Overview

overview

10

Static

static

1

URLScan

urlscan

http://.ç

windows11-21h2-x64

10

Resubmissions

05-03-2024 08:54

240305-kt7d8sbh45 10

05-03-2024 08:48

240305-kqfgcaba2s 1

Analysis

  • max time kernel
    735s
  • max time network
    736s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05-03-2024 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://.ç

Score
10/10
guerrillabootkitdiscoveryexploitinfostealerpersistencerattrojan

Malware Config

Signatures

  • Guerrilla

    Guerrilla is an Android malware used by the Lemon Group threat actor.

    trojaninfostealerratguerrilla
  • Guerrilla payload 3 IoCs
  • Creates new service(s) 1 TTPs
    persistence
  • Downloads MZ/PE file
  • Manipulates Digital Signatures 1 TTPs 64 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Possible privilege escalation attempt 6 IoCs
    exploit
  • Executes dropped EXE 35 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 6 IoCs
    discovery
  • Registers COM server for autorun 1 TTPs 29 IoCs
    persistence
  • Checks for any installed AV software in registry 1 TTPs 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 6 IoCs
  • Launches sc.exe 11 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Kills process with taskkill 4 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 5 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: LoadsDriver 17 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 33 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://.ç
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa13953cb8,0x7ffa13953cc8,0x7ffa13953cd8
      2⤵
        PID:4072
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
        2⤵
          PID:1564
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1480
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
          2⤵
            PID:4624
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
            2⤵
              PID:3508
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
              2⤵
                PID:1104
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
                2⤵
                  PID:2520
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1516
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1
                  2⤵
                    PID:2564
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4880
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
                    2⤵
                      PID:5084
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
                      2⤵
                        PID:2656
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
                        2⤵
                          PID:3724
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                          2⤵
                            PID:2172
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
                            2⤵
                              PID:1568
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                              2⤵
                                PID:4924
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2608 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3244
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
                                2⤵
                                  PID:3428
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                                  2⤵
                                    PID:3136
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                                    2⤵
                                      PID:2604
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
                                      2⤵
                                        PID:3124
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6128 /prefetch:8
                                        2⤵
                                          PID:2916
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6104 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:1980
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
                                          2⤵
                                            PID:3592
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                                            2⤵
                                              PID:4808
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
                                              2⤵
                                                PID:1216
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
                                                2⤵
                                                  PID:3892
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
                                                  2⤵
                                                    PID:4684
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
                                                    2⤵
                                                      PID:4904
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
                                                      2⤵
                                                        PID:4964
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7492 /prefetch:8
                                                        2⤵
                                                          PID:1196
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
                                                          2⤵
                                                            PID:1332
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
                                                            2⤵
                                                              PID:2132
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
                                                              2⤵
                                                                PID:796
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
                                                                2⤵
                                                                  PID:1424
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
                                                                  2⤵
                                                                    PID:2620
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
                                                                    2⤵
                                                                      PID:4964
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
                                                                      2⤵
                                                                        PID:3604
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8320 /prefetch:8
                                                                        2⤵
                                                                        • NTFS ADS
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:5272
                                                                      • C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe
                                                                        "C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe"
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • Checks for any installed AV software in registry
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:5440
                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                          "taskkill" /F /IM dnplayer.exe /T
                                                                          3⤵
                                                                          • Kills process with taskkill
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:5328
                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                          "taskkill" /F /IM dnmultiplayer.exe /T
                                                                          3⤵
                                                                          • Kills process with taskkill
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:5608
                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                          "taskkill" /F /IM dnmultiplayerex.exe /T
                                                                          3⤵
                                                                          • Kills process with taskkill
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:5740
                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                          "taskkill" /F /IM bugreport.exe /T
                                                                          3⤵
                                                                          • Kills process with taskkill
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:5696
                                                                        • C:\LDPlayer\LDPlayer9\LDPlayer.exe
                                                                          "C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1001 -language=en -path="C:\LDPlayer\LDPlayer9\"
                                                                          3⤵
                                                                          • Executes dropped EXE
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:5936
                                                                          • C:\LDPlayer\LDPlayer9\dnrepairer.exe
                                                                            "C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=721394
                                                                            4⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            • Registers COM server for autorun
                                                                            • Drops file in Program Files directory
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:1376
                                                                            • C:\Windows\SysWOW64\net.exe
                                                                              "net" start cryptsvc
                                                                              5⤵
                                                                                PID:6108
                                                                                • C:\Windows\SysWOW64\net1.exe
                                                                                  C:\Windows\system32\net1 start cryptsvc
                                                                                  6⤵
                                                                                    PID:732
                                                                                • C:\Windows\SysWOW64\regsvr32.exe
                                                                                  "regsvr32" Softpub.dll /s
                                                                                  5⤵
                                                                                  • Manipulates Digital Signatures
                                                                                  PID:352
                                                                                • C:\Windows\SysWOW64\regsvr32.exe
                                                                                  "regsvr32" Wintrust.dll /s
                                                                                  5⤵
                                                                                  • Manipulates Digital Signatures
                                                                                  PID:4644
                                                                                • C:\Windows\SysWOW64\regsvr32.exe
                                                                                  "regsvr32" Initpki.dll /s
                                                                                  5⤵
                                                                                    PID:5208
                                                                                  • C:\Windows\SysWOW64\regsvr32.exe
                                                                                    "C:\Windows\system32\regsvr32" Initpki.dll /s
                                                                                    5⤵
                                                                                      PID:1668
                                                                                    • C:\Windows\SysWOW64\regsvr32.exe
                                                                                      "regsvr32" dssenh.dll /s
                                                                                      5⤵
                                                                                        PID:2868
                                                                                      • C:\Windows\SysWOW64\regsvr32.exe
                                                                                        "regsvr32" rsaenh.dll /s
                                                                                        5⤵
                                                                                          PID:2148
                                                                                        • C:\Windows\SysWOW64\regsvr32.exe
                                                                                          "regsvr32" cryptdlg.dll /s
                                                                                          5⤵
                                                                                          • Manipulates Digital Signatures
                                                                                          PID:2892
                                                                                        • C:\Windows\SysWOW64\takeown.exe
                                                                                          "takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
                                                                                          5⤵
                                                                                          • Possible privilege escalation attempt
                                                                                          • Modifies file permissions
                                                                                          PID:5988
                                                                                        • C:\Windows\SysWOW64\icacls.exe
                                                                                          "icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
                                                                                          5⤵
                                                                                          • Possible privilege escalation attempt
                                                                                          • Modifies file permissions
                                                                                          PID:436
                                                                                        • C:\Windows\SysWOW64\takeown.exe
                                                                                          "takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
                                                                                          5⤵
                                                                                          • Possible privilege escalation attempt
                                                                                          • Modifies file permissions
                                                                                          PID:5400
                                                                                        • C:\Windows\SysWOW64\icacls.exe
                                                                                          "icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
                                                                                          5⤵
                                                                                          • Possible privilege escalation attempt
                                                                                          • Modifies file permissions
                                                                                          PID:5412
                                                                                        • C:\Windows\SysWOW64\dism.exe
                                                                                          C:\Windows\system32\dism.exe /Online /English /Get-Features
                                                                                          5⤵
                                                                                          • Drops file in Windows directory
                                                                                          PID:5436
                                                                                          • C:\Users\Admin\AppData\Local\Temp\A66F6CAD-8A69-4215-ABD1-9FABB022BB9A\dismhost.exe
                                                                                            C:\Users\Admin\AppData\Local\Temp\A66F6CAD-8A69-4215-ABD1-9FABB022BB9A\dismhost.exe {4DA81FD2-187C-43F3-BA63-496E6B154615}
                                                                                            6⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            • Drops file in Windows directory
                                                                                            PID:1512
                                                                                        • C:\Windows\SysWOW64\sc.exe
                                                                                          sc query HvHost
                                                                                          5⤵
                                                                                          • Launches sc.exe
                                                                                          PID:5652
                                                                                        • C:\Windows\SysWOW64\sc.exe
                                                                                          sc query vmms
                                                                                          5⤵
                                                                                          • Launches sc.exe
                                                                                          PID:5756
                                                                                        • C:\Windows\SysWOW64\sc.exe
                                                                                          sc query vmcompute
                                                                                          5⤵
                                                                                          • Launches sc.exe
                                                                                          PID:5768
                                                                                        • C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
                                                                                          "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                          PID:5636
                                                                                        • C:\Windows\SYSTEM32\regsvr32.exe
                                                                                          "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
                                                                                          5⤵
                                                                                          • Loads dropped DLL
                                                                                          PID:5740
                                                                                        • C:\Windows\SysWOW64\regsvr32.exe
                                                                                          "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
                                                                                          5⤵
                                                                                          • Loads dropped DLL
                                                                                          PID:5812
                                                                                        • C:\Windows\SYSTEM32\regsvr32.exe
                                                                                          "regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
                                                                                          5⤵
                                                                                          • Loads dropped DLL
                                                                                          • Registers COM server for autorun
                                                                                          • Modifies registry class
                                                                                          PID:5924
                                                                                        • C:\Windows\SysWOW64\regsvr32.exe
                                                                                          "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
                                                                                          5⤵
                                                                                          • Loads dropped DLL
                                                                                          • Modifies registry class
                                                                                          PID:4276
                                                                                        • C:\Windows\SysWOW64\sc.exe
                                                                                          "C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
                                                                                          5⤵
                                                                                          • Launches sc.exe
                                                                                          PID:872
                                                                                        • C:\Windows\SysWOW64\sc.exe
                                                                                          "C:\Windows\system32\sc" start Ld9BoxSup
                                                                                          5⤵
                                                                                          • Launches sc.exe
                                                                                          PID:5460
                                                                                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
                                                                                          5⤵
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:6000
                                                                                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
                                                                                          5⤵
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:4208
                                                                                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          "powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
                                                                                          5⤵
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:1796
                                                                                      • C:\LDPlayer\LDPlayer9\driverconfig.exe
                                                                                        "C:\LDPlayer\LDPlayer9\driverconfig.exe"
                                                                                        4⤵
                                                                                        • Executes dropped EXE
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:5616
                                                                                      • C:\Windows\SysWOW64\takeown.exe
                                                                                        "takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
                                                                                        4⤵
                                                                                        • Possible privilege escalation attempt
                                                                                        • Modifies file permissions
                                                                                        PID:6128
                                                                                      • C:\Windows\SysWOW64\icacls.exe
                                                                                        "icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
                                                                                        4⤵
                                                                                        • Possible privilege escalation attempt
                                                                                        • Modifies file permissions
                                                                                        PID:3248
                                                                                    • C:\LDPlayer\LDPlayer9\dnplayer.exe
                                                                                      "C:\LDPlayer\LDPlayer9\\dnplayer.exe"
                                                                                      3⤵
                                                                                      • Executes dropped EXE
                                                                                      • Checks processor information in registry
                                                                                      • Modifies Internet Explorer settings
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                      • Suspicious use of SendNotifyMessage
                                                                                      PID:816
                                                                                      • C:\Windows\SysWOW64\sc.exe
                                                                                        sc query HvHost
                                                                                        4⤵
                                                                                        • Launches sc.exe
                                                                                        PID:5620
                                                                                      • C:\Windows\SysWOW64\sc.exe
                                                                                        sc query vmms
                                                                                        4⤵
                                                                                        • Launches sc.exe
                                                                                        PID:5780
                                                                                      • C:\Windows\SysWOW64\sc.exe
                                                                                        sc query vmcompute
                                                                                        4⤵
                                                                                        • Launches sc.exe
                                                                                        PID:5328
                                                                                      • C:\Program Files\ldplayer9box\vbox-img.exe
                                                                                        "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
                                                                                        4⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:3728
                                                                                      • C:\Program Files\ldplayer9box\vbox-img.exe
                                                                                        "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
                                                                                        4⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:1444
                                                                                      • C:\Program Files\ldplayer9box\vbox-img.exe
                                                                                        "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
                                                                                        4⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:436
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
                                                                                        4⤵
                                                                                          PID:3600
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffa13953cb8,0x7ffa13953cc8,0x7ffa13953cd8
                                                                                            5⤵
                                                                                              PID:5180
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
                                                                                        2⤵
                                                                                          PID:5776
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
                                                                                          2⤵
                                                                                            PID:5544
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1
                                                                                            2⤵
                                                                                              PID:5372
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3073778928835204618,12294607831956112454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:1
                                                                                              2⤵
                                                                                                PID:2936
                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                              1⤵
                                                                                                PID:276
                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                1⤵
                                                                                                  PID:3156
                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                  C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                                                                  1⤵
                                                                                                    PID:4288
                                                                                                  • C:\Windows\System32\oobe\UserOOBEBroker.exe
                                                                                                    C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                                                                                    1⤵
                                                                                                    • Drops file in Windows directory
                                                                                                    PID:2348
                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                                                                    C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                                                                    1⤵
                                                                                                      PID:1556
                                                                                                    • C:\Windows\system32\SystemSettingsAdminFlows.exe
                                                                                                      "C:\Windows\system32\SystemSettingsAdminFlows.exe" RemoteDesktopTurnOnRdp
                                                                                                      1⤵
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:4208
                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                      C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
                                                                                                      1⤵
                                                                                                        PID:1112
                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                                                                        C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                                                                        1⤵
                                                                                                          PID:3920
                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
                                                                                                          1⤵
                                                                                                            PID:1640
                                                                                                          • C:\Windows\system32\AUDIODG.EXE
                                                                                                            C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004C8
                                                                                                            1⤵
                                                                                                              PID:5596
                                                                                                            • C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
                                                                                                              "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
                                                                                                              1⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Registers COM server for autorun
                                                                                                              • Modifies registry class
                                                                                                              PID:5204
                                                                                                              • C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
                                                                                                                "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
                                                                                                                2⤵
                                                                                                                • Executes dropped EXE
                                                                                                                PID:2820
                                                                                                              • C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
                                                                                                                "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
                                                                                                                2⤵
                                                                                                                • Executes dropped EXE
                                                                                                                PID:5456
                                                                                                              • C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
                                                                                                                "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
                                                                                                                2⤵
                                                                                                                • Executes dropped EXE
                                                                                                                PID:4508
                                                                                                              • C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
                                                                                                                "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
                                                                                                                2⤵
                                                                                                                • Executes dropped EXE
                                                                                                                PID:3676
                                                                                                              • C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
                                                                                                                "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
                                                                                                                2⤵
                                                                                                                • Executes dropped EXE
                                                                                                                PID:5984
                                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                              1⤵
                                                                                                                PID:5804
                                                                                                              • C:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe
                                                                                                                "C:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe"
                                                                                                                1⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                PID:2408
                                                                                                                • C:\Program Files\ldplayer9box\VBoxManage.exe
                                                                                                                  "C:\Program Files\ldplayer9box\VBoxManage.exe" unregistervm {20160302-bbbb-bbbb-1822-000000000000}
                                                                                                                  2⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • Registers COM server for autorun
                                                                                                                  • Modifies registry class
                                                                                                                  PID:5900
                                                                                                                • C:\LDPlayer\LDPlayer9\dnplayer.exe
                                                                                                                  "C:\LDPlayer\LDPlayer9\dnplayer.exe" index=0|
                                                                                                                  2⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • Checks processor information in registry
                                                                                                                  • Modifies Internet Explorer settings
                                                                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                  • Suspicious use of FindShellTrayWindow
                                                                                                                  • Suspicious use of SendNotifyMessage
                                                                                                                  PID:2836
                                                                                                                  • C:\Windows\SysWOW64\sc.exe
                                                                                                                    sc query HvHost
                                                                                                                    3⤵
                                                                                                                    • Launches sc.exe
                                                                                                                    PID:5092
                                                                                                                  • C:\Windows\SysWOW64\sc.exe
                                                                                                                    sc query vmms
                                                                                                                    3⤵
                                                                                                                    • Launches sc.exe
                                                                                                                    PID:4120
                                                                                                                  • C:\Windows\SysWOW64\sc.exe
                                                                                                                    sc query vmcompute
                                                                                                                    3⤵
                                                                                                                    • Launches sc.exe
                                                                                                                    PID:3660
                                                                                                                  • C:\Program Files\ldplayer9box\vbox-img.exe
                                                                                                                    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
                                                                                                                    3⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    PID:200
                                                                                                                  • C:\Program Files\ldplayer9box\vbox-img.exe
                                                                                                                    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
                                                                                                                    3⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    PID:1168
                                                                                                              • C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
                                                                                                                "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
                                                                                                                1⤵
                                                                                                                • Executes dropped EXE
                                                                                                                PID:988
                                                                                                              • C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
                                                                                                                "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
                                                                                                                1⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Registers COM server for autorun
                                                                                                                • Modifies registry class
                                                                                                                PID:1784
                                                                                                                • C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
                                                                                                                  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
                                                                                                                  2⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:2976
                                                                                                                • C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
                                                                                                                  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
                                                                                                                  2⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:5128
                                                                                                                • C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
                                                                                                                  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
                                                                                                                  2⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:3924
                                                                                                                • C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
                                                                                                                  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
                                                                                                                  2⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:4164
                                                                                                                • C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
                                                                                                                  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
                                                                                                                  2⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:6080
                                                                                                              • C:\Windows\System32\rundll32.exe
                                                                                                                C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
                                                                                                                1⤵
                                                                                                                  PID:5340
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                                                                  1⤵
                                                                                                                  • Enumerates system info in registry
                                                                                                                  • NTFS ADS
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                  • Suspicious use of FindShellTrayWindow
                                                                                                                  • Suspicious use of SendNotifyMessage
                                                                                                                  PID:848
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa13953cb8,0x7ffa13953cc8,0x7ffa13953cd8
                                                                                                                    2⤵
                                                                                                                      PID:1772
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
                                                                                                                      2⤵
                                                                                                                        PID:732
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
                                                                                                                        2⤵
                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                        PID:5484
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
                                                                                                                        2⤵
                                                                                                                          PID:1248
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2528 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:1768
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:2468
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:3356
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:5048
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
                                                                                                                                  2⤵
                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                  PID:5268
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:5344
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:988
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
                                                                                                                                      2⤵
                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                      PID:2412
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:1036
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:3552
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4120 /prefetch:8
                                                                                                                                          2⤵
                                                                                                                                            PID:5440
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5668 /prefetch:8
                                                                                                                                            2⤵
                                                                                                                                              PID:5552
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:1564
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
                                                                                                                                                2⤵
                                                                                                                                                  PID:5972
                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
                                                                                                                                                  2⤵
                                                                                                                                                    PID:1388
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
                                                                                                                                                    2⤵
                                                                                                                                                    • NTFS ADS
                                                                                                                                                    PID:2360
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4020 /prefetch:2
                                                                                                                                                    2⤵
                                                                                                                                                      PID:4124
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                        PID:2308
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
                                                                                                                                                        2⤵
                                                                                                                                                          PID:5344
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
                                                                                                                                                          2⤵
                                                                                                                                                            PID:1992
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6936 /prefetch:8
                                                                                                                                                            2⤵
                                                                                                                                                              PID:3612
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,11823102856878553931,11445195642695691325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
                                                                                                                                                              2⤵
                                                                                                                                                              • NTFS ADS
                                                                                                                                                              PID:4276
                                                                                                                                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                                              "C:\Users\Admin\Downloads\MEMZ.exe"
                                                                                                                                                              2⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              PID:3448
                                                                                                                                                              • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                                                "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                                                                3⤵
                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                PID:1568
                                                                                                                                                              • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                                                "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                                                                3⤵
                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                PID:2728
                                                                                                                                                              • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                                                "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                                                                3⤵
                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                PID:412
                                                                                                                                                              • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                                                "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                                                                3⤵
                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                PID:2636
                                                                                                                                                              • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                                                "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                                                                3⤵
                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                PID:5664
                                                                                                                                                              • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                                                "C:\Users\Admin\Downloads\MEMZ.exe" /main
                                                                                                                                                                3⤵
                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                • Writes to the Master Boot Record (MBR)
                                                                                                                                                                PID:6040
                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                  "C:\Windows\System32\notepad.exe" \note.txt
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:4812
                                                                                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                              1⤵
                                                                                                                                                                PID:1708
                                                                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:2580
                                                                                                                                                                • C:\Windows\System32\rundll32.exe
                                                                                                                                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:3616

