                                                      Filesize

                                                                                                                      16.0MB

                                                                                                                      MD5

                                                                                                                      8227ed47780486cdbe956e7ad33df1d9

                                                                                                                      SHA1

                                                                                                                      f74f1eb7adaa10b8a7df15b0cf25e03ebc92edfc

                                                                                                                      SHA256

                                                                                                                      ce7d4631067528d28d497ecb4ae9ed82a6141fa74fc6d636622b2b24cfb82db3

                                                                                                                      SHA512

                                                                                                                      373cae09473a791b40c151d83e6b0e83921c953e5662a9cdfdb79290851c332b6c6a30252a6a491c6b54de48d052856057f996d84e5f92f0a62e91b44763e5b6

                                                                                                                    • C:\LDPlayer\LDPlayer9\LDPlayer.exe

                                                                                                                      Filesize

                                                                                                                      17.3MB

                                                                                                                      MD5

                                                                                                                      7504dca5f3015a27ca91b7689133de24

                                                                                                                      SHA1

                                                                                                                      daa090893800a3b0ccc857dc41b38753973eeb86

                                                                                                                      SHA256

                                                                                                                      e4ca0d96f0767163a029d02c2da2220b39f9b469ba0646e8969ab908ba6c1609

                                                                                                                      SHA512

                                                                                                                      2fdd61f917f4ed29f1ed618581a524b0ea5cda4e2d4b5594a79b48b7bec87f73dfd4da4084a2ffe791e55f7c05dbe306d96ed7049800eb19aead02cb17a86612

                                                                                                                    • C:\LDPlayer\LDPlayer9\MSVCP120.dll

                                                                                                                      Filesize

                                                                                                                      444KB

                                                                                                                      MD5

                                                                                                                      50260b0f19aaa7e37c4082fecef8ff41

                                                                                                                      SHA1

                                                                                                                      ce672489b29baa7119881497ed5044b21ad8fe30

                                                                                                                      SHA256

                                                                                                                      891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

                                                                                                                      SHA512

                                                                                                                      6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

                                                                                                                    • C:\LDPlayer\LDPlayer9\crashreport.dll

                                                                                                                      Filesize

                                                                                                                      51KB

                                                                                                                      MD5

                                                                                                                      66320b2085eaef1c436f6940b4bb8822

                                                                                                                      SHA1

                                                                                                                      6e92774138f43129a209c3fc80839c7726e9644d

                                                                                                                      SHA256

                                                                                                                      e7e8225ea6879d0e24be299dfb07b42876157b221e2c01ede29b6da675e830e0

                                                                                                                      SHA512

                                                                                                                      2a66ed15503c57059dab50128c5d1167f8afd152d5cc84383472db41224bddc4552a9a69a3f59bd820d42fe68a73f45cc5f00a3df3f8172ac744cc432cea4b54

                                                                                                                    • C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

                                                                                                                      Filesize

                                                                                                                      832KB

                                                                                                                      MD5

                                                                                                                      5dcf8d780e459e5f762758ac944da6d5

                                                                                                                      SHA1

                                                                                                                      d814802920dda4ff3f57a02ee160cae209dd0341

                                                                                                                      SHA256

                                                                                                                      ae83bc84e2641397c3054e831f94c2026dbd731a3f3802faa621f70d5a466e5a

                                                                                                                      SHA512

                                                                                                                      300cc28f200f1a9fa10b890b2bc4f31e7b0c9c999592bdec9a0165e36bf123acb9250312eb018f1c3aa7817c90ebc63743071a55f8c044efad55880a18e39cca

                                                                                                                    • C:\LDPlayer\LDPlayer9\dnplayer.exe

                                                                                                                      Filesize

                                                                                                                      768KB

                                                                                                                      MD5

                                                                                                                      807a63d58893ea5fa5fc3a0dc55f7680

                                                                                                                      SHA1

                                                                                                                      7258bef87727428abead13c876fc22a70beeab87

                                                                                                                      SHA256

                                                                                                                      0f7b749863b1a0f52fdd8eabc305eecdd3090c58ec27ca357384d308f7c10c86

                                                                                                                      SHA512

                                                                                                                      e7430c24a50dd5dfb6ecbcecdcc17847bc7cd5ee842e5bd301744853d1bdf89adfefb1f45200b1218a6250aa1862e06b6f681f15b7e892a8902485b98844f574

                                                                                                                    • C:\LDPlayer\LDPlayer9\dnrepairer.exe

                                                                                                                      Filesize

                                                                                                                      6.4MB

                                                                                                                      MD5

                                                                                                                      6af0dafebc2759d1737b9a579dd6c2cf

                                                                                                                      SHA1

                                                                                                                      290ec92da5595a1d0356fc535ee3213d9b857cd1

                                                                                                                      SHA256

                                                                                                                      808b790089d768d6f8e0529a76a9c3b883a4ef288ba8355a902959b416042bf2

                                                                                                                      SHA512

                                                                                                                      c3247e1e402189f20d68bb8a5b93d8471018c37f837a3f41d6b3e96c7001659392a1a42f90784897b3ed9b9b6cbfd84e1bcb0f771ec4d9f7ae9e082c89267713

                                                                                                                    • C:\LDPlayer\LDPlayer9\dnrepairer.exe

                                                                                                                      Filesize

                                                                                                                      7.3MB

                                                                                                                      MD5

                                                                                                                      faf9fb34f52626ab36fcd8fc97b5e22a

                                                                                                                      SHA1

                                                                                                                      baf678a51bd6c3a4d6bc4b1d20381a53a63492bf

                                                                                                                      SHA256

                                                                                                                      c791d028985bf99ad5bdb9dbf85d12172800344b52ed590d9b4170a8dd9bb28a

                                                                                                                      SHA512

                                                                                                                      184fc827f8899042aab92675d349255c384a17725b03a63b46f93375beb5954599759a71e8892fc2049f5da15f8cc81766b0a84320a79edecb16781cead87c34

                                                                                                                    • C:\LDPlayer\LDPlayer9\dnresource.rcc

                                                                                                                      Filesize

                                                                                                                      5.0MB

                                                                                                                      MD5

                                                                                                                      f845753af4cc7b94f180fb76787e3bc2

                                                                                                                      SHA1

                                                                                                                      76ca7babbb655d749c9ed69e0b8875370320cc5a

                                                                                                                      SHA256

                                                                                                                      a19a6c0c644ce0e655eaf38a8dbddf05e55048ba52309366a5333e1b50bde990

                                                                                                                      SHA512

                                                                                                                      0a3062057622ffcff80c9c5f872abdf59a36131bfc60532c853ea858774d89fed27343f838dfe341dafe8444538fc6e2103d3aa19ef9d264e0f8e761c4bfce81

                                                                                                                    • C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf

                                                                                                                      Filesize

                                                                                                                      320KB

                                                                                                                      MD5

                                                                                                                      fcaf8c8f56d181851fd49e8fd09198a4

                                                                                                                      SHA1

                                                                                                                      f3f47b5512b6af4b1947c176b95a8f93d1e0113e

                                                                                                                      SHA256

                                                                                                                      cf5b3f4e767fef0b9b5f130f9da9e7d32551f0808676ec67332999f5209a3364

                                                                                                                      SHA512

                                                                                                                      abafbc67efae45a7c015846cf04d85070c9cd8216d753295437cd97abc3a634cf3fd4a1c493a6a24810f17ea45adfe382b55001cc5996e79687bee8ef22e6be6