                                                                                                                                                                  Network

                                                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                                                  Reconnaissance

                                                                                                                                                                  Resource Development

                                                                                                                                                                  Initial Access

                                                                                                                                                                  Execution

                                                                                                                                                                  Persistence

                                                                                                                                                                  Boot or Logon Autostart Execution

                                                                                                                                                                  1
                                                                                                                                                                  T1547

                                                                                                                                                                  Registry Run Keys / Startup Folder

                                                                                                                                                                  1
                                                                                                                                                                  T1547.001

                                                                                                                                                                  Create or Modify System Process

                                                                                                                                                                  1
                                                                                                                                                                  T1543

                                                                                                                                                                  Windows Service

                                                                                                                                                                  1
                                                                                                                                                                  T1543.003

                                                                                                                                                                  Pre-OS Boot

                                                                                                                                                                  1
                                                                                                                                                                  T1542

                                                                                                                                                                  Bootkit

                                                                                                                                                                  1
                                                                                                                                                                  T1542.003

                                                                                                                                                                  Privilege Escalation

                                                                                                                                                                  Boot or Logon Autostart Execution

                                                                                                                                                                  1
                                                                                                                                                                  T1547

                                                                                                                                                                  Registry Run Keys / Startup Folder

                                                                                                                                                                  1
                                                                                                                                                                  T1547.001

                                                                                                                                                                  Create or Modify System Process

                                                                                                                                                                  1
                                                                                                                                                                  T1543

                                                                                                                                                                  Windows Service

                                                                                                                                                                  1
                                                                                                                                                                  T1543.003

                                                                                                                                                                  Defense Evasion

                                                                                                                                                                  File and Directory Permissions Modification

                                                                                                                                                                  1
                                                                                                                                                                  T1222

                                                                                                                                                                  Modify Registry

                                                                                                                                                                  1
                                                                                                                                                                  T1112

                                                                                                                                                                  Pre-OS Boot

                                                                                                                                                                  1
                                                                                                                                                                  T1542

                                                                                                                                                                  Bootkit

                                                                                                                                                                  1
                                                                                                                                                                  T1542.003

                                                                                                                                                                  Subvert Trust Controls

                                                                                                                                                                  1
                                                                                                                                                                  T1553

                                                                                                                                                                  SIP and Trust Provider Hijacking

                                                                                                                                                                  1
                                                                                                                                                                  T1553.003

                                                                                                                                                                  Credential Access

                                                                                                                                                                  Discovery

                                                                                                                                                                  Query Registry

                                                                                                                                                                  3
                                                                                                                                                                  T1012

                                                                                                                                                                  Software Discovery

                                                                                                                                                                  1
                                                                                                                                                                  T1518

                                                                                                                                                                  Security Software Discovery

                                                                                                                                                                  1
                                                                                                                                                                  T1518.001

                                                                                                                                                                  System Information Discovery

                                                                                                                                                                  3
                                                                                                                                                                  T1082

                                                                                                                                                                  Lateral Movement

                                                                                                                                                                  Collection

                                                                                                                                                                  Command and Control

                                                                                                                                                                  Web Service

                                                                                                                                                                  1
                                                                                                                                                                  T1102

                                                                                                                                                                  Exfiltration

                                                                                                                                                                  Impact

                                                                                                                                                                  Replay Monitor

                                                                                                                                                                  Loading Replay Monitor...