                                                                                                                    • C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

                                                                                                                      Filesize

                                                                                                                      103KB

                                                                                                                      MD5

                                                                                                                      4acd5f0e312730f1d8b8805f3699c184

                                                                                                                      SHA1

                                                                                                                      67c957e102bf2b2a86c5708257bc32f91c006739

                                                                                                                      SHA256

                                                                                                                      72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

                                                                                                                      SHA512

                                                                                                                      9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

                                                                                                                    • C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

                                                                                                                      Filesize

                                                                                                                      652KB

                                                                                                                      MD5

                                                                                                                      ad9d7cbdb4b19fb65960d69126e3ff68

                                                                                                                      SHA1

                                                                                                                      dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d

                                                                                                                      SHA256

                                                                                                                      a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326

                                                                                                                      SHA512

                                                                                                                      f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

                                                                                                                    • C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

                                                                                                                      Filesize

                                                                                                                      1.5MB

                                                                                                                      MD5

                                                                                                                      66df6f7b7a98ff750aade522c22d239a

                                                                                                                      SHA1

                                                                                                                      f69464fe18ed03de597bb46482ae899f43c94617

                                                                                                                      SHA256

                                                                                                                      91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f

                                                                                                                      SHA512

                                                                                                                      48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

                                                                                                                    • C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

                                                                                                                      Filesize

                                                                                                                      2.0MB

                                                                                                                      MD5

                                                                                                                      01c4246df55a5fff93d086bb56110d2b

                                                                                                                      SHA1

                                                                                                                      e2939375c4dd7b478913328b88eaa3c91913cfdc

                                                                                                                      SHA256

                                                                                                                      c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889

                                                                                                                      SHA512

                                                                                                                      39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

                                                                                                                    • C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

                                                                                                                      Filesize

                                                                                                                      442KB

                                                                                                                      MD5

                                                                                                                      2d40f6c6a4f88c8c2685ee25b53ec00d

                                                                                                                      SHA1

                                                                                                                      faf96bac1e7665aa07029d8f94e1ac84014a863b

                                                                                                                      SHA256

                                                                                                                      1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334

                                                                                                                      SHA512

                                                                                                                      4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

                                                                                                                    • C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

                                                                                                                      Filesize

                                                                                                                      192KB

                                                                                                                      MD5

                                                                                                                      52c43baddd43be63fbfb398722f3b01d

                                                                                                                      SHA1

                                                                                                                      be1b1064fdda4dde4b72ef523b8e02c050ccd820

                                                                                                                      SHA256

                                                                                                                      8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f

                                                                                                                      SHA512

                                                                                                                      04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

                                                                                                                    • C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

                                                                                                                      Filesize

                                                                                                                      511KB

                                                                                                                      MD5

                                                                                                                      e8fd6da54f056363b284608c3f6a832e

                                                                                                                      SHA1

                                                                                                                      32e88b82fd398568517ab03b33e9765b59c4946d

                                                                                                                      SHA256

                                                                                                                      b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd

                                                                                                                      SHA512

                                                                                                                      4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

                                                                                                                    • C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

                                                                                                                      Filesize

                                                                                                                      512KB

                                                                                                                      MD5

                                                                                                                      50cfd0e38ec9759dc590012474f01d4a

                                                                                                                      SHA1

                                                                                                                      742566a9e07b0f867ea59dcf2c740bc5c5a2884a

                                                                                                                      SHA256

                                                                                                                      9b9d907f94e7aa38bc4d059dab23b63a7b5d2aadc1592c461d4d74cfe121b9a7

                                                                                                                      SHA512

                                                                                                                      26df5e6b99bc67a9bcb411eb5c448dba3c3a2714536dd51a241026e3e3d0da8bf3c9563204ad609bc1af030855fa3d3b97604cf8d50e9b7c3443aa35e53f0c5c

                                                                                                                    • C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

                                                                                                                      Filesize

                                                                                                                      448KB

                                                                                                                      MD5

                                                                                                                      8dc24b8d106e5050cd7ba09f4864e702

                                                                                                                      SHA1

                                                                                                                      ec608e615f6e85498b7bc4d63cd1f9c7aeca57b0

                                                                                                                      SHA256

                                                                                                                      38a80d7379e070339a2409dd806857677d6868e4db3ade8d00be49125817d504

                                                                                                                      SHA512

                                                                                                                      4f9397c98918846c7c2f9c2a84d17f45f3679bffa8a0eccf9a1aed5eaaaf7c8919696616b638339466e6d86bea7cc712e267b8853ef43fdb30c009377ff209f4