                                                                                                                                                                  Downloads

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\LDPlayer.exe
                                                                                                                                                                    Filesize

                                                                                                                                                                    55.6MB

                                                                                                                                                                    MD5

                                                                                                                                                                    260b2887efcfdfe32b681d72b92a1bd3

                                                                                                                                                                    SHA1

                                                                                                                                                                    7b031668c89362fbfd1c81a7273faa4490ab63e4

                                                                                                                                                                    SHA256

                                                                                                                                                                    dbf2ad017ad934dbdf82e87a13599c37ed36f8aee7e2b75520ed5217cb45bfc7

                                                                                                                                                                    SHA512

                                                                                                                                                                    c41f59f9ca8ee3d678a9feb9838df099476fe08e9a62a70638f9401edd0acc26c4d7b733a0d66fc5c75291a455c93f4a182a749637da74667d21ad8e200a8d53

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\LDPlayer.exe
                                                                                                                                                                    Filesize

                                                                                                                                                                    89.7MB

                                                                                                                                                                    MD5

                                                                                                                                                                    f6bba63600d858342ce4d0b4bbdd125a

                                                                                                                                                                    SHA1

                                                                                                                                                                    a34206e6e2073dc51d24e8c5239a148f7ab41c49

                                                                                                                                                                    SHA256

                                                                                                                                                                    0b8c7dc4260aa805be4df4008451def708358d7177c90122ac070276873e38fc

                                                                                                                                                                    SHA512

                                                                                                                                                                    c9b32f7665f8bd85eeea0f633e2ee715879f07c26def5041f3a2f2fe4c999a24425d6d6b9b1b689a8e358929b2d58f78a3dd0619a106ccd8fe57b96450ab18f0

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\crashreport.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    51KB

                                                                                                                                                                    MD5

                                                                                                                                                                    66320b2085eaef1c436f6940b4bb8822

                                                                                                                                                                    SHA1

                                                                                                                                                                    6e92774138f43129a209c3fc80839c7726e9644d

                                                                                                                                                                    SHA256

                                                                                                                                                                    e7e8225ea6879d0e24be299dfb07b42876157b221e2c01ede29b6da675e830e0

                                                                                                                                                                    SHA512

                                                                                                                                                                    2a66ed15503c57059dab50128c5d1167f8afd152d5cc84383472db41224bddc4552a9a69a3f59bd820d42fe68a73f45cc5f00a3df3f8172ac744cc432cea4b54

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\device.ini
                                                                                                                                                                    Filesize

                                                                                                                                                                    91B

                                                                                                                                                                    MD5

                                                                                                                                                                    dba7fefc48f3b90350effad166abf887

                                                                                                                                                                    SHA1

                                                                                                                                                                    263d9ceb08d10685ff4222d7c89cb563d2c411f8

                                                                                                                                                                    SHA256

                                                                                                                                                                    02cf1d1f11940dcc79c52917a12f52f3a0b3aa3a381ce86d86d3a15c50ac5292

                                                                                                                                                                    SHA512

                                                                                                                                                                    34789e652fc0155e6d18e779d57fdea51c4fc439f96313e0d5290558402d4171d8f8abdcca31d01eb5d50b0bedbaa68b0f70d47df8a4ab714a4f40e6c5a1d2ab

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
                                                                                                                                                                    Filesize

                                                                                                                                                                    1.2MB

                                                                                                                                                                    MD5

                                                                                                                                                                    04a464934784e7681b746ed70ecb6c77

                                                                                                                                                                    SHA1

                                                                                                                                                                    b8ad32df8d90796ac6a4fc6d4b8d59ee88501eef

                                                                                                                                                                    SHA256

                                                                                                                                                                    4dae61aed5c1adfa37c21bb78b3feeb5eb8a0cb1a75f3a6efdb9cf7bc50e28e3

                                                                                                                                                                    SHA512

                                                                                                                                                                    569f8004efb04788ec896f87e8839852975010f12ebbbe5fa833875f60abf55d9c0a18015eaddc05433c8a33e51804feb4e6778f5f1470eb5ab8be102559b2ea

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\dnplayer.exe
                                                                                                                                                                    Filesize

                                                                                                                                                                    4.1MB

                                                                                                                                                                    MD5

                                                                                                                                                                    e93f70db0980cad4fae75274d4ae4840

                                                                                                                                                                    SHA1

                                                                                                                                                                    d20768191c856350bbc2bdef574e10c6d831bc70

                                                                                                                                                                    SHA256

                                                                                                                                                                    379cbb322e630b1335e9465486dde95cfe0cfbfc0e4251abef7f5c7bdc3cf856

                                                                                                                                                                    SHA512

                                                                                                                                                                    216d85610f3c32aae61289298527c4bc4fc41026c107250ebff1fb4e07d1277d1183b2355e20042c7f66387453463bd3a08d06ca1fb630145440adba145caf9a

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\dnrepairer.exe
                                                                                                                                                                    Filesize

                                                                                                                                                                    7.4MB

                                                                                                                                                                    MD5

                                                                                                                                                                    3b5c6c51c3e5f4eee13d7c03c4a6c20e

                                                                                                                                                                    SHA1

                                                                                                                                                                    c5dab0f6092fcb89fc8129bed5442b9eb834f12a

                                                                                                                                                                    SHA256

                                                                                                                                                                    bae53483666ae4d8f707fe77a469a813dfc97fc0fb76511d45559e10ae7027f7

                                                                                                                                                                    SHA512

                                                                                                                                                                    26b34f0c627f082ff652cc5389aba6e14b75d692319ab32b4fcdcb32befa003ce1038effdad50a2d3eef09af1bfde3afc691d63f4cd6e10603d75224f28f1154

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\dnrepairer.exe
                                                                                                                                                                    Filesize

                                                                                                                                                                    8.4MB

                                                                                                                                                                    MD5

                                                                                                                                                                    fd8169a37ad720990884c6164efe5f95

                                                                                                                                                                    SHA1

                                                                                                                                                                    ddb9641f670ece378105a2df55eefca03357aad4

                                                                                                                                                                    SHA256

                                                                                                                                                                    f1ae09523b93deaa142830efbf22248e129d776292cc00e99bceda0bdd514ef1

                                                                                                                                                                    SHA512

                                                                                                                                                                    03215ae256e894b2185c3be3a365c56eb60c9bf70bc4cd1d480c459781a82606b8fc25cdbac6393063b45177eea06e700859e036bc2ac6a35695e99c05297961

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\dnresource.rcc
                                                                                                                                                                    Filesize

                                                                                                                                                                    5.0MB

                                                                                                                                                                    MD5

                                                                                                                                                                    f845753af4cc7b94f180fb76787e3bc2

                                                                                                                                                                    SHA1

                                                                                                                                                                    76ca7babbb655d749c9ed69e0b8875370320cc5a

                                                                                                                                                                    SHA256

                                                                                                                                                                    a19a6c0c644ce0e655eaf38a8dbddf05e55048ba52309366a5333e1b50bde990

                                                                                                                                                                    SHA512

                                                                                                                                                                    0a3062057622ffcff80c9c5f872abdf59a36131bfc60532c853ea858774d89fed27343f838dfe341dafe8444538fc6e2103d3aa19ef9d264e0f8e761c4bfce81

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf
                                                                                                                                                                    Filesize

                                                                                                                                                                    3.5MB

                                                                                                                                                                    MD5

                                                                                                                                                                    7e812614952563f90ea9e8d2efccc2bf

                                                                                                                                                                    SHA1

                                                                                                                                                                    5ec95d533f0f4b9b6dd97ad0af57d162145f9f01

                                                                                                                                                                    SHA256

                                                                                                                                                                    f0eeb42843a61d734203b8259a22ad6c3d023e92cf0a71bf0600f0db53c2dfbc

                                                                                                                                                                    SHA512

                                                                                                                                                                    546c2dafa1cdf53c728aedb136ba8c522eae9b2530c948d9b650c30b21613166751b7a9522269dca9a35053cfe3aca2f7e606419d8e24a4d78a776dda5f97fd7

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
                                                                                                                                                                    Filesize

                                                                                                                                                                    103KB

                                                                                                                                                                    MD5

                                                                                                                                                                    4acd5f0e312730f1d8b8805f3699c184

                                                                                                                                                                    SHA1

                                                                                                                                                                    67c957e102bf2b2a86c5708257bc32f91c006739

                                                                                                                                                                    SHA256

                                                                                                                                                                    72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

                                                                                                                                                                    SHA512

                                                                                                                                                                    9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
                                                                                                                                                                    Filesize

                                                                                                                                                                    652KB

                                                                                                                                                                    MD5

                                                                                                                                                                    ad9d7cbdb4b19fb65960d69126e3ff68

                                                                                                                                                                    SHA1

                                                                                                                                                                    dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d

                                                                                                                                                                    SHA256

                                                                                                                                                                    a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326

                                                                                                                                                                    SHA512

                                                                                                                                                                    f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    1.5MB

                                                                                                                                                                    MD5

                                                                                                                                                                    66df6f7b7a98ff750aade522c22d239a

                                                                                                                                                                    SHA1

                                                                                                                                                                    f69464fe18ed03de597bb46482ae899f43c94617

                                                                                                                                                                    SHA256

                                                                                                                                                                    91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f

                                                                                                                                                                    SHA512

                                                                                                                                                                    48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc
                                                                                                                                                                    Filesize