                                                                                                                    • C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

                                                                                                                      Filesize

                                                                                                                      283KB

                                                                                                                      MD5

                                                                                                                      0054560df6c69d2067689433172088ef

                                                                                                                      SHA1

                                                                                                                      a30042b77ebd7c704be0e986349030bcdb82857d

                                                                                                                      SHA256

                                                                                                                      72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750

                                                                                                                      SHA512

                                                                                                                      418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

                                                                                                                    • C:\LDPlayer\LDPlayer9\msvcr120.dll

                                                                                                                      Filesize

                                                                                                                      947KB

                                                                                                                      MD5

                                                                                                                      50097ec217ce0ebb9b4caa09cd2cd73a

                                                                                                                      SHA1

                                                                                                                      8cd3018c4170072464fbcd7cba563df1fc2b884c

                                                                                                                      SHA256

                                                                                                                      2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

                                                                                                                      SHA512

                                                                                                                      ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

                                                                                                                    • C:\LDPlayer\ldmutiplayer\libeay32.dll

                                                                                                                      Filesize

                                                                                                                      1.2MB

                                                                                                                      MD5

                                                                                                                      ba46e6e1c5861617b4d97de00149b905

                                                                                                                      SHA1

                                                                                                                      4affc8aab49c7dc3ceeca81391c4f737d7672b32

                                                                                                                      SHA256

                                                                                                                      2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e

                                                                                                                      SHA512

                                                                                                                      bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

                                                                                                                    • C:\LDPlayer\ldmutiplayer\msvcr120.dll

                                                                                                                      Filesize

                                                                                                                      768KB

                                                                                                                      MD5

                                                                                                                      5441524aba9dd4a6c472c47ffc9cb17d

                                                                                                                      SHA1

                                                                                                                      884c19580af7ce7403ad41dec2c5c5f8880e1442

                                                                                                                      SHA256

                                                                                                                      7ec6c65ce8fd21ceab1ee27f516656ee5c0123b4bab527959046570fc9d31fe1

                                                                                                                      SHA512

                                                                                                                      ca419978c067feb2d38bacd565a6352d9b760b37b54695d2afb9d6a6cf184145c5a75a873f960b616d5d30fff39c215def1d9f9f4ab630f04c81742a397501c7

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                      Filesize

                                                                                                                      3KB

                                                                                                                      MD5

                                                                                                                      753c4b02dc54f4d784052b1413938f9f

                                                                                                                      SHA1

                                                                                                                      a8c9601870213662761f283dc95661b70e6f1cb8

                                                                                                                      SHA256

                                                                                                                      44c4820b173d02f99352df6b0e86a44e26f36d8577ed0c629c582c6e390ae714

                                                                                                                      SHA512

                                                                                                                      acc4714908e8a45b61120ffbcc71402f40de6839b5dd69a682ba5a65c041aaae55c46664f7cd1c1210a7c058bdd43430abe96454f8864d8bebee0d0802b7fb59

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                      Filesize

                                                                                                                      3KB

                                                                                                                      MD5

                                                                                                                      1b783429b3537980fc9fd60a0d0d5a60

                                                                                                                      SHA1

                                                                                                                      ef95a979396c8b2a1fcc9dda8a15f3c8049217c0

                                                                                                                      SHA256

                                                                                                                      e605afa3e26a13d4242fbd6f6b8e94a5a1d19b4e9a0ab5d9e3393fec62e47aca

                                                                                                                      SHA512

                                                                                                                      4a8d3405c264445cf4e7a76b25126db8fe3d19821389203dbce87543702cc14a6e75b83af94a75250ce7cacc0eac3edd3918b4c1b75769f4911ea487af5d7fe8

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                                                                                      Filesize

                                                                                                                      264KB

                                                                                                                      MD5

                                                                                                                      9b092aa8a74158f141cd368ff1f879d9

                                                                                                                      SHA1

                                                                                                                      e44cc975d93db93d2c18e98e4a4d356bd7c991b7

                                                                                                                      SHA256

                                                                                                                      375a7ee89eff38ad598162e4ee8df3c742e466fe607f9bdeb49adbcf67bacd52

                                                                                                                      SHA512

                                                                                                                      e5e32d17d112d894f482b7872a833780673ad9c405444a3150f3a2d12362a83d220c371ef29e9c2d2ac026800c68cb0125cdd9cb7eaf4d01197abd440bc7b676

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                      Filesize

                                                                                                                      15KB

                                                                                                                      MD5

                                                                                                                      0664e590e3151026923c5c2375feac73

                                                                                                                      SHA1

                                                                                                                      4c99a033c299ea0c7039a6f9de0fb89480b92a01

                                                                                                                      SHA256

                                                                                                                      5ae0985ae8e86dfb2ebbc23c42572e3d3b209279936d8f0c967eb456387c3d3f

                                                                                                                      SHA512

                                                                                                                      67d41668a7ff619591044e6bd7b4eaa3b390765bc9448c474fac4b3244156932526d336804aebe1a537eff08c722e87982d6d8e92d460ee41e75367d8e54bc17

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                      Filesize

                                                                                                                      3KB

                                                                                                                      MD5

                                                                                                                      24158276d5f37bc3a2aaa4151485768a

                                                                                                                      SHA1

                                                                                                                      6b4ee35616dc18d173d718268996ad628af133f4

                                                                                                                      SHA256

                                                                                                                      decce8beece2c2fd38ad2e6b76a4269af5ab0fdf5bfb5a05e9d5715efec85427

                                                                                                                      SHA512

                                                                                                                      043245a831422397f5674950a379c972b7886ac70b591e111d01c6e10e349a92940cdea0c409fdaff2ec485e6c05b4a1bb7f4903bc515cb8cecce31a3204a1c0

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      MD5

                                                                                                                      93b3aa51f65c49c613bbde6a7d39f89f

                                                                                                                      SHA1

                                                                                                                      98bbcf3bcfbdef6c2bf8f43091b685deba394639

                                                                                                                      SHA256

                                                                                                                      6df9c56c448825930dbf69f8001b067c9cb1aa2bcea7dd42d005ac5e1146a9fe

                                                                                                                      SHA512

                                                                                                                      e4dbf0ce86d97c9021e63a3075396d0d05ec9e8c2979e8e29c849e5a408740a2c10b50c3b6119ff98acb2d59063de77fca6ca0cf83bb214f7ee129973b930aaa

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      MD5

                                                                                                                      d3cdbb5785811e3da15f1ac265ed3583

                                                                                                                      SHA1

                                                                                                                      b0641d31123ed582d078386e41d9eaa1f1278c63

                                                                                                                      SHA256

                                                                                                                      2fc5a25b9d8be73f40b23a7c4ac2f54949a54a0ba513962f89dc8cf399d9d340

                                                                                                                      SHA512

                                                                                                                      50ec5129c6589ad9ede861c9af75da695bca1a9acc1a20f6319e5f8a5a3ea54a4c99ca0551a2f8a04620b3c8b955c48354c59bd7eb40709e94b803d9e8783a3b

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      615cfc8eb2cbc61bcc4bd83d5ca09333

                                                                                                                      SHA1

                                                                                                                      cd9da17997ec70f4f9e010607e9cf02e2f68b416

                                                                                                                      SHA256

                                                                                                                      cad015c4d87ef2df6a972f05f036a64a9db90025d06cc19cfe5dbb73a32bdeb2

                                                                                                                      SHA512

                                                                                                                      3c34f9640639bbb55dad978661b0626c451d6c84bd80ba3a8c01b1948191b9a3e7c5d7e5630d82cdc8e73dfd95e745315359c92964d38b4842c0dffd4b9c1035

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      5a1c1f250c322a8d25d085c2e243edba

                                                                                                                      SHA1

                                                                                                                      dcf9783c1a826b09c7848edb11b530126f6a7ed9

                                                                                                                      SHA256

                                                                                                                      a70a23cec01b32f62bc0077d2567ac7f491f1acc8cae53cb745a5c8bf4c4d9a3

                                                                                                                      SHA512

                                                                                                                      15420262b855983e6f4e4fff11198ec2e099299b6e10d7cf0666e92f518ae8c50d201555717188bbdf257335ac2bfb8dd016dfbe9673a27955f26bbf862b328f

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      a2b5135895ce40bbc16c725bdd0ee04e

                                                                                                                      SHA1

                                                                                                                      2c322bf32658f871d5444eb372ad58a578936974

                                                                                                                      SHA256

                                                                                                                      91bfc34f5b08e35d970dacbffcd794f1ec74f677cb0b4152e4a3a293faab7a5e

                                                                                                                      SHA512

                                                                                                                      db8fa0285de3ad6031ed23bc545022f14c2d96c85b1897beab1df9e83fce2e36aa9461b0a02ad987b707f285e1b164631842d31d1ca1b3d4a9d3025c52a1756a

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      130KB

                                                                                                                      MD5

                                                                                                                      36b4cfdc17e5cde6dfc4b86b296b0624

                                                                                                                      SHA1

                                                                                                                      0fd6ee0fb0685d38e44c89a8992beb10be9731d4

                                                                                                                      SHA256

                                                                                                                      c7ea0c78fdd8971dd045a1047462281c0fd75523bbd11741b6352216d8d2e336

                                                                                                                      SHA512

                                                                                                                      231d07624a6149f186e4464a1de2e013a35291375ee354c97bc4226b5ad33af359a3a54e1df469e216937bd7a29c2fc11017436ae72ffc7578b1ee4c399dc267