                                                                                                                                                                    4.8MB

                                                                                                                                                                    MD5

                                                                                                                                                                    26ca9c872177cf0ec91a91e2f9d8120d

                                                                                                                                                                    SHA1

                                                                                                                                                                    55fc0849e49ad3a95f9b279b7ef19ee7f3ec22ae

                                                                                                                                                                    SHA256

                                                                                                                                                                    fabed620d94f423f134fe9adf7d88dba3bbac7be1ded13e0845e889e44c02661

                                                                                                                                                                    SHA512

                                                                                                                                                                    e1946ae4121735e9f96fd7be92694844fc2464af6de6be6956893a45a725ad8965d53aa7a9a0bd00b336187a9c4c8c0188ff4752d1e242c8422d4135be3ba3f8

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    2.0MB

                                                                                                                                                                    MD5

                                                                                                                                                                    01c4246df55a5fff93d086bb56110d2b

                                                                                                                                                                    SHA1

                                                                                                                                                                    e2939375c4dd7b478913328b88eaa3c91913cfdc

                                                                                                                                                                    SHA256

                                                                                                                                                                    c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889

                                                                                                                                                                    SHA512

                                                                                                                                                                    39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    442KB

                                                                                                                                                                    MD5

                                                                                                                                                                    2d40f6c6a4f88c8c2685ee25b53ec00d

                                                                                                                                                                    SHA1

                                                                                                                                                                    faf96bac1e7665aa07029d8f94e1ac84014a863b

                                                                                                                                                                    SHA256

                                                                                                                                                                    1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334

                                                                                                                                                                    SHA512

                                                                                                                                                                    4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    192KB

                                                                                                                                                                    MD5

                                                                                                                                                                    52c43baddd43be63fbfb398722f3b01d

                                                                                                                                                                    SHA1

                                                                                                                                                                    be1b1064fdda4dde4b72ef523b8e02c050ccd820

                                                                                                                                                                    SHA256

                                                                                                                                                                    8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f

                                                                                                                                                                    SHA512

                                                                                                                                                                    04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    511KB

                                                                                                                                                                    MD5

                                                                                                                                                                    e8fd6da54f056363b284608c3f6a832e

                                                                                                                                                                    SHA1

                                                                                                                                                                    32e88b82fd398568517ab03b33e9765b59c4946d

                                                                                                                                                                    SHA256

                                                                                                                                                                    b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd

                                                                                                                                                                    SHA512

                                                                                                                                                                    4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    522KB

                                                                                                                                                                    MD5

                                                                                                                                                                    3e29914113ec4b968ba5eb1f6d194a0a

                                                                                                                                                                    SHA1

                                                                                                                                                                    557b67e372e85eb39989cb53cffd3ef1adabb9fe

                                                                                                                                                                    SHA256

                                                                                                                                                                    c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

                                                                                                                                                                    SHA512

                                                                                                                                                                    75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    854KB

                                                                                                                                                                    MD5

                                                                                                                                                                    4ba25d2cbe1587a841dcfb8c8c4a6ea6

                                                                                                                                                                    SHA1

                                                                                                                                                                    52693d4b5e0b55a929099b680348c3932f2c3c62

                                                                                                                                                                    SHA256

                                                                                                                                                                    b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

                                                                                                                                                                    SHA512

                                                                                                                                                                    82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    283KB

                                                                                                                                                                    MD5

                                                                                                                                                                    0054560df6c69d2067689433172088ef

                                                                                                                                                                    SHA1

                                                                                                                                                                    a30042b77ebd7c704be0e986349030bcdb82857d

                                                                                                                                                                    SHA256

                                                                                                                                                                    72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750

                                                                                                                                                                    SHA512

                                                                                                                                                                    418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\msvcp120.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    444KB

                                                                                                                                                                    MD5

                                                                                                                                                                    50260b0f19aaa7e37c4082fecef8ff41

                                                                                                                                                                    SHA1

                                                                                                                                                                    ce672489b29baa7119881497ed5044b21ad8fe30

                                                                                                                                                                    SHA256

                                                                                                                                                                    891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

                                                                                                                                                                    SHA512

                                                                                                                                                                    6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\msvcr120.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    947KB

                                                                                                                                                                    MD5

                                                                                                                                                                    50097ec217ce0ebb9b4caa09cd2cd73a

                                                                                                                                                                    SHA1

                                                                                                                                                                    8cd3018c4170072464fbcd7cba563df1fc2b884c

                                                                                                                                                                    SHA256

                                                                                                                                                                    2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

                                                                                                                                                                    SHA512

                                                                                                                                                                    ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\system.vmdk
                                                                                                                                                                    Filesize

                                                                                                                                                                    8.2MB

                                                                                                                                                                    MD5

                                                                                                                                                                    0625fa50c4369eca25c18035d8046eb1

                                                                                                                                                                    SHA1

                                                                                                                                                                    60a12babcb40526bec1a40d106479de785956db2

                                                                                                                                                                    SHA256

                                                                                                                                                                    13a1772dd1a3288a8e8e4ae7a8022870cfab96af349c4070c0a78012edc88089

                                                                                                                                                                    SHA512

                                                                                                                                                                    7d4f6ee3c0ef1667054982290a5c645c950d8cd542e78d8fc6f30f448e4c95e67133f2b0c785c2515ade9886d281af5bf2600b6289f662d48f0b58a6a5dde545

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\system.vmdk
                                                                                                                                                                    Filesize

                                                                                                                                                                    8.1MB

                                                                                                                                                                    MD5

                                                                                                                                                                    787fd7455a70a462e27c005c69306ddd

                                                                                                                                                                    SHA1

                                                                                                                                                                    47c4dcc441ae183605d6bf2b2822547b05c8d585

                                                                                                                                                                    SHA256

                                                                                                                                                                    ed5d085452dff7cbf3fed892d023da64d1926d55e38569f8d9b622b965799ebd

                                                                                                                                                                    SHA512

                                                                                                                                                                    0340162f08a62ba748b6bf07658179c96793fa03a7bb55f4fea0892439f41ef1862555f63f0c475f26af5f75b0d170fec4cdf105d44192f14e0e34290597240f

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\system.vmdk
                                                                                                                                                                    Filesize

                                                                                                                                                                    9.3MB

                                                                                                                                                                    MD5

                                                                                                                                                                    7f9b10b7391171a9ceb1a661607d89ab

                                                                                                                                                                    SHA1

                                                                                                                                                                    c4e04220bc0aeeb622646dace7017532c21e1653

                                                                                                                                                                    SHA256

                                                                                                                                                                    02235d570d63fa3c4a34e31106f8327438748535dfc2b9d7e4d2ce82580ae160

                                                                                                                                                                    SHA512

                                                                                                                                                                    916d58f9c9515463f57f898520f175dee7a776da9e0c2c21d23a9612efb3ef50dfc55421a3a589f3f64716300960eccda0510038632de66a6d32b46acee931c0

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\vms\config\leidian0.config
                                                                                                                                                                    Filesize

                                                                                                                                                                    641B

                                                                                                                                                                    MD5

                                                                                                                                                                    ad4b5e16ea8135588dc4efc38db0bdee

                                                                                                                                                                    SHA1

                                                                                                                                                                    c1ffc6ee777ec6b1314b01be4e0aff7dbaa626f8

                                                                                                                                                                    SHA256

                                                                                                                                                                    0a741c6327619d394fdb84484f52584ea2577e5d95915964c8cb6c875d300788

                                                                                                                                                                    SHA512

                                                                                                                                                                    670f3e6d38be9d94367cac8259da66009cfbdfeffadab15834ba21ba85c7cd3a17d322ea2e001dc0ad19e16e9592f01bfa7323a4c4c347b1f3dda73c69c477a9

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
                                                                                                                                                                    Filesize

                                                                                                                                                                    13.1MB

                                                                                                                                                                    MD5

                                                                                                                                                                    20f0c472d4c56888c7a2b1531c76faf6

                                                                                                                                                                    SHA1

                                                                                                                                                                    c9612728fa4892a0fd9989b9f4f78dfd605dd32c

                                                                                                                                                                    SHA256

                                                                                                                                                                    58182545504c63b7683a1a9d09cfc3266036ed6e69affc8495acdffb13428f95

                                                                                                                                                                    SHA512

                                                                                                                                                                    4db1342b49fc2841fbfc69b0e131f5cb0ca3f33c25de1792997f627074f31c1f48a67a770be529714a75a3accea781d85324073e20267d946d7a362442d9a700

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\LDPlayer\ldmutiplayer\libeay32.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    1.2MB

                                                                                                                                                                    MD5

                                                                                                                                                                    ba46e6e1c5861617b4d97de00149b905

                                                                                                                                                                    SHA1

                                                                                                                                                                    4affc8aab49c7dc3ceeca81391c4f737d7672b32

                                                                                                                                                                    SHA256

                                                                                                                                                                    2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e

                                                                                                                                                                    SHA512

                                                                                                                                                                    bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                    Filesize

                                                                                                                                                                    152B

                                                                                                                                                                    MD5

                                                                                                                                                                    96899614360333c9904499393c6e3d75

                                                                                                                                                                    SHA1

                                                                                                                                                                    bbfa17cf8df01c266323965735f00f0e9e04cd34

                                                                                                                                                                    SHA256

                                                                                                                                                                    486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c

                                                                                                                                                                    SHA512

                                                                                                                                                                    974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                    Filesize

                                                                                                                                                                    152B

                                                                                                                                                                    MD5

                                                                                                                                                                    1423c1a528e7edc20b7f2c4b94e6bacd

                                                                                                                                                                    SHA1

                                                                                                                                                                    e7d7285afad7b07ed6805f31d4fc3bb3f7f0242e

                                                                                                                                                                    SHA256

                                                                                                                                                                    498a177a3e2edbfea97c14353865421c078f73d84e7619bebd36d77c5b1317da

                                                                                                                                                                    SHA512

                                                                                                                                                                    870217847a95fe38049f04734776fa604f84d830d5b5bf6b753620afde7d0800a26c96c77d66fa6c79d6b369853b27487f010c2e6661acecab858a3156bd3106

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                    Filesize

                                                                                                                                                                    152B

                                                                                                                                                                    MD5

                                                                                                                                                                    2c5433e3aec0e7a9da9726637867fdc3

                                                                                                                                                                    SHA1

                                                                                                                                                                    7f93f26c987ce7218f46659ba777e23c5a68660b

                                                                                                                                                                    SHA256

                                                                                                                                                                    a3753cb5fe6ba511b56ecc69c08f93ee7bd6ccc6d7a89b5e6c68f5c2e0b9e8a9

                                                                                                                                                                    SHA512

                                                                                                                                                                    cf1c3e0c2b46433ecfbf98d0bc831a66a752a2bfa7df8ed336fdbf7220ab7cd6506c73535687271b9e261951f0d825e7335de36afb3967edd96f71161d744f62

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                    Filesize

                                                                                                                                                                    152B

                                                                                                                                                                    MD5

                                                                                                                                                                    19a8bcb40a17253313345edd2a0da1e7

                                                                                                                                                                    SHA1

                                                                                                                                                                    86fac74b5bbc59e910248caebd1176a48a46d72e

                                                                                                                                                                    SHA256

                                                                                                                                                                    b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e

                                                                                                                                                                    SHA512

                                                                                                                                                                    9f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\026afd04-04bc-499f-a0b5-d70de4baa177.tmp
                                                                                                                                                                    Filesize

                                                                                                                                                                    3KB

                                                                                                                                                                    MD5

                                                                                                                                                                    fc4944618d726307651c116a3b6c07a3

                                                                                                                                                                    SHA1

                                                                                                                                                                    df5eac48d222aa23584f1a6c1f47b7467e392970

                                                                                                                                                                    SHA256

                                                                                                                                                                    8e9e7447e6cc931c001a6d4945143784825c03f5bb3b20f737bd062733eca8b1

                                                                                                                                                                    SHA512

                                                                                                                                                                    5ac635e88ab1818ff310198888edf4c0e2a82bf2251367bbed8ed36e88466f515d7483261dc1c40e6821649d6a27443bd5389a49d90cc41109a1734218d10ec6

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
                                                                                                                                                                    Filesize

                                                                                                                                                                    25KB

                                                                                                                                                                    MD5

                                                                                                                                                                    05e9679509b61424a07cc4d4efb7247f

                                                                                                                                                                    SHA1

                                                                                                                                                                    db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81

                                                                                                                                                                    SHA256

                                                                                                                                                                    31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b

                                                                                                                                                                    SHA512

                                                                                                                                                                    1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
                                                                                                                                                                    Filesize

                                                                                                                                                                    23KB

                                                                                                                                                                    MD5

                                                                                                                                                                    b598f33d037b0af8744a4a6dbf9a8f41

                                                                                                                                                                    SHA1

                                                                                                                                                                    35eb36d6129bbb54c02c5e433013926961d5c3dc

                                                                                                                                                                    SHA256

                                                                                                                                                                    fbf5b0c915e03d804b5febb071c11931c4df675d87bcab94f430b92ccfdc571a

                                                                                                                                                                    SHA512

                                                                                                                                                                    405bc6b42d6969adbc4cf4802e052d962921c37f6c4e03d2384b3bed814ff68625e67c9005dc0ee109674df473fc5bba7ebb1b67f7802924dc6723328ad242ac

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
                                                                                                                                                                    Filesize

                                                                                                                                                                    16KB

                                                                                                                                                                    MD5

                                                                                                                                                                    cfa2ab4f9278c82c01d2320d480258fe

                                                                                                                                                                    SHA1

                                                                                                                                                                    ba1468b2006b74fe48be560d3e87f181e8d8ba77

                                                                                                                                                                    SHA256

                                                                                                                                                                    d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e

                                                                                                                                                                    SHA512

                                                                                                                                                                    4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b
                                                                                                                                                                    Filesize

                                                                                                                                                                    29KB

                                                                                                                                                                    MD5

                                                                                                                                                                    d453eca18d366c4054d2efd57717cf9d

                                                                                                                                                                    SHA1

                                                                                                                                                                    c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4

                                                                                                                                                                    SHA256

                                                                                                                                                                    be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc

                                                                                                                                                                    SHA512

                                                                                                                                                                    a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
                                                                                                                                                                    Filesize

                                                                                                                                                                    65KB

                                                                                                                                                                    MD5

                                                                                                                                                                    8a42ba5472aa4afa3d3ac12f31d47408

                                                                                                                                                                    SHA1

                                                                                                                                                                    2add574424ac47c1e83b0b7fae5d040c46ac38a7

                                                                                                                                                                    SHA256

                                                                                                                                                                    759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4

                                                                                                                                                                    SHA512

                                                                                                                                                                    3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                    Filesize

                                                                                                                                                                    4KB

                                                                                                                                                                    MD5

                                                                                                                                                                    a58a672afd4e41d903dc94e0b53ba04c

                                                                                                                                                                    SHA1

                                                                                                                                                                    18016dcc4d6708f1655a5ae73a4d2e53532779b4

                                                                                                                                                                    SHA256

                                                                                                                                                                    8b234359a6dce264eddc9685aa9cfedc3207068a2ea237e6b33676fa77c9c082

                                                                                                                                                                    SHA512

                                                                                                                                                                    9846f65dd7c85008bb02fdc602aa7ae41f72d42a349e6e5353191d6f6136db849b4ed8ad64fcf66045964da157e643c74d7157881f4e7c9164b084e9614eb73b

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                    Filesize

                                                                                                                                                                    6KB

                                                                                                                                                                    MD5

                                                                                                                                                                    aef3e655e54167e31f08fa2de2af48a1

                                                                                                                                                                    SHA1

                                                                                                                                                                    ba401f9a1568191151e6efbeaa9bb76c957a5e30

                                                                                                                                                                    SHA256

                                                                                                                                                                    258b86b78b7a8c90d471984f6ccfe0f909dfe5f5158b7314a560abdd6e40057d

                                                                                                                                                                    SHA512

                                                                                                                                                                    210ac9f845be6b7e7835d896933a9fb7b1d5df715473d30a61c258cc706b3cdd34e9b6870d19a8845257436b2001c5cfe4646f2e26fef7c4e8556148c7f218d1

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                    Filesize

                                                                                                                                                                    6KB

                                                                                                                                                                    MD5

                                                                                                                                                                    d09131063118212a0496fecc9bccafd9

                                                                                                                                                                    SHA1

                                                                                                                                                                    af8c235764e46020b32ddd952f071fb223c278d6

                                                                                                                                                                    SHA256

                                                                                                                                                                    faa922216a9b01bf6d0fb9a741b42985789797846f7e85a2a613019b6e115265

                                                                                                                                                                    SHA512

                                                                                                                                                                    c9d8c76789ddf01fddba9f73a8496eaabc4433d80f222940c6b672244e2d0d48c318db7b5efabbde97e2086e8f520d102d7e11469128be4f731d4107e96dc552

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                    Filesize

                                                                                                                                                                    7KB

                                                                                                                                                                    MD5

                                                                                                                                                                    f35a937d5b9f1918f8c6ff0eb2e4e91e

                                                                                                                                                                    SHA1

                                                                                                                                                                    ad674a65c5511467a0a6190810deb3ff9f0f5b66

                                                                                                                                                                    SHA256

                                                                                                                                                                    079afa628557563641f2df7ab2bf9259dafb082280798c3d01db797631c3324c

                                                                                                                                                                    SHA512

                                                                                                                                                                    27be63c18f44fd4330e0ba072db2230838d02770f1a9f457d205c46e4d80471ad45b4d65fb32b1d47bca6e22a3824183e1c6c84072aff96bba6723f03e9d42fa

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                    Filesize

                                                                                                                                                                    4KB

                                                                                                                                                                    MD5

                                                                                                                                                                    897ab94355ae771f4d944e0bf29f0852

                                                                                                                                                                    SHA1

                                                                                                                                                                    a3b342c7f25b3b17fbe136775b0d1554557a4c4a

                                                                                                                                                                    SHA256

                                                                                                                                                                    64b807d3c9b89c4b20ea54a76b3215d2d1defc3907c4d89f8035ba8cfdd28fc4

                                                                                                                                                                    SHA512

                                                                                                                                                                    0f993c38745423a9cb792ce4590075d536b7d17f8e132dc8849ade67b92b1b2802f47e6c9fb23d6e14141beb50f5e82bf59cccb09497b69c925956f0989310f5

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                    Filesize

                                                                                                                                                                    111B

                                                                                                                                                                    MD5

                                                                                                                                                                    807419ca9a4734feaf8d8563a003b048

                                                                                                                                                                    SHA1

                                                                                                                                                                    a723c7d60a65886ffa068711f1e900ccc85922a6

                                                                                                                                                                    SHA256

                                                                                                                                                                    aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                                                                                                                                                    SHA512

                                                                                                                                                                    f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                    Filesize

                                                                                                                                                                    111B

                                                                                                                                                                    MD5

                                                                                                                                                                    285252a2f6327d41eab203dc2f402c67

                                                                                                                                                                    SHA1

                                                                                                                                                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                                                                    SHA256

                                                                                                                                                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                                                                    SHA512

                                                                                                                                                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                    Filesize

                                                                                                                                                                    9KB

                                                                                                                                                                    MD5

                                                                                                                                                                    5f22771d6d74f91b678d67f90e671b1b

                                                                                                                                                                    SHA1

                                                                                                                                                                    92e419c273c578ccc7694ed79079486fe8fa1b34

                                                                                                                                                                    SHA256

                                                                                                                                                                    25ea9c3a51d149a9aa54990f11460ec7c84a05edd1658e5776da8a2e9e0b2576

                                                                                                                                                                    SHA512

                                                                                                                                                                    72b59b96831e9e767b8f33bcc5edfe6b17ebe6539392f538f7fc8761ef7481335ac44ba69eab5a1586c7eeb39bc3914e8c517e0afd24a805683a1df3258e8883

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                    Filesize

                                                                                                                                                                    10KB

                                                                                                                                                                    MD5

                                                                                                                                                                    8ae22a87a577e96a8815c7cf81061aee

                                                                                                                                                                    SHA1

                                                                                                                                                                    81ac8a4699181f08e0e323fd89c4cc99cff10094

                                                                                                                                                                    SHA256

                                                                                                                                                                    96aad38c78a5d50e4254b7d2121225afb6d18488d3b76db14b390d915174fe2f

                                                                                                                                                                    SHA512

                                                                                                                                                                    5261e6924645a20cd63c30261185ea708fc1d69517814e6d76429a7c01158a26867c0131bf73ccb7370c81b551d653169d5875c35f035306d303002a110d7e21

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                    Filesize

                                                                                                                                                                    12KB

                                                                                                                                                                    MD5

                                                                                                                                                                    26534dc4e91e44545591deb921cb90b4

                                                                                                                                                                    SHA1

                                                                                                                                                                    828750bd3ec0798bd07482e1ce48c458d7ea3de6

                                                                                                                                                                    SHA256

                                                                                                                                                                    218a0017e3bf7d5aa975e852f4542c65b0194f785a1ba5ba236fdf4fd380b3e2

                                                                                                                                                                    SHA512

                                                                                                                                                                    7b6f25d612a7548899f0287e5d5aa7f88ab3e0089ce929a50183adf4e7019b66b742bf1bdd8633a6078220dc74585116a17dbf0027ae94ec1d2dc4290e2e07d8

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                    Filesize

                                                                                                                                                                    12KB

                                                                                                                                                                    MD5

                                                                                                                                                                    a0dd9ede2a682ee01cdd419b418db63e

                                                                                                                                                                    SHA1

                                                                                                                                                                    75b385f66544ac1253352a7b5daf9c94d0eef5ab

                                                                                                                                                                    SHA256

                                                                                                                                                                    4f62679fdba173e8ed129d2aa7f0727e02fe14fa10e7303da0bfa57e32190fa1

                                                                                                                                                                    SHA512

                                                                                                                                                                    4412b30e515035a3bf56f0c83475568488ac0d2d360e36232b6529d24cfd25cef8861d242b9f28b5ffeb26fa144da24820891bae20a6f8cb2d0a6c70e9473bdb

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                    Filesize

                                                                                                                                                                    5KB

                                                                                                                                                                    MD5

                                                                                                                                                                    87de3641fc9f6d33c1408ed4b490312f

                                                                                                                                                                    SHA1

                                                                                                                                                                    d7ccdd76a7d93e00fc38d067a4525d0bf6e58ae4

                                                                                                                                                                    SHA256

                                                                                                                                                                    0a6504c63198b4ff5aa85e3bc5e2817b168207aee68fb43248c9f1a9cac2b64a

                                                                                                                                                                    SHA512

                                                                                                                                                                    dabc80093b0f2009c55fd7afc26cba763a3153cef2377f038bbd10c9225996265b2fe3edfb245a3c7abb00e8d8c664b64b91d715d94d8409effce60b49d4b149

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                    Filesize

                                                                                                                                                                    6KB

                                                                                                                                                                    MD5

                                                                                                                                                                    7c5715734900cba29b77b6106d2a6262

                                                                                                                                                                    SHA1

                                                                                                                                                                    feaae7fdce8d4c3c27f5adb33dc189af0847fb38

                                                                                                                                                                    SHA256

                                                                                                                                                                    2aa44ca4556260152f69405cd7b8ae5dbbf458e98b13338c9587a92080fc362b

                                                                                                                                                                    SHA512

                                                                                                                                                                    09089c8888bbb945fc8eb98cacaa42804242a5492519132fd060eb4582ea7a6e4b907410d465adb16b0b7984b377e62bf3508c589119ef3e47c95b5c4e2bbb85

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                    Filesize

                                                                                                                                                                    9KB

                                                                                                                                                                    MD5

                                                                                                                                                                    29816c32753718f1f31c3a5bbda755e8

                                                                                                                                                                    SHA1

                                                                                                                                                                    185b692504ef57fac9e19e7d547dbdc2bda7a476

                                                                                                                                                                    SHA256

                                                                                                                                                                    cf02ef8b7cff7a853a18324e08e061c7de51a71da6fb5a2f5e355479bdabb197

                                                                                                                                                                    SHA512

                                                                                                                                                                    4f6a81c283a6eee133ee5d9e96d347a5ec7e40ac281a1166ebe7fb2115acffbde4d82b0a9e776cba23de42d17269eb7108cf72458c5ea25b3452044f17219026

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                    Filesize

                                                                                                                                                                    14KB

                                                                                                                                                                    MD5

                                                                                                                                                                    d2a60eba66fc0bcbb78125ab3770a230

                                                                                                                                                                    SHA1

                                                                                                                                                                    a936e8acc87c45717ad9d9f33f8024df04625534

                                                                                                                                                                    SHA256

                                                                                                                                                                    f1efbfe1131ea21b89e3d8552e5b0e3e2dbcb42f223f8fc3df1a2742fb1c487b

                                                                                                                                                                    SHA512

                                                                                                                                                                    4445079e12d85b1014cc4277fede129a8adc116ac6d7156fc8189ab8275d8fb439e6e320424e0ade09382a03ab1d0e118bb13a6e35fcac490eb114fc0aa3969e

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                    Filesize

                                                                                                                                                                    14KB

                                                                                                                                                                    MD5

                                                                                                                                                                    485fabea22e613efdacb43e88ec53c13

                                                                                                                                                                    SHA1

                                                                                                                                                                    cf22445309b56c03039a02b8040853208d14a578

                                                                                                                                                                    SHA256

                                                                                                                                                                    2f4ecda890034b5e1190c54befc41af97329c934d813aae575386c492e856720

                                                                                                                                                                    SHA512

                                                                                                                                                                    9aebeefbe4ec5f6920dbc9b48afda30f6529aab79bd0b00d118aad7b007ef6346892c188a59d359772add4c3b366dd1bc9afd48ae66a3fe75c0f735d2b291cd4

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                    Filesize

                                                                                                                                                                    5KB

                                                                                                                                                                    MD5

                                                                                                                                                                    9a1fc4878db2f991817cc8c2a603bf84

                                                                                                                                                                    SHA1

                                                                                                                                                                    779e38ff11b5658c0a20aa2e961d04cc6bac3e63

                                                                                                                                                                    SHA256

                                                                                                                                                                    492e29020644d49aefa4a9c631bb16f706babf0ab9f0f8787885059ee05a398d

                                                                                                                                                                    SHA512

                                                                                                                                                                    238b38729e0fbaa84c6ff73bb7c4bb58e332349faaec52476764e130d964d4b44b1cc3c5660361c95a280bb72c04c7b130ab6bce3fc6c9e7fa9d0ece57473c37

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                    Filesize

                                                                                                                                                                    12KB

                                                                                                                                                                    MD5

                                                                                                                                                                    69dac990ece86ba3d20d804749697516

                                                                                                                                                                    SHA1

                                                                                                                                                                    8469fc01f51a849f613c02ea31beef746f18ca99

                                                                                                                                                                    SHA256

                                                                                                                                                                    a8379b15261598378dc2d3591a454866e889ee02fb3290f8517c4302a7f81312

                                                                                                                                                                    SHA512

                                                                                                                                                                    9a99fba9db51afb58968b6bf903407e89fc77bd1c65f528e9f60456411678baef3a0aa423a48ec9cf058d9592bd3a88d90134f58397803c4d316c871f669511a

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                    Filesize

                                                                                                                                                                    14KB

                                                                                                                                                                    MD5

                                                                                                                                                                    15f8f2a9e306f0360c5047048539bc55

                                                                                                                                                                    SHA1

                                                                                                                                                                    6cb1628b56a159480618097e1e667e093f3241e2

                                                                                                                                                                    SHA256

                                                                                                                                                                    826a5e93b54c07c16703e432c09736426b2e6dca5fcf6dfdb3c2b797fc11f0c4

                                                                                                                                                                    SHA512

                                                                                                                                                                    e2709d4a36dc7910834abbe30c2171f64f11231b6a90859f23e669405a82723316318544e0dd160c99def34e1b62f1fbf6c29cd2449f7d3c11f4089fed7974b3

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                    Filesize

                                                                                                                                                                    14KB

                                                                                                                                                                    MD5

                                                                                                                                                                    a28e47b6551592dddae4f56eaacd1e74

                                                                                                                                                                    SHA1

                                                                                                                                                                    d8050e397c31cacf12ef0d3d52c7efc3f9c18a3f

                                                                                                                                                                    SHA256

                                                                                                                                                                    307b43b488380c65d97f970d80bfbbd7fd76c8bcb89d72acff6511b14ef970f7

                                                                                                                                                                    SHA512

                                                                                                                                                                    1d63bca763dab0ea55234563697947deb13851fd45d3fc48c20f08aa9df14f316475dc711448906f51388dd8211c5f5651f2e2b6075702980edadb290ef84a9b

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                    Filesize

                                                                                                                                                                    14KB

                                                                                                                                                                    MD5

                                                                                                                                                                    3f99ea24965540893338046496954fed

                                                                                                                                                                    SHA1

                                                                                                                                                                    d47fafcc5334df61cd9369278d5ca8b62f3b03ad

                                                                                                                                                                    SHA256

                                                                                                                                                                    e80a17fe0759b92605412d69925196a8ce6e13cb415ba8ad9d7b270410952905

                                                                                                                                                                    SHA512

                                                                                                                                                                    8fc817b7fd8f81571167c15834c260fec3dffc444642fd0e47729fc5c97bd2c826426a4e8e8bd1e887c5d4cb65d985927ea62b6b8ca4ef6fbe7dbd38a6e8be6a

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                    Filesize

                                                                                                                                                                    14KB

                                                                                                                                                                    MD5

                                                                                                                                                                    8a0f5ec280c74e403ee896c9ceca7ed9

                                                                                                                                                                    SHA1

                                                                                                                                                                    33a1953052c9ba5d7018c2c3d8310a172ad255e7

                                                                                                                                                                    SHA256

                                                                                                                                                                    7b9375a9e6d1ded22e09b2fd43c743f70f45949932011d45eaf280dbfc4f3d66

                                                                                                                                                                    SHA512

                                                                                                                                                                    c23ef17cbf64537c49275ff0c910bdc87fa45aded1951955bdb3b94fdb845775e3900c10315dbcd2f82563a2b10aacf6848b52cafeb83f7ba101ebd65248d08c

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                    Filesize

                                                                                                                                                                    5KB

                                                                                                                                                                    MD5

                                                                                                                                                                    65fe7a23e02ab86530d1a01c1ba460fe

                                                                                                                                                                    SHA1

                                                                                                                                                                    834dcfa3e2b2e46a1cb586176c7f4a25d7ffcb5e

                                                                                                                                                                    SHA256

                                                                                                                                                                    fc366890b37d571e21df3a3a2fbd7298dcbb6cd23b9f19620a98cc66de16aa77

                                                                                                                                                                    SHA512

                                                                                                                                                                    c78840f7d954b8753727dbd127e6e813d5155b8f674d505e7ccfa28a80df1d6dbaead42caa503bcd95b4ca846a1793dc07de7f659b3a5a9a46cadc02f4ca5eaa

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                    Filesize

                                                                                                                                                                    4KB

                                                                                                                                                                    MD5

                                                                                                                                                                    bf53c20a72fa32c298ddf70e88d88fcd

                                                                                                                                                                    SHA1

                                                                                                                                                                    f0c8e2ad6edf3672889643c4a5cdef2054e980ad

                                                                                                                                                                    SHA256

                                                                                                                                                                    26afadd6df9712b5616cfd9ac02a6e862c73cfaf09754d04c45e433dd4dd7548

                                                                                                                                                                    SHA512

                                                                                                                                                                    684146046a9c99edb509f2e4d13b4515553d55e1c2c3358eeb781448ac89fa07d5b3e2879056726cd387779a5783779738ce77dc2dee42ac59310f383afd7606

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                    Filesize

                                                                                                                                                                    4KB

                                                                                                                                                                    MD5

                                                                                                                                                                    9389ea2356897c5811a5985943e380cb

                                                                                                                                                                    SHA1

                                                                                                                                                                    72ff61cef1faecca442cec916cadeae107de59fe

                                                                                                                                                                    SHA256

                                                                                                                                                                    b0eff045df6668a54ec0fdf99de5df781e2855771e2eb7eff51d5fa09e2f06e3

                                                                                                                                                                    SHA512

                                                                                                                                                                    b20d78a3a958f511df5df5e28136b959bdc6925c371ad5fb9316b2df167ffba47ebec97897970f3f66867d2170a84aaabae6568cfd7ae3f84bb7b6a2cbf1cd07

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                    Filesize

                                                                                                                                                                    4KB

                                                                                                                                                                    MD5

                                                                                                                                                                    53a7b36053055b91bde68d1d9e2775de

                                                                                                                                                                    SHA1

                                                                                                                                                                    d83c522b812b50978d026b669cbab8a86f8401f9

                                                                                                                                                                    SHA256

                                                                                                                                                                    11dcfb6f0f5f083b6b500d2fab16f9a98a968b7cf64bc0c988795134f72daceb

                                                                                                                                                                    SHA512

                                                                                                                                                                    133c74b70b9a58cb1559a2ac41f5628e6220a60fa9ff457bb08b5546ae007677e0e7557c8decef2faf435c4795b8890645e7814a3c48fce45201373fe8b53686

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                    Filesize

                                                                                                                                                                    4KB

                                                                                                                                                                    MD5

                                                                                                                                                                    4283c392018f1000dbe8bfa907e53370

                                                                                                                                                                    SHA1

                                                                                                                                                                    00256851ed26c68d82463098d9f95a9a6fb955d1

                                                                                                                                                                    SHA256

                                                                                                                                                                    40132420534516cd3cf88ae98dabcacbd867c3b0c408af3b1257143fbea2d516

                                                                                                                                                                    SHA512

                                                                                                                                                                    499c0f254dac4bbe987eb4f7ab33c3983907c309a66bc8b33cac2485394d4853bb37abe916255be9809dd32812fb821dcbd42ea95bf8d96542202bff41a6ed12

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                    Filesize

                                                                                                                                                                    3KB

                                                                                                                                                                    MD5

                                                                                                                                                                    f4786910578b38f4ffa51560687af2e1

                                                                                                                                                                    SHA1

                                                                                                                                                                    0416b539a25069f2f244fd1eab9ee55c42ae3b09

                                                                                                                                                                    SHA256

                                                                                                                                                                    2fcdf4f8cb8edc3113cb3d2b3c550f47dc414bf9ecc58ea65265df84caeb8df9

                                                                                                                                                                    SHA512

                                                                                                                                                                    00d417bbdb8f975190054e2a4dfdb86be042157b0609347922eb84b2d3152dc54fe867c578fbe2df50b818afd93f1c2eb57b1c931229767d9ea397ee7afddfc5

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                    Filesize

                                                                                                                                                                    3KB

                                                                                                                                                                    MD5

                                                                                                                                                                    91ab1fc0a2699df524863bb675ab3183

                                                                                                                                                                    SHA1

                                                                                                                                                                    325af960423645212e53e4d6b6f1a30e18864130

                                                                                                                                                                    SHA256

                                                                                                                                                                    95c55e5191b0ed71501f34df292cc9fc1f6b40a9c0c44e9f6e633653a181eb23

                                                                                                                                                                    SHA512

                                                                                                                                                                    52b86e98795b29a36f75883fe8b2e4e254aff207699a5bccd255f5d519cb1ff0785c4711c1be3f593fd56487efdbd38d4c326e979f6f1c07c1ea0dc250e53a50

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                    Filesize

                                                                                                                                                                    4KB

                                                                                                                                                                    MD5

                                                                                                                                                                    4460d528c1a5607f73105c747e7c7f25

                                                                                                                                                                    SHA1

                                                                                                                                                                    7298aa20bccc476b39992220f3fbec2b4b39d8c5

                                                                                                                                                                    SHA256

                                                                                                                                                                    f83b036562c3785a6ec3beab4d75c09f2c4b3a9faf3896d81e49b89a177afa83

                                                                                                                                                                    SHA512

                                                                                                                                                                    4841de52f9e613b4687ea0da8f2ac92817e08adde300c0c30ad4c85b62fd8c3760be62adbcb5f9c6cff053f6ee6c292099853490de561f99b06dba06b331e58d

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bf038.TMP
                                                                                                                                                                    Filesize

                                                                                                                                                                    536B

                                                                                                                                                                    MD5

                                                                                                                                                                    4e37f43692ffa2ac4aab75841e1e7383

                                                                                                                                                                    SHA1

                                                                                                                                                                    7584b6d09c0bc52341cec37804e83eb23e7e7d8a

                                                                                                                                                                    SHA256

                                                                                                                                                                    daef94d947fdf34d520801996b179dcfd07880dba3858ce6b367ed67a99df8ed

                                                                                                                                                                    SHA512

                                                                                                                                                                    40ec823eabaa651ff39cf404cd178fcc9a1137a21aac6d182978b6d6ce3eaa696f9c64671a7c3f540df70793ea63a33610a6492b0dde94811bf6b4b58823e5fd

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                    Filesize

                                                                                                                                                                    16B

                                                                                                                                                                    MD5

                                                                                                                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                                    SHA1

                                                                                                                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                                    SHA256

                                                                                                                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                                    SHA512

                                                                                                                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                    Filesize

                                                                                                                                                                    16B

                                                                                                                                                                    MD5

                                                                                                                                                                    aefd77f47fb84fae5ea194496b44c67a

                                                                                                                                                                    SHA1

                                                                                                                                                                    dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                                                                                                                    SHA256

                                                                                                                                                                    4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                                                                                                                    SHA512

                                                                                                                                                                    b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                    Filesize

                                                                                                                                                                    11KB

                                                                                                                                                                    MD5

                                                                                                                                                                    231b4f82509ef0b427ba394202fa98a1

                                                                                                                                                                    SHA1

                                                                                                                                                                    d0fca3d9aa12429693348e21126ba19c77ea17ef

                                                                                                                                                                    SHA256

                                                                                                                                                                    d941af776b4d0708ef384b1f5abfbf98af1c28b09eb013e7c69896aa782adc35

                                                                                                                                                                    SHA512

                                                                                                                                                                    13e738e57b4d5038c715aa46267626a4c88ae5cb03d119da707280b4c94eb87dd1c5bf962100b30a3ab8c2e2edda8890e0584dc7f5020a23bb42ebe70906d833

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                    Filesize

                                                                                                                                                                    12KB

                                                                                                                                                                    MD5

                                                                                                                                                                    fa5a55ad3adbe2d83cd760116268a0fb

                                                                                                                                                                    SHA1

                                                                                                                                                                    b9e518b81dddae38b52f20c8d927d74c7eebc129

                                                                                                                                                                    SHA256

                                                                                                                                                                    bbbca9a7c4ad33d961e8eb2d2b128e79c3e88ef039a0e4f39cd16a52823ff9e0

                                                                                                                                                                    SHA512

                                                                                                                                                                    916763a04e3a7baa46ec018dae53b79f4b6680150f7ece8125ba389d0fd73164a8cbe44884455d64b61193ce4af4b97d9fef3a1c85e2500b10135041b0d3c8f3

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                    Filesize

                                                                                                                                                                    12KB

                                                                                                                                                                    MD5

                                                                                                                                                                    99677f88c456daf45e6c19b23c5b9ae6

                                                                                                                                                                    SHA1

                                                                                                                                                                    b9dbf2286cd797adfb9a2e90064f4e5807328321

                                                                                                                                                                    SHA256

                                                                                                                                                                    81757a67e2b441c3a0361cd09f88d997690624d51e20b918976fff76931b527d

                                                                                                                                                                    SHA512

                                                                                                                                                                    4e4f45063ad24586cc43253bf61ae3139ac8c3df0e180ae958018f2b9a88bca5b345d44a81d0cdec342ee9af3d46dc76a5db69198ab65763258a83d829bb405c

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                    Filesize

                                                                                                                                                                    12KB

                                                                                                                                                                    MD5

                                                                                                                                                                    5c9d61bf94e6327958642aa5e14e73a0

                                                                                                                                                                    SHA1

                                                                                                                                                                    777a7845d074f32c8f132494b5bb6a8a6ce11732

                                                                                                                                                                    SHA256

                                                                                                                                                                    eabe419b11d82d28be0278c71d0e74e7c11e92888e3ce8c8b37ebf340ecea333

                                                                                                                                                                    SHA512

                                                                                                                                                                    baaa0d707c6745f2f67a08994d256333e0e674070dbd823e7926bfac500e9afedb0a398fb78a02433e52f6744ebae552cabb73dd8f4a345633fe1e60b247d887

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                    Filesize

                                                                                                                                                                    11KB

                                                                                                                                                                    MD5

                                                                                                                                                                    9073e876d1cb92ae3523d733bf8174e5

                                                                                                                                                                    SHA1

                                                                                                                                                                    a3958330da827d5a26315c301650e53c1bd4c905

                                                                                                                                                                    SHA256

                                                                                                                                                                    a205e0da2c6bca675b7b301b2a8eefcbe28c7d7d32f990e625c2175390bfe9cd

                                                                                                                                                                    SHA512

                                                                                                                                                                    d22d98aa20a105d8d381e934d37f83b52c327e0da8a2124e611602216bbfafa07132cd10f141d021352011c75b44b43bdb4e3a0e8efa1e314578fd8280965503

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                    Filesize

                                                                                                                                                                    12KB

                                                                                                                                                                    MD5

                                                                                                                                                                    1a6137a52e9602a99798c6a0dbaf6664

                                                                                                                                                                    SHA1

                                                                                                                                                                    87e19abc3026f827fc229e32aee442df0b3c3bd1

                                                                                                                                                                    SHA256

                                                                                                                                                                    aaf2adc1797e72a59fdcc9854383ef4a86f41e112d1d043d4966ff2ef9d019cb

                                                                                                                                                                    SHA512

                                                                                                                                                                    b04221cd50edbe10645ac0343050d55231790ed0cc7454fdb902844dbdb47b97608a5f23af663d85f683a347befcefa86a20ddb19d11eaed1c3aa296e1deb72c

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                    Filesize

                                                                                                                                                                    12KB

                                                                                                                                                                    MD5

                                                                                                                                                                    a94e00275da469f9ce404f804b75f919

                                                                                                                                                                    SHA1

                                                                                                                                                                    a263deac996b036175b1ae9c8598c1078ae3c1e5

                                                                                                                                                                    SHA256

                                                                                                                                                                    d9ef84f003cf1cd62f5aa830e58fdddd66838d58329158140082889410e58ac6

                                                                                                                                                                    SHA512

                                                                                                                                                                    4125695fa58a60fd5b288102000a9a865bf483b7a869cf2a3b34b8589e1ebb042bb43ce4d1a74a189c605c01f158001c5b1f94a2b3825c6d25863612efef0da8

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-3-5.856.1556.1.odl
                                                                                                                                                                    Filesize

                                                                                                                                                                    706B

                                                                                                                                                                    MD5

                                                                                                                                                                    482379e7e46cc0921d8364af420c6a3e

                                                                                                                                                                    SHA1

                                                                                                                                                                    ba8c4b6d9c7516111087c12b1b369ab37d7584d6

                                                                                                                                                                    SHA256

                                                                                                                                                                    86e1bd7799055c4cd321fb133d5c30d746d4ec0925e3d5cc9a51b4b6ce91f754

                                                                                                                                                                    SHA512

                                                                                                                                                                    6e356274cf5255b6998065da29d60efd93fe8b1a765f28a4967d872b6cff172845dbfcefa5c57420ffe070794a7a22205de37e2f2035a3db7259c41d203b4ae2

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\A66F6CAD-8A69-4215-ABD1-9FABB022BB9A\DismCorePS.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    200KB

                                                                                                                                                                    MD5

                                                                                                                                                                    7f751738de9ac0f2544b2722f3a19eb0

                                                                                                                                                                    SHA1

                                                                                                                                                                    7187c57cd1bd378ef73ba9ad686a758b892c89dc

                                                                                                                                                                    SHA256

                                                                                                                                                                    db995f4f55d8654fc1245da0df9d1d9d52b02d75131bc3bce501b141888232fc

                                                                                                                                                                    SHA512

                                                                                                                                                                    0891c2dedb420e10d8528996bc9202c9f5f96a855997f71b73023448867d7d03abee4a9a7e2e19ebe2811e7d09497bce1ea4e9097fcb810481af10860ff43dfb

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\A66F6CAD-8A69-4215-ABD1-9FABB022BB9A\DismHost.exe
                                                                                                                                                                    Filesize

                                                                                                                                                                    168KB

                                                                                                                                                                    MD5

                                                                                                                                                                    17275206102d1cf6f17346fd73300030

                                                                                                                                                                    SHA1

                                                                                                                                                                    bbec93f6fb2ae56c705efd6e58d6b3cc68bf1166

                                                                                                                                                                    SHA256

                                                                                                                                                                    dead0ebd5b5bf5d4b0e68ba975e9a70f98820e85d056b0a6b3775fc4df4da0f6

                                                                                                                                                                    SHA512

                                                                                                                                                                    ce14a4f95328bb9ce437c5d79084e9d647cb89b66cde86a540b200b1667edc76aa27a36061b6e2ceccecb70b9a011b4bd54040e2a480b8546888ba5cc84a01b3

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\A66F6CAD-8A69-4215-ABD1-9FABB022BB9A\DismProv.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    292KB

                                                                                                                                                                    MD5

                                                                                                                                                                    2ac64cc617d144ae4f37677b5cdbb9b6

                                                                                                                                                                    SHA1

                                                                                                                                                                    13fe83d7489d302de9ccefbf02c7737e7f9442f9

                                                                                                                                                                    SHA256

                                                                                                                                                                    006464f42a487ab765e1e97cf2d15bfa7db76752946de52ff7e518bc5bbb9a44

                                                                                                                                                                    SHA512

                                                                                                                                                                    acdb2c9727f53889aa4f1ca519e1991a5d9f08ef161fb6680265804c99487386ca6207d0a22f6c3e02f34eaeb5ded076655ee3f6b4b4e1f5fab5555d73addfd7

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    67KB

                                                                                                                                                                    MD5

                                                                                                                                                                    7d5d3e2fcfa5ff53f5ae075ed4327b18

                                                                                                                                                                    SHA1

                                                                                                                                                                    3905104d8f7ba88b3b34f4997f3948b3183953f6

                                                                                                                                                                    SHA256

                                                                                                                                                                    e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4

                                                                                                                                                                    SHA512

                                                                                                                                                                    e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wekerakr.zhp.ps1
                                                                                                                                                                    Filesize

                                                                                                                                                                    60B

                                                                                                                                                                    MD5

                                                                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                    SHA1

                                                                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                    SHA256

                                                                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                    SHA512

                                                                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
                                                                                                                                                                    Filesize

                                                                                                                                                                    73KB

                                                                                                                                                                    MD5

                                                                                                                                                                    17d9dc994ce3a9934563ba26587cfcba

                                                                                                                                                                    SHA1

                                                                                                                                                                    9fc5665dba616bacceb1e27f9828a431b0890c88

                                                                                                                                                                    SHA256

                                                                                                                                                                    15c21be4137e8c5724ab7da3c3fcc1b7e58a703636999841c5a9909b4b087217

                                                                                                                                                                    SHA512

                                                                                                                                                                    97d4c50fe7e8edfb8c81f287c422eaedec14c2a270f28f14713ddf2bc5ad96d84633cd14459dc63c41ba567b3671856c30d55446e531652c0f9189336d1ed13d

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe:Zone.Identifier
                                                                                                                                                                    Filesize

                                                                                                                                                                    26B

                                                                                                                                                                    MD5

                                                                                                                                                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                                                                    SHA1

                                                                                                                                                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                                                                    SHA256

                                                                                                                                                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                                                                    SHA512

                                                                                                                                                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                                                    Filesize

                                                                                                                                                                    16KB

                                                                                                                                                                    MD5

                                                                                                                                                                    1d5ad9c8d3fee874d0feb8bfac220a11

                                                                                                                                                                    SHA1

                                                                                                                                                                    ca6d3f7e6c784155f664a9179ca64e4034df9595

                                                                                                                                                                    SHA256

                                                                                                                                                                    3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

                                                                                                                                                                    SHA512

                                                                                                                                                                    c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 693675.crdownload
                                                                                                                                                                    Filesize

                                                                                                                                                                    3.3MB

                                                                                                                                                                    MD5

                                                                                                                                                                    7c2e5ef59e9589422bcd5bf3726fbcb1

                                                                                                                                                                    SHA1

                                                                                                                                                                    c4dac6966ac4cd3500d6a7fe44138a0db639d507

                                                                                                                                                                    SHA256

                                                                                                                                                                    6870e8dbcfaf543500add1d303de528c34e3b1f4d4424b0097c4ffb408a44fcd

                                                                                                                                                                    SHA512

                                                                                                                                                                    28870d9cb07f964ba0ecedfb25762cb4530bda869cc717dd4fffcd176085f03c05fd129b23e826dd6ac33ae6af8132bf9dc317ebffb52448b83236ad2349ca45

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Windows\Logs\DISM\dism.log
                                                                                                                                                                    Filesize

                                                                                                                                                                    23KB

                                                                                                                                                                    MD5

                                                                                                                                                                    78208e551374c6323afbcf3f86457a1e

                                                                                                                                                                    SHA1

                                                                                                                                                                    6c621099fb6b592157f621eea1f387fbdd25790f

                                                                                                                                                                    SHA256

                                                                                                                                                                    6836f5072b4248e9e4156be3ec90de3db4c7d9f78e449d74bfc2e91f31d860c0

                                                                                                                                                                    SHA512

                                                                                                                                                                    6c013113842e1ab4c6e75263ea3082d5a44b1c0fbf671a9c73c0bb1e547aefea05f306843c98b40ff39d4162499ad859e0276fd2abdbf36ad201b8084f83c53c

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • \??\pipe\LOCAL\crashpad_1472_SFVPPMHEGCZDHZZF
                                                                                                                                                                    MD5

                                                                                                                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                    SHA1

                                                                                                                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                    SHA256

                                                                                                                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                    SHA512

                                                                                                                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • memory/816-1578-0x0000000036D50000-0x0000000036D60000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/816-2174-0x000000006F040000-0x000000006F291000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    2.3MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/816-2173-0x000000006F410000-0x000000006F434000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    144KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/1796-1461-0x0000000004A80000-0x0000000004A90000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/1796-1464-0x00000000734D0000-0x0000000073C81000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    7.7MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/1796-1462-0x0000000004A80000-0x0000000004A90000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/1796-1440-0x00000000734D0000-0x0000000073C81000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    7.7MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/1796-1441-0x0000000004A80000-0x0000000004A90000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/1796-1442-0x0000000004A80000-0x0000000004A90000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/1796-1451-0x000000007F710000-0x000000007F720000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/1796-1452-0x000000006ED30000-0x000000006ED7C000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    304KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/2836-2201-0x0000000036D50000-0x0000000036D60000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/2836-2186-0x0000000001110000-0x0000000001126000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    88KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/4208-1407-0x0000000004DC0000-0x0000000004DD0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/4208-1439-0x00000000734D0000-0x0000000073C81000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    7.7MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/4208-1437-0x0000000004DC0000-0x0000000004DD0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/4208-1436-0x0000000004DC0000-0x0000000004DD0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/4208-1427-0x000000006ED30000-0x000000006ED7C000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    304KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/4208-1426-0x000000007F6D0000-0x000000007F6E0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/4208-1408-0x0000000004DC0000-0x0000000004DD0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/4208-1406-0x00000000734D0000-0x0000000073C81000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    7.7MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-693-0x000000000A9C0000-0x000000000A9DA000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    104KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-685-0x0000000009C60000-0x0000000009CB0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    320KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-658-0x0000000073DA0000-0x0000000073DB4000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    80KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-657-0x0000000005570000-0x0000000005584000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    80KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-653-0x00000000051E0000-0x00000000051F0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-659-0x0000000007D20000-0x00000000082C6000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    5.6MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-660-0x00000000734D0000-0x0000000073C81000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    7.7MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-661-0x0000000007870000-0x0000000007902000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    584KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-671-0x0000000008D30000-0x0000000008D74000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    272KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-672-0x0000000008E20000-0x0000000008EBC000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    624KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-673-0x0000000008EC0000-0x0000000008F26000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    408KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-674-0x0000000009460000-0x000000000998C000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    5.2MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-684-0x0000000007B70000-0x0000000007B7A000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    40KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-729-0x00000000051E0000-0x00000000051F0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-686-0x000000000A760000-0x000000000A812000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    712KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-687-0x000000000A700000-0x000000000A71A000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    104KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-688-0x000000000A870000-0x000000000A882000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    72KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-689-0x000000000A8E0000-0x000000000A900000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    128KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-690-0x000000000A940000-0x000000000A972000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    200KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-691-0x000000000A9F0000-0x000000000AA56000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    408KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-692-0x000000000A980000-0x000000000A99E000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    120KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-694-0x00000000051E0000-0x00000000051F0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-718-0x00000000051E0000-0x00000000051F0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-719-0x00000000734D0000-0x0000000073C81000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    7.7MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/5440-730-0x00000000051E0000-0x00000000051F0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1374-0x0000000006E90000-0x0000000006EAE000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    120KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1348-0x00000000734D0000-0x0000000073C81000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    7.7MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1349-0x00000000058B0000-0x00000000058C0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1347-0x00000000031C0000-0x00000000031F6000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    216KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1350-0x0000000005EF0000-0x000000000651A000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    6.2MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1351-0x0000000005AF0000-0x0000000005B12000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    136KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1360-0x0000000006520000-0x0000000006877000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    3.3MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1361-0x00000000068B0000-0x00000000068CE000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    120KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1362-0x0000000006900000-0x000000000694C000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    304KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1363-0x000000007FC80000-0x000000007FC90000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1364-0x0000000007870000-0x00000000078A4000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    208KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1365-0x000000006ED30000-0x000000006ED7C000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    304KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1405-0x00000000734D0000-0x0000000073C81000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    7.7MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1375-0x00000000058B0000-0x00000000058C0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1376-0x00000000058B0000-0x00000000058C0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1377-0x00000000078B0000-0x0000000007954000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    656KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1378-0x0000000008220000-0x000000000889A000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    6.5MB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1379-0x0000000007C60000-0x0000000007C6A000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    40KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1380-0x0000000007E70000-0x0000000007F06000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    600KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1381-0x0000000007DF0000-0x0000000007E01000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    68KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1382-0x0000000007E30000-0x0000000007E3E000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    56KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1383-0x0000000007F10000-0x0000000007F2A000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    104KB

                                                                                                                                                                    Download

                                                                                                                                                                  • memory/6000-1402-0x00000000058B0000-0x00000000058C0000-memory.dmp

                                                                                                                                                                    Filesize

                                                                                                                                                                    64KB

                                                                                                                                                                    Download