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      130KB

                                                                                                                      MD5

                                                                                                                      6f30c3524011b77e534d12831ad7743b

                                                                                                                      SHA1

                                                                                                                      ba9caf5f3e66ff538fb48d0744f516c9d79469f4

                                                                                                                      SHA256

                                                                                                                      b0b26bdd17a5da9f44464beedf25f4b40a1f46d49c54a9bcde7ccb63004eabf7

                                                                                                                      SHA512

                                                                                                                      5a7f90de8d06bde101cdaf9cf5c47222e7ad92f946f162b7118e7014b66936b095dd1ffc48fbf4e44e059eabe8ff9ed575550cd28bf4e01c107228799881e4e4

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                                      Filesize

                                                                                                                      2B

                                                                                                                      MD5

                                                                                                                      99914b932bd37a50b983c5e7c90ae93b

                                                                                                                      SHA1

                                                                                                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                      SHA256

                                                                                                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                      SHA512

                                                                                                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

                                                                                                                      Filesize

                                                                                                                      67KB

                                                                                                                      MD5

                                                                                                                      7d5d3e2fcfa5ff53f5ae075ed4327b18

                                                                                                                      SHA1

                                                                                                                      3905104d8f7ba88b3b34f4997f3948b3183953f6

                                                                                                                      SHA256

                                                                                                                      e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4

                                                                                                                      SHA512

                                                                                                                      e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_axzkqegx.yv1.ps1

                                                                                                                      Filesize

                                                                                                                      60B

                                                                                                                      MD5

                                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                      SHA1

                                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                      SHA256

                                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                      SHA512

                                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                    • C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe:Zone.Identifier

                                                                                                                      Filesize

                                                                                                                      65B

                                                                                                                      MD5

                                                                                                                      aa1a6ee83fb2aecbc03c74512c01a633

                                                                                                                      SHA1

                                                                                                                      67101e27c167a8133617eb0eb471bd38b3028f6b

                                                                                                                      SHA256

                                                                                                                      a864bef0fac8025c02f7c7b249c4aa30e6bb983875ca7a53a71932c646ed0b42

                                                                                                                      SHA512

                                                                                                                      a0fe23f852271a22c8938d643439b2eb7ceca1750ece46303a08909b0ba049748a02c43d3f60eb03bf158cf8dd25f8fd94553e4ef1e4b0c932a9e5a5a2d716f4

                                                                                                                    • C:\Users\Admin\Downloads\Unconfirmed 489.crdownload

                                                                                                                      Filesize

                                                                                                                      3.3MB

                                                                                                                      MD5

                                                                                                                      7c2e5ef59e9589422bcd5bf3726fbcb1

                                                                                                                      SHA1

                                                                                                                      c4dac6966ac4cd3500d6a7fe44138a0db639d507

                                                                                                                      SHA256

                                                                                                                      6870e8dbcfaf543500add1d303de528c34e3b1f4d4424b0097c4ffb408a44fcd

                                                                                                                      SHA512

                                                                                                                      28870d9cb07f964ba0ecedfb25762cb4530bda869cc717dd4fffcd176085f03c05fd129b23e826dd6ac33ae6af8132bf9dc317ebffb52448b83236ad2349ca45

                                                                                                                    • C:\Windows\Logs\DISM\dism.log

                                                                                                                      Filesize

                                                                                                                      23KB

                                                                                                                      MD5

                                                                                                                      b122ff44e44dde427b05ceb83f4baa2f

                                                                                                                      SHA1

                                                                                                                      f08177aea49bb3ad9c5d5885a53de45c2c2a45cb

                                                                                                                      SHA256

                                                                                                                      bce9026fc659b417291fa061266d63e163472ae75d5e95ff42e2962b81364f10

                                                                                                                      SHA512

                                                                                                                      3f36924de02d8e4b779ec264a3b285be86b78e43377a18cecfc3a484b8b46aa5dc9ad280ac8f79d863d9070a941cd576c621f628fab2d44d2118a977cdc6a2eb

                                                                                                                    • \??\pipe\crashpad_708_XZGMVOLPWEGDGIWV

                                                                                                                      MD5

                                                                                                                      d41d8cd98f00b204e9800998ecf8427e

                                                                                                                      SHA1

                                                                                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                      SHA256

                                                                                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                      SHA512

                                                                                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                    • memory/2720-1325-0x000000006EFF0000-0x000000006F03C000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      304KB

                                                                                                                    • memory/2720-1314-0x0000000073850000-0x0000000074001000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                    • memory/2720-1340-0x0000000073850000-0x0000000074001000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                    • memory/2720-1338-0x000000007F6E0000-0x000000007F6F0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/2720-1337-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/2720-1315-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/2720-1316-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/3928-1336-0x0000000073850000-0x0000000074001000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                    • memory/3928-1278-0x00000000050F0000-0x0000000005100000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/3928-1291-0x00000000063B0000-0x00000000063CE000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      120KB

                                                                                                                    • memory/3928-1292-0x00000000063F0000-0x000000000643C000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      304KB

                                                                                                                    • memory/3928-1293-0x00000000050F0000-0x0000000005100000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/3928-1294-0x000000007F6E0000-0x000000007F6F0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/3928-1295-0x0000000007590000-0x00000000075C4000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      208KB

                                                                                                                    • memory/3928-1296-0x000000006EFF0000-0x000000006F03C000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      304KB

                                                                                                                    • memory/3928-1305-0x0000000006980000-0x000000000699E000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      120KB

                                                                                                                    • memory/3928-1306-0x00000000075D0000-0x0000000007674000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      656KB

                                                                                                                    • memory/3928-1307-0x0000000007D30000-0x00000000083AA000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      6.5MB

                                                                                                                    • memory/3928-1308-0x00000000076E0000-0x00000000076FA000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      104KB

                                                                                                                    • memory/3928-1309-0x0000000007760000-0x000000000776A000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      40KB

                                                                                                                    • memory/3928-1310-0x0000000007970000-0x0000000007A06000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      600KB

                                                                                                                    • memory/3928-1311-0x00000000078F0000-0x0000000007901000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      68KB

                                                                                                                    • memory/3928-1312-0x0000000007930000-0x000000000793E000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      56KB

                                                                                                                    • memory/3928-1313-0x0000000007A10000-0x0000000007A2A000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      104KB

                                                                                                                    • memory/3928-1276-0x0000000073850000-0x0000000074001000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                    • memory/3928-1281-0x0000000005DD0000-0x0000000005E36000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      408KB

                                                                                                                    • memory/3928-1280-0x0000000005520000-0x0000000005542000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      136KB

                                                                                                                    • memory/3928-1277-0x00000000050F0000-0x0000000005100000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/3928-1275-0x0000000002B90000-0x0000000002BC6000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      216KB

                                                                                                                    • memory/3928-1279-0x0000000005730000-0x0000000005D5A000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      6.2MB

                                                                                                                    • memory/3928-1290-0x0000000005F20000-0x0000000006277000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      3.3MB

                                                                                                                    • memory/6372-1363-0x0000000073850000-0x0000000074001000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                    • memory/6372-1341-0x0000000073850000-0x0000000074001000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                    • memory/6372-1343-0x0000000002790000-0x00000000027A0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/6372-1342-0x0000000002790000-0x00000000027A0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/6372-1352-0x0000000002790000-0x00000000027A0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/6372-1353-0x000000006EFF0000-0x000000006F03C000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      304KB

                                                                                                                    • memory/6976-454-0x0000000005730000-0x0000000005740000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/6976-680-0x0000000005730000-0x0000000005740000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/6976-669-0x0000000073850000-0x0000000074001000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                    • memory/6976-668-0x0000000005730000-0x0000000005740000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/6976-748-0x0000000005730000-0x0000000005740000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                    • memory/6976-453-0x00000000040F0000-0x00000000040FA000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      40KB

                                                                                                                    • memory/6976-452-0x0000000009C70000-0x000000000A19C000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      5.2MB

                                                                                                                    • memory/6976-451-0x00000000096D0000-0x0000000009736000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      408KB

                                                                                                                    • memory/6976-450-0x0000000009630000-0x00000000096CC000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      624KB

                                                                                                                    • memory/6976-449-0x00000000059E0000-0x0000000005A24000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      272KB

                                                                                                                    • memory/6976-448-0x0000000008290000-0x0000000008322000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      584KB

                                                                                                                    • memory/6976-447-0x0000000073850000-0x0000000074001000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                    • memory/6976-446-0x0000000008600000-0x0000000008BA6000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      5.6MB

                                                                                                                    • memory/6976-445-0x0000000074110000-0x0000000074124000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      80KB

                                                                                                                    • memory/6976-444-0x0000000005CE0000-0x0000000005CF4000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      80KB

                                                                                                                    • memory/6976-440-0x0000000005730000-0x0000000005740000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB