Analysis Overview
SHA256
1342509901971b2cc64372500b4db0c227ff364a0e0a3e2b5b1780e2ccf324d9
Threat Level: Likely malicious
The file sample was found to be: Likely malicious.
Malicious Activity Summary
Manipulates Digital Signatures
Downloads MZ/PE file
Possible privilege escalation attempt
Creates new service(s)
Registers COM server for autorun
Loads dropped DLL
Modifies file permissions
Executes dropped EXE
Checks installed software on the system
Drops file in Windows directory
Launches sc.exe
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Runs net.exe
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Checks processor information in registry
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious behavior: LoadsDriver
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-09 09:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-09 09:56
Reported
2024-03-09 09:58
Platform
win7-20240221-en
Max time kernel
54s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4518D853-DDFB-11EE-BF06-56D57A935C49}.dat = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4518D851-DDFB-11EE-BF06-56D57A935C49} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:275457 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d59758,0x7fef6d59768,0x7fef6d59778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3232 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1108 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4060 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3440 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3436 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2572 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1876 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2312 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4380 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1876 --field-trial-handle=1372,i,5697316451965300974,7422932814544622956,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| DE | 54.230.206.44:443 | sdk.privacy-center.org | tcp |
| DE | 54.230.206.44:443 | sdk.privacy-center.org | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| GB | 104.84.84.34:443 | images.sftcdn.net | tcp |
| GB | 104.84.84.34:443 | images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | geometry-dash.softsonic.vn | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 0a14ae2cdfdf83c5541558e17023e2de |
| SHA1 | e7e12a0887fc6f0c22a12211f5535146539fbd35 |
| SHA256 | 41a47cf48ab16b8fe2a06c4012d049fff8c0f7dead5938544a7162f64687e907 |
| SHA512 | 457c67a1f9afb196e780115c34dd729d36f5c3b1396c976348e5f9ec922ab41f99e549d20a4060e648d26bd2eba250c978e9c2f69feb85318bca7907fbf0b0da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e53e934fbe7ddc2bb37a6a61317d1da8 |
| SHA1 | 7e4d9eb4d3006235a9cae84aa08f7585591ff6b9 |
| SHA256 | e9a16a8308fddeeb8fe3930d8374fe1b6ec833afde05e114ae2bce648f270161 |
| SHA512 | 8f6a4f79208e0d88af1185e2c78fd67ffb3f193466db10f1bd387129d864d5875c12520ff062592ce45d44a3a26aa983429cfa52adcc7535fbf8b45e0bd2d832 |
C:\Users\Admin\AppData\Local\Temp\Cab7ADC.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar7B2E.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 753df6889fd7410a2e9fe333da83a429 |
| SHA1 | 3c425f16e8267186061dd48ac1c77c122962456e |
| SHA256 | b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78 |
| SHA512 | 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444 |
C:\Users\Admin\AppData\Local\Temp\Tar7CDD.tmp
| MD5 | dd73cead4b93366cf3465c8cd32e2796 |
| SHA1 | 74546226dfe9ceb8184651e920d1dbfb432b314e |
| SHA256 | a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22 |
| SHA512 | ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 130728f90a19eae5d9055c057fc0b9f3 |
| SHA1 | 1221fdbd5ee48fd699486bc7b2966561303f810c |
| SHA256 | fc8e6476915e87c8b6268b857a433e1a136aa8e00969f452f775250c22d7a1f1 |
| SHA512 | 43fdf8fdf3088226c9d2dd8a434363d1a0173063729c57682bdab23e4476bac755410fead920fca2ad6ed200eb27faf985edc84fc0567cb0bb0515fd9a55b112 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c7e769ebe2fba17725c0f7b232c8a88 |
| SHA1 | 33e225319cea5379805f727592a2e81a7e90dc8d |
| SHA256 | 73037362f6ff16bd63e55f757f0450c4b8cb7c35f0069d0a2bacacddf1cc6543 |
| SHA512 | 21d4847f2526050a3f89bf5e0cf94b7df7fc9e39ecdbd691872264614537b3c826e9087ddc8f79752f0d92931ebf9205b0bf3bedfda38651b63d1b72c6129b21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 1a7fcae64942eb5035d3973c7ebd88ba |
| SHA1 | 6fb772e46e4696677c52e81dc6def500873c5a20 |
| SHA256 | 563077e3f4554b9ab7f3be2475429405daf137bbf760624efe7ec2ea12a983f9 |
| SHA512 | 9d18a9d7159e0802c1719fae8274ac6a2c1eac120b82a9b486580254b3fef311d04dfaae0427cfdfe264a9cd1cb544bf08d0b81ca7da6bb84f219fcaf77b8fad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 713884e3efa18b72208f478e7dc03ff6 |
| SHA1 | 17c9c9d381bd2c09f9b34c1b27617676cb548691 |
| SHA256 | d46775319ce32c9b8b716174ca3680492b118c8aac15213e10ce53ed6d9b9afe |
| SHA512 | 6eb03d3aae6a75fa00a90ba6547d9e93885ea1fccaad9bdc16ea38a090dd3ee083d4672836a90cb597ea5e286e6b27ceb61f0105850827e8ab87e770459378f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d81ef186d4074e94f1c7c7d5b1b703c9 |
| SHA1 | 699d124ddec9196eb102df309ea4bc46c4165629 |
| SHA256 | 3ee8776d68176bfc955dec1145c9cfcd2e3e4b45f0819f7219ecceaae30888a9 |
| SHA512 | 2e266746881bc893a4b250626a67036f58af4eae34017f4de55ef65051391afd4592ca9163ada21e0e2a21aa62c443b95d55ec67317ccd209c705a46d79ff425 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b9e0aa3b406431206361e88f9524360 |
| SHA1 | 076e9b26bdfabe9e306036fb10b0ea22719f8789 |
| SHA256 | 4615866420d04b82354bf707bb7632e79b0827bc64305de83a02f4ac32c9d793 |
| SHA512 | edf3c8bb69788246982d5e0d4f8f9e3ec69cf6812f646876678670672d5a16fc3f770a1774c4b702d7ad872943b5d23c3274e48ef96f0f49c7d70e60e0482831 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\js[1].js
| MD5 | 4d9963130f742ea4f8b30bfa64dea338 |
| SHA1 | 7ff1253c0f132b7b7966307e6fac02426d0b6f16 |
| SHA256 | aecbef6eb13a8388df906c758ae54549a1e73a35e872a99c9894b3f1e1b3916b |
| SHA512 | d758142d37c5f63496b3d1094c60faf473ebebd81029f835531f918eeb4b053a6ee411f6cad7d862b02ffa7e122c0a853227ffe7c5d7c0d6210cfe22bae0be06 |
\??\pipe\crashpad_1748_PQRRIENFBPRHOJAN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5fb17a67922c754ba9b503aaa27742d6 |
| SHA1 | 9bd123578c6ee2ab87b23eb942878c7f3e14eb05 |
| SHA256 | 26d399996b4f82a52e863d3f3c15e1202cdddeefc530d1cde44d7e31029a3346 |
| SHA512 | 2bff04cea36dcfaddcd97a85736f96cd3deaab82f2f47547bfd610291185e7b1a4f7bbd6b0a35f2e1dc08823a553eeb7b9fd1a0a42aafcb24ea910b9b609698d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | f2a5c1fd365a71216b0dddfe06dfbd76 |
| SHA1 | 3be260ee2c1d633f3aaff5e0ddb5303dfb20b98e |
| SHA256 | 51b55320b6058b9d956c7e9c386b26f275dd580e57fc363e65c0a7beacaf3fba |
| SHA512 | 1f275ce95ca628ec131713f1737073bca261ac483dc5f2e2795737d07ab4b858a41eaac12ddd4229841ed6d0f6085c2070ab7aa614290a35ea56e1e4cd29e307 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_BE7DA50ED4C167DC2E87819405C6BB24
| MD5 | 1ec7c7a47d6fda94e52b6ed57448a2ee |
| SHA1 | a216022f900d4040cc9473676f61a89c5d86304a |
| SHA256 | 1dcee1d8c20806433ebaf20b8d018e4ba67acf35e9fb47af670268518ff3f160 |
| SHA512 | 04263635dbb23da867300b12e2a651068d44f5070f8d8ccfda5fc4ad4b8c06e6d4a76b2b6ca902ae8b3bb8a12d39e09f3629895655593e684f0ede8d6131c1f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_BE7DA50ED4C167DC2E87819405C6BB24
| MD5 | eb30ce670732ead9ab7a6c41adb25aa5 |
| SHA1 | 26af872f1bb0721a959cb4e9f32ac4cc06a591dd |
| SHA256 | c402bbaa52835eac15b7891353ccb8039de36b181f2cb5c9b56c0c13772acd87 |
| SHA512 | 54ddd901073698fa7adae305866edad1cfdd67aeff5d2fdf04939ed34336dfbdfb92912030599730f703d64cd1b80f77e6f2ec02c96da4aeede03a40cc19f85e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 98f21d360e635a14b314b1ba23286e6a |
| SHA1 | 2304ee9036df78695222d0137f08b9c0fd39c088 |
| SHA256 | 371dc9fec80adb74cd6219a21df0d4e2f4ab57757233d9f58336a479bf488510 |
| SHA512 | 3291b191898b3488a8b8c44b5f76fc87891b168320ed58dbb9f142f5e698d29b7642c7abf60e8eb5faaf675ada29f5a98a7a015c616a1ad851458186741d8a99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | f5b4137b040ec6bd884feee514f7c176 |
| SHA1 | 7897677377a9ced759be35a66fdee34b391ab0ff |
| SHA256 | 845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6 |
| SHA512 | 813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3697dc3b9643fe2b6238f3fd2c273fd3 |
| SHA1 | b8b60b0e840699048376ec67786f3c679c565fb5 |
| SHA256 | 75cc202f63651797167e2ee3a8a3c986085e60091fab0c17b7d6e169afa58956 |
| SHA512 | e14e235e5d261d449c401f2189f2b574a097bc2b184c881e212f1b8ef1b76971e30730570853ff82e25fe08c22b0aceb1c36564377741a5b91dc4a86348a5968 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4f4527edc9ef71caab75bb951bff5c4e |
| SHA1 | 0cd655cba883a9ea295449097b4ed39e707ab0c5 |
| SHA256 | 2793bc602046112a03bcf40a8ecb3c2ad5a34a53e4b11be0b15dccc7591b473b |
| SHA512 | 974bd6142e2ed0f7c443e46b5b2fc882e2e3db9dc21ec0ff3e2a2aea2130fde0ddeade53bb2572839b209b0d1ae8327ca952423b6fed0144ab29a6267da1c2e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d3dd4407f010651bf8b6511c23f208b0 |
| SHA1 | c449a767a7099b6e9b8a2683360333766eb01706 |
| SHA256 | 80da94640ca657c72588a726a99054d9c04df3c295be664132c1eb32f4343e85 |
| SHA512 | 5b371ee981b520081b62e1e80c4249511c342745616d4aa3145afda52590524c7dafa7605e20cb238df2a49ca7520d9186978e6b708d8d8d3f9dccb9a15a4bbf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aaced54f4ac6d489b972714433227efd |
| SHA1 | c7757e0f94531d7adc2b0780c38182a638b1e0ba |
| SHA256 | aab39794354d251cb67d209ae707d9e858e1d1718cd665a7361cb4d0ab2c2362 |
| SHA512 | f284fba3e7085a625c48d3352e743e579789cb9a65f193a0fb9b0dc145aa4760de65d8198a476bcf923c3734b42129c02db0d37e47202c26200cc31865740b77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c9a4004c0a19caf515a2448e63eae424 |
| SHA1 | 5eb59a21858d2e1744f1db6d1ec10aca6304d035 |
| SHA256 | d6cb050d1fc06d843c0845f351136b1e1f2a46264b1766057dd0fb4f99e1ba93 |
| SHA512 | 0691cf211bd623054c2f20bf5a7be2f4886345f40c38ee89399706535ceb46459959d7c6db22c71e3ab437c5bd8ea1a57effa3b9ac5661788a7fdae80694482c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-09 09:56
Reported
2024-03-09 10:03
Platform
win10v2004-20240226-en
Max time kernel
450s
Max time network
455s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2012\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverCleanupPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221\FuncName = "WVTAsn1CatNameValueEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.4\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_vn_com.robtopx.geometryjump_25567197_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EAE8A85D-9359-46B8-B8CB-4C288D7B1B20\dismhost.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\ldplayer9box\bldRTLdrCheckImports.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxVMMPreload.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l2-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcr100.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\platforms\qwindows.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxRes.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxBugReport.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-sysinfo-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\host_manager.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_V2_utils2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5OpenGL.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\regsvr32_x64.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstVBoxDbg.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9VirtualBox.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxNetFltNobj.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxNetNAT.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetAdp6Install.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDD2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxCAPI.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-interlocked-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp120.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetFltInstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5WinExtras.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-math-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\vccorlib140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\bldRTIsoMaker.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-filesystem-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-interlocked-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxDDR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5Core.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5Gui.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstInt.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstVMREQ.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxGuestPropSvc.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-handle-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstPDMAsyncCompletionStress.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDDU.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDTrace.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-localization-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-string-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\msvcp100.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-multibyte-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetAdp6Uninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSharedFolders.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-math-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-timezone-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-runtime-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxStub.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-conio-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-locale-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-stdio-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-string-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetFltUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\regsvr32_x86.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-runtime-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxRT.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_V2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-private-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\EAE8A85D-9359-46B8-B8CB-4C288D7B1B20\dismhost.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8F30-401B-A8CD-FE31DBE839C0} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\ = "IGuestUserStateChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9070-4F9C-B0D5-53054496DBE0}\ = "IMousePointerShape" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486E-472F-481B-969746AF2480}\NumMethods\ = "15" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A2-41AF-A05F-D7C661ABAEBE}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-b45c-48ae-8b36-d35e83d207aa} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9849-4F47-813E-24A75DC85615}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ = "IVBoxSVCRegistration" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ldmnq.ldbk\Shell | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\ = "IFramebufferOverlay" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-477A-2497-6759-88B8292A5AF0} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9849-4F47-813E-24A75DC85615}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CD54-400C-B858-797BCB82570E}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9849-4f47-813e-24a75dc85615} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11e9-b185-dbe296e54799} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0126-43E0-B05D-326E74ABB356} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00B1-4E9D-0000-11FA00F9D583}\ = "IClipboardFileTransferModeChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A2-41AF-A05F-D7C661ABAEBE}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2354-4267-883F-2F417D216519}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-402E-022E-6180-C3944DE3F9C8}\NumMethods\ = "51" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7E72-4F34-B8F6-682785620C57}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E9BB-49B3-BFC7-C5171E93EF38}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-800A-40F8-87A6-170D02249A55}\ = "IExtraDataCanChangeEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0002-4B81-0077-1DCB004571BA}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6989-4002-80CF-3607F377D40C}\NumMethods\ = "21" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F4C4-4020-A185-0D2881BCFA8B} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-BF98-47FB-AB2F-B5177533F493} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8384-11E9-921D-8B984E28A686}\ = "IStringFormValue" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\ProgId | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7556-4CBC-8C04-043096B02D82}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9849-4F47-813E-24A75DC85615}\ = "IParallelPortChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7071-4894-93D6-DCBEC010FA91} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42da-c94b-8aec-21968e08355d} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6989-4002-80CF-3607F377D40C}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9849-4F47-813E-24A75DC85615}\NumMethods\ = "13" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\ = "IGuestSessionStateChangedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 800576.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_vn_com.robtopx.geometryjump_25567197_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98d4246f8,0x7ff98d424708,0x7ff98d424718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10016 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x330
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\LDPlayer9_vn_com.robtopx.geometryjump_25567197_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_vn_com.robtopx.geometryjump_25567197_ld.exe"
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=vn -path="C:\LDPlayer\LDPlayer9\"
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=131724
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\EAE8A85D-9359-46B8-B8CB-4C288D7B1B20\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\EAE8A85D-9359-46B8-B8CB-4C288D7B1B20\dismhost.exe {1CBB00B1-771F-4188-9CB4-048ADF8025D8}
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.robtopx.geometryjump|package=com.robtopx.geometryjump
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vi.ldplayer.net/blog/how-to-enable-vt.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98d4246f8,0x7ff98d424708,0x7ff98d424718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17395195794289129682,16845975945641614922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| GB | 104.84.84.34:443 | images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| GB | 104.84.84.34:443 | images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| DE | 54.230.206.91:443 | sdk.privacy-center.org | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.84.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.206.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | udp |
| US | 151.101.1.91:443 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | 29.92.85.52.in-addr.arpa | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| NL | 139.45.240.92:443 | notix.io | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 92.240.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | wct.softonic.vn | udp |
| DE | 18.154.167.75:443 | api.privacy-center.org | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 104.26.2.63:443 | wct.softonic.vn | tcp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| GB | 216.58.204.78:443 | ampcid.google.com | tcp |
| US | 104.26.2.63:443 | wct.softonic.vn | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 75.167.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geometry-dash.softonic.vn | udp |
| US | 35.227.233.104:443 | geometry-dash.softonic.vn | tcp |
| US | 35.227.233.104:443 | geometry-dash.softonic.vn | tcp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | softonic.vn | udp |
| US | 151.101.1.91:443 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 35.227.233.104:443 | softonic.vn | tcp |
| US | 35.227.233.104:443 | softonic.vn | tcp |
| DE | 52.85.32.41:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 104.233.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.32.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 35.227.233.104:443 | softonic.vn | udp |
| DE | 18.155.141.142:443 | www.datadoghq-browser-agent.com | tcp |
| DE | 52.85.32.41:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 216.58.212.251:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| DE | 18.155.153.13:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 142.141.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.153.155.18.in-addr.arpa | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| NL | 139.45.240.92:443 | notix.io | tcp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.250.142.in-addr.arpa | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bf47a3656329b9a075bd626c1a4d179e.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | bf47a3656329b9a075bd626c1a4d179e.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| IE | 63.35.89.157:443 | ap.lijit.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| DE | 54.230.207.221:443 | aax.amazon-adsystem.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| IE | 54.228.88.234:443 | ad.360yield.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 37.252.171.149:443 | ib.adnxs.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.78:443 | ampcid.google.com | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.89.35.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.88.228.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.207.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.139.4.46.in-addr.arpa | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| DE | 162.55.236.225:443 | sync.richaudience.com | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| GB | 92.123.240.21:443 | contextual.media.net | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| GB | 92.123.240.21:443 | contextual.media.net | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| NL | 81.17.55.109:443 | ssbsync.smartadserver.com | tcp |
| IE | 52.211.227.29:443 | match.prod.bidr.io | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 52.215.44.85:443 | jadserve.postrelease.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| NL | 35.214.243.112:443 | csync.loopme.me | tcp |
| US | 54.84.110.184:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 54.156.231.188:443 | sync.srv.stackadapt.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| DE | 54.230.206.32:443 | api-2-0.spot.im | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| DE | 54.230.206.32:443 | api-2-0.spot.im | tcp |
| IE | 52.211.227.29:443 | match.prod.bidr.io | tcp |
| US | 54.156.231.188:443 | sync.srv.stackadapt.com | tcp |
| IE | 52.215.44.85:443 | jadserve.postrelease.com | tcp |
| US | 54.84.110.184:443 | cs-server-s2s.yellowblue.io | tcp |
| IE | 67.220.224.150:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 225.236.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.240.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.243.214.35.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 184.110.84.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.231.156.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.227.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.206.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.44.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.224.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| DE | 18.158.154.121:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| US | 154.62.101.32:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | cm.g.doubleclick.net | tcp |
| NL | 89.149.192.196:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| GB | 142.250.180.2:443 | cm.g.doubleclick.net | udp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 106.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.154.158.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.101.62.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.140.121.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.151.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.softonic.vn | udp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| US | 163.181.154.249:443 | leap.ldplayer.gg | tcp |
| US | 8.8.8.8:53 | 249.154.181.163.in-addr.arpa | udp |
| US | 163.181.154.249:443 | leap.ldplayer.gg | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | cdn.playwire.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| DE | 52.222.191.111:443 | cdn.playwire.com | tcp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| DE | 52.85.92.45:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | cdn.intergient.com | udp |
| DE | 18.155.145.19:443 | cdn.intergient.com | tcp |
| US | 8.8.8.8:53 | 111.191.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| DE | 18.195.55.34:443 | ih.adscale.de | tcp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| GB | 172.217.169.86:443 | play-lh.googleusercontent.com | tcp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| DE | 18.155.145.28:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.169.86:443 | play-lh.googleusercontent.com | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| US | 8.8.8.8:53 | 34.55.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.31.18.104.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apivn.ldplayer.net | udp |
| US | 8.8.8.8:53 | invite.ldplayer.net | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| SG | 8.219.96.60:443 | invite.ldplayer.net | tcp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| US | 8.8.8.8:53 | api.ldshop.gg | udp |
| GB | 216.58.213.14:443 | apis.google.com | udp |
| SG | 8.222.160.10:443 | api.ldshop.gg | tcp |
| SG | 8.219.96.60:443 | invite.ldplayer.net | tcp |
| HK | 8.210.205.197:443 | apivn.ldplayer.net | tcp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| SG | 8.222.160.10:443 | api.ldshop.gg | tcp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| DE | 54.230.206.23:443 | tagan.adlightning.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| HK | 8.210.205.197:443 | apivn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 66.223.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | px.moatads.com | udp |
| GB | 96.16.109.251:443 | px.moatads.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| DE | 52.85.92.53:443 | tags.crwdcntrl.net | tcp |
| US | 35.168.246.120:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | 10.160.222.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.206.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.205.210.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.109.16.96.in-addr.arpa | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 54.220.33.129:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 89.207.16.210:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | 53.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.246.168.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.96.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.33.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.152.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| DE | 54.230.206.32:443 | ldcdn.ldmnq.com | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| NL | 81.17.55.109:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| IE | 52.211.227.29:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | config.playwire.com | udp |
| DE | 18.155.145.31:443 | config.playwire.com | tcp |
| NL | 35.214.243.112:443 | csync.loopme.me | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| DE | 18.155.145.11:443 | s.ad.smaato.net | tcp |
| US | 54.156.231.188:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 54.156.231.188:443 | sync.srv.stackadapt.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | prs.sftcdn.net | udp |
| US | 8.8.8.8:53 | 31.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.video.playwire.com | udp |
| DE | 52.85.92.28:443 | cdn.video.playwire.com | tcp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| DE | 157.90.33.121:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | 28.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.33.90.157.in-addr.arpa | udp |
| NL | 139.45.240.92:443 | notix.io | tcp |
| NL | 139.45.240.92:443 | notix.io | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 157.90.33.121:443 | uidsync.net | tcp |
| DE | 157.90.33.121:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| NL | 213.19.162.51:443 | fastlane.rubiconproject.com | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| DK | 37.157.4.28:443 | adx.adform.net | tcp |
| US | 172.64.153.78:443 | mp.4dex.io | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | 59b4686db990d1cce38547e7bbc3dfaf.safeframe.googlesyndication.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.139.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| GB | 92.123.242.2:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| US | 8.8.8.8:53 | adsdk.microsoft.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs-simple.com | udp |
| US | 151.101.1.108:443 | cdn.adnxs.com | tcp |
| US | 13.107.246.64:443 | adsdk.microsoft.com | tcp |
| GB | 96.16.108.246:443 | acdn.adnxs-simple.com | tcp |
| US | 8.8.8.8:53 | 190.239.215.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.242.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.108.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | node.setupad.com | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| US | 8.8.8.8:53 | u.4dex.io | udp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| DK | 37.157.5.132:443 | adx.adform.net | tcp |
| DE | 18.155.153.47:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 223.25.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| GB | 92.123.128.169:443 | www.bing.com | tcp |
| GB | 92.123.128.169:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | ads.us.e-planning.net | udp |
| NL | 185.89.210.122:443 | ams3-ib.adnxs.com | tcp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| NL | 89.149.192.196:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | setupad-d.openx.net | udp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | 132.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.40.149.34.in-addr.arpa | udp |
| US | 34.98.64.218:443 | setupad-d.openx.net | tcp |
| GB | 92.123.242.2:443 | eus.rubiconproject.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| DE | 18.157.188.132:443 | match.sharethrough.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| DE | 157.90.33.121:443 | uidsync.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.188.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| NL | 185.235.87.48:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.106:443 | gem.gbc.criteo.com | tcp |
| DE | 37.252.171.149:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| US | 8.8.8.8:53 | um4.eqads.com | udp |
| GB | 142.250.179.230:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | usr.undertone.com | udp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| US | 18.209.41.134:443 | um4.eqads.com | tcp |
| JP | 124.146.153.165:443 | tg.socdm.com | tcp |
| US | 52.202.145.51:443 | usr.undertone.com | tcp |
| US | 8.8.8.8:53 | 48.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| JP | 124.146.153.165:443 | tg.socdm.com | tcp |
| US | 8.8.8.8:53 | match.sync.ad.cpe.dotomi.com | udp |
| US | 8.8.8.8:53 | 134.41.209.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.145.202.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.153.146.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 108.177.120.120:443 | csi.gstatic.com | tcp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.120.177.108.in-addr.arpa | udp |
| US | 108.177.120.120:443 | csi.gstatic.com | udp |
| DE | 52.85.92.28:443 | cdn.video.playwire.com | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| DE | 18.155.153.47:443 | encdn.ldmnq.com | tcp |
| DE | 18.155.153.47:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 117.152.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.180.230.54.in-addr.arpa | udp |
| DE | 18.155.153.47:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| DE | 18.155.145.28:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 97.136.219.8.in-addr.arpa | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 213.19.162.51:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| NL | 213.19.162.51:443 | fastlane.rubiconproject.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 52.208.63.64:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | 64.63.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vi.ldplayer.net | udp |
| NL | 81.17.55.109:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | 118.159.114.85.in-addr.arpa | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| US | 8.8.8.8:53 | setupad-tagan.adlightning.com | udp |
| DE | 18.155.153.45:443 | setupad-tagan.adlightning.com | tcp |
| DE | 18.155.153.45:443 | setupad-tagan.adlightning.com | tcp |
| DE | 18.155.153.45:443 | setupad-tagan.adlightning.com | tcp |
| DE | 18.155.153.45:443 | setupad-tagan.adlightning.com | tcp |
| DE | 18.155.153.45:443 | setupad-tagan.adlightning.com | tcp |
| DE | 18.155.153.45:443 | setupad-tagan.adlightning.com | tcp |
| US | 8.8.8.8:53 | 45.153.155.18.in-addr.arpa | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 108.177.120.120:443 | csi.gstatic.com | udp |
| US | 108.177.120.120:443 | csi.gstatic.com | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| GB | 142.250.178.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 146.48.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| DE | 52.85.92.16:443 | ad.ldplayer.net | tcp |
| US | 163.181.154.239:443 | en.ldplayer.net | tcp |
| DE | 18.155.153.57:443 | encdn.ldmnq.com | tcp |
| DE | 18.155.153.57:443 | encdn.ldmnq.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| DE | 18.155.153.57:443 | encdn.ldmnq.com | tcp |
| DE | 18.155.153.57:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 239.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.153.155.18.in-addr.arpa | udp |
| DE | 18.155.153.57:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | advertise.ldplayer.net | udp |
| GB | 79.133.176.207:443 | advertise.ldplayer.net | tcp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| DE | 18.155.145.28:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 207.176.133.79.in-addr.arpa | udp |
| DE | 18.155.145.28:443 | cdn.ldplayer.net | tcp |
| DE | 18.155.153.57:443 | encdn.ldmnq.com | tcp |
| DE | 18.155.145.28:443 | cdn.ldplayer.net | tcp |
| DE | 18.155.145.28:443 | cdn.ldplayer.net | tcp |
| DE | 18.155.145.28:443 | cdn.ldplayer.net | tcp |
| DE | 18.155.145.28:443 | cdn.ldplayer.net | tcp |
| DE | 18.155.145.28:443 | cdn.ldplayer.net | tcp |
| DE | 18.155.145.28:443 | cdn.ldplayer.net | tcp |
| GB | 79.133.176.207:443 | advertise.ldplayer.net | tcp |
| DE | 52.85.92.16:443 | ad.ldplayer.net | tcp |
| DE | 52.85.92.16:443 | ad.ldplayer.net | tcp |
| GB | 142.250.178.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | alliance.ldplayer.net | udp |
| DE | 52.222.191.89:443 | alliance.ldplayer.net | tcp |
| US | 8.8.8.8:53 | apivn.ldmnq.com | udp |
| DE | 18.155.153.50:80 | apivn.ldmnq.com | tcp |
| DE | 18.155.153.50:443 | apivn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 89.191.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| DE | 54.230.207.189:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | vi.ldplayer.net | udp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| US | 163.181.154.239:443 | leap.ldplayer.gg | tcp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| US | 163.181.154.244:443 | leap.ldplayer.gg | tcp |
| US | 8.8.8.8:53 | 189.207.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.154.181.163.in-addr.arpa | udp |
| DE | 52.85.92.16:443 | ad.ldplayer.net | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| DE | 18.155.153.50:443 | apivn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.16.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| IE | 99.81.175.208:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.175.81.99.in-addr.arpa | udp |
| HK | 8.218.183.19:443 | apivn.ldplayer.net | tcp |
| HK | 8.218.183.19:443 | apivn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| DK | 37.157.4.28:443 | adx.adform.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 213.19.162.41:443 | fastlane.rubiconproject.com | tcp |
| FR | 185.86.138.124:443 | prg.smartadserver.com | tcp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| DK | 37.157.5.132:443 | adx.adform.net | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | 76585afc3e42da326f47840849a7a261.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 41.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.183.218.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.138.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| DE | 52.85.92.16:443 | ad.ldplayer.net | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| FR | 185.86.138.124:443 | prg.smartadserver.com | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| US | 44.218.4.160:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 8b2225167f54812d88cac0e0fd72d632.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | ed27d0819051f15277d6cab7c2750127.safeframe.googlesyndication.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| DE | 52.59.69.244:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | 105.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.4.218.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.69.59.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| US | 64.74.236.191:443 | sync.outbrain.com | tcp |
| NL | 185.235.87.106:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.48:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 20.3.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| GB | 142.250.180.2:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | wt.rqtrk.eu | udp |
| DE | 57.129.18.105:443 | wt.rqtrk.eu | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.18.129.57.in-addr.arpa | udp |
| NL | 81.17.55.123:443 | ssbsync.smartadserver.com | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | 123.55.17.81.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr2---sn-5hneknee.googlevideo.com | udp |
| NL | 74.125.8.71:443 | rr2---sn-5hneknee.googlevideo.com | tcp |
| NL | 74.125.8.71:443 | rr2---sn-5hneknee.googlevideo.com | tcp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| NL | 74.125.8.71:443 | rr2---sn-5hneknee.googlevideo.com | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| NL | 185.89.210.90:443 | ams3-ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 90.210.89.185.in-addr.arpa | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| FR | 185.86.138.124:443 | prg.smartadserver.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 213.19.162.41:443 | fastlane.rubiconproject.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| DE | 54.230.206.93:443 | tagan.adlightning.com | tcp |
| US | 8.8.8.8:53 | fw.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| IE | 52.209.115.189:443 | fw.adsafeprotected.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 93.206.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| DE | 52.85.92.100:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| DE | 52.85.92.100:443 | static.adsafeprotected.com | tcp |
| US | 44.213.212.26:443 | dt.adsafeprotected.com | tcp |
| US | 44.213.212.26:443 | dt.adsafeprotected.com | tcp |
| US | 44.213.212.26:443 | dt.adsafeprotected.com | tcp |
| US | 44.213.212.26:443 | dt.adsafeprotected.com | tcp |
| US | 44.213.212.26:443 | dt.adsafeprotected.com | tcp |
| US | 44.213.212.26:443 | dt.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | 189.115.209.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.212.213.44.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0764f5481d3c05f5d391a36463484b49 |
| SHA1 | 2c96194f04e768ac9d7134bc242808e4d8aeb149 |
| SHA256 | cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3 |
| SHA512 | a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224 |
\??\pipe\LOCAL\crashpad_116_GAPKRXCBZMMXZIIW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e494d16e4b331d7fc483b3ae3b2e0973 |
| SHA1 | d13ca61b6404902b716f7b02f0070dec7f36edbf |
| SHA256 | a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165 |
| SHA512 | 016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4210d8900bdcfc3bd894ee7366aebd83 |
| SHA1 | 14138fe83b1944b2fb9e72e9a963cdbde342983c |
| SHA256 | ba2ded906104e472ab5e3f26f2729d2de8c899b6073b53dab41b567764f0111c |
| SHA512 | 10a1d7c5b12c6ec6f6b8b33ed4504192b616cbe37f416b9c9661b44bd7a016b1106ca81fede6bca0acd96f66ae633f319b07d48b09d89c7a196be14bdc4ccd52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c017df9e0298674c2e5bde9b94f0f819 |
| SHA1 | e97c1145f66bc2daffe15f832351db7de6726ff1 |
| SHA256 | d071336bcf4995e245c7613b098276f76434bfc263dd593f7a10c500a0e58109 |
| SHA512 | 58931c8536c9341eb285ddf63b29a24d326006d29f46983663e276386ea699b5575728cc022c5c8cd68b0ab9d73d60d7734d223fff528f13c2acc65d16241b52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 229435edd0eae87c653b363dc6a430ca |
| SHA1 | 5fbc18ec2062df05a51df4c7e7fd6bf5ae557c8c |
| SHA256 | 3f494b0ed0be26e7df74959b0032eb003d07eafb3047a912896a8a92e7936144 |
| SHA512 | 5ce8f710c2a57128a38b97e9e4cc5482f718a9a4f64b2620428816454d6104eb807a69cbbbff6ca1543bb3af4880a349ac0ab16bb8d9b343cca346bf6e745c7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 07ea2cca7f8d3b55ebcfee23955949e8 |
| SHA1 | 265132af331b9e784505deaf8f459cbdc3c71e32 |
| SHA256 | 4f88ad8ef2d007fede1b8afa6cd76ab7890be27b08edcaa958d3d12cf8fe17ee |
| SHA512 | f138ca8e75c5cfc4fb2bcf23de213f014dfed77b6c7347cf3260d7972bb001f0b0161310b12db3938ebe044a9e886fb51cda0efdcc9e9539dd63f4a333df3085 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | f5b4137b040ec6bd884feee514f7c176 |
| SHA1 | 7897677377a9ced759be35a66fdee34b391ab0ff |
| SHA256 | 845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6 |
| SHA512 | 813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fbd97931fc4a86bfa169e5f8e38454c6 |
| SHA1 | 35939e594c2576b976d5feb03f90dea1bd8e460f |
| SHA256 | 08202216c00ce1a8434d2140781e2c505ad20c0459ae65e6b08c54f998f73303 |
| SHA512 | 8e0a057dfc9fc7161c625a1a89735958c51bdbbb4224827efda78001b2bab93e61e0e4509feeb5fb5232aa0b11c874062c480003f923011849fc2b63cc760cbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 321b1978cfc100cdb97d4ebe963a287c |
| SHA1 | e120ee4d152de8c51840d1d9621837ae51cc25b6 |
| SHA256 | dc0807c4dcb82de2b9ae775996f992206008adbad252dbda89c83582f2d2155f |
| SHA512 | 5e7b54f757f79dd3020ad6d400ca92dde92d2da8e67c6ee00b702fed726d53f89781431e1a18b86b57fe22de141df39172e0d4474dd890017b2b582eb4306aef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58fa68.TMP
| MD5 | 72ae0adfeba8a8123e987750aa9d226e |
| SHA1 | d94387efc4393b3741456c85ee4977d30e2016f1 |
| SHA256 | 69bb4be4d55a8f3f451910af9ce88028e26b7301236206d97600b195367327c6 |
| SHA512 | ff40e2a1a1337029b5470a0b9cd6ccb6342111e056d1a8e13f12a5f5db6b4211ccb4faadb3538d524ed7ad8793e0e80ea58c055407a65adbbe92ea5e19a9a5f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | de4a249b82151a06526ee0b76f1e6b45 |
| SHA1 | 0fcd5ae7bda27d4813f2e4cd09e422b784cbbe16 |
| SHA256 | 73e7e07122e61f828fe7945044420818d153a35e710425a289960da89a7b337b |
| SHA512 | 342d7ed110e1e9d27f4ab5d278ca0bd30451e7237b17fdf82cd105a9b4624eac53d104c1832c9fd4286a5fe110110ec959f5f99076e97fc55d244a34c6231410 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09c34fca7b4328d590d4a19f7ca09fe1 |
| SHA1 | 55d951a17b3953e6eebbf5f4dca1a7923bafc1e1 |
| SHA256 | 1c208a7640a0c1a7f0c6cb042ee831e301f222670e350537d98e2a3037a39f97 |
| SHA512 | afa80ae801660f8e8e369148f7747b7740c2e70b94d26559898d0720340a0cab7c6dd637daf6abd513e6828afe665ee9622d3d6d0fe89172b5f26b76cbbdb245 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b55d1c61dd8f1866301461f14aa5f947 |
| SHA1 | 2727b6f6b1043d18f4aab39b97851da1db37cedd |
| SHA256 | 0737d61cb5999f029b8b05cab4f436b0ed898c52a54d97a38f9aecaae43ef82e |
| SHA512 | 8368cd2ed9c77918a8304b20860d2d6343aa8dbb169ac6d60244ee7298603c65104402bf1db3d5fe2d04cd15979edca50ade5822593bd0caf4524751166a8f91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 39016b3b1a5669ba42e7169d44f54c21 |
| SHA1 | ba8f9ccfeb82c324cd1d33430c7ca888caf65a38 |
| SHA256 | 04e692494500077eac1746539a2cba6422f6da35cb0434620ef93037c9a3ac30 |
| SHA512 | 8dbb26f7934d5bd5ddc4cdd13624ac9eca21eec67e22df407586ef56ffc2571b40d58c8919f4591402fe10d33faef2ed0cbefdcad7955790e597362b65e74670 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 19c73397068ded824edd2c5b13d0a9da |
| SHA1 | 7f0f149b66309aaba41974d524ca69390a34e4f2 |
| SHA256 | 8c93e33fb098c30a82d774c6a9db9aa92ea0e34586e907ed7d9d2935582c6100 |
| SHA512 | 8795cd26570fe65181d49676dd9cc9a8012bc22c3e505ac8ed8c1bea68ac7db7f77d6bade360a403a8d79cc4126ac18c2c10e3b83a163e3b42f2e3f60c32426e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | bd17d16b6e95e4eb8911300c70d546f7 |
| SHA1 | 847036a00e4e390b67f5c22bf7b531179be344d7 |
| SHA256 | 9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352 |
| SHA512 | f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | df1857c9e584a3f1e297ea6f5c540820 |
| SHA1 | b7f9870d3323a87c35d30c56dc0471beebfb64e8 |
| SHA256 | c7ccef16e44f06a6a06e6de7e91911228d9289cf44f47c5451ee03cc6bf8b0ed |
| SHA512 | 5d5e9eba86a63bde5b491e10986097619961dfe2dfa7e7b7c2996d5c53823f90c052cf7fbd07030a837d556678d020fff7e57f6903049a1b523baae708e02c72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 17ed87129f9b334cef63ef20b8f880fb |
| SHA1 | c41936e06093d027a8ffff75bd148317b8d96b12 |
| SHA256 | 2fe8f75104e92b17123c1ce14619a1b49f073dd7105f63b757fc12ecfc7371e7 |
| SHA512 | 67e9a5283b2913828b83ca1edc150bbd4f1267872f37d2df0f08a398e0ae5d6ed01478d9e30c5f1d637f85668c0cc065c6c895df0fe2c88b0eadbb66a68e308e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | e27f2162c398a0f3c7928ec021d98cff |
| SHA1 | a5698418b0b8de6671da0afd881996b15a4bdfe7 |
| SHA256 | 024bf7fe7736617fb84f840133e8cacd76ac437febea491e1afef4ba22ee69a0 |
| SHA512 | 5cfbaa736c64eca1808c3b5c228c622758f066e05cb3bfe9882e35922ae4fdb3655d37afd52b0cf0a6c86c00aa1dec1f0dd544307db6b2473adfd84d8c97cb39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cfc2a597f98e790a386b9fe09ba12db2 |
| SHA1 | 3722eb7e2d4b5c2700a38237895d0e6ea8eda0b8 |
| SHA256 | abdb6ccbab1a1a0abf237f64b10f91078a2e1d7bbde6047ec518bd549f8b2e47 |
| SHA512 | c4ebddbcb4d5b537cd57c9b2007e9ffacb171e869e3443218ae76efcece6dc22ddadbb8283fc88680411ddc8aac2514ac8c8a8ceed7db4ddde9a6f3f6f68561a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 47953bcd62e93772ee22d834d1438f17 |
| SHA1 | 5d1dd3b5dcb3e1fd32d552eaf0e583ef02f2acd2 |
| SHA256 | f17878d7c848d8cdc3652e58692f7636a9d19a48e94030d64009dfd66b0e8425 |
| SHA512 | 5590afbb8a596d3b4f329458f05c5be230048a1e65aa9559aa18ba5e46a14362788e61e728dbe0ecf9fea6caae8b455dd6e29cb50b497f85eafd0f89c5b5910c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d
| MD5 | ec937312164e9df63be541105cb2c043 |
| SHA1 | df259aff384485bd1f3f2200d14b847ea2413056 |
| SHA256 | acfb80d65c20c90f9a11961ee7cbd5efee59e0d651fbd413da9a277906186d60 |
| SHA512 | 9847d47a3b8d30c1bd9791194eeac604d37a1f95dd3df1a9589148ebb11bf3b922f80a0655803e931b26a27dc7ef1d6a4cc5aa83a80e62560f877979b733d4fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | e22be493da1dc48a98d8d6f0178cd1f6 |
| SHA1 | 8c9b7faba91939dd36b502417d1a9eb35714314d |
| SHA256 | ac73feacde76fe096b76b0e319ffd553366a25e73b326c4bfd0d565e0babc845 |
| SHA512 | b471700ab86108c321ede5c805bf043be8b13fd1e7073ab072a99f45a417eec3b627501a5d996eb0665303397f99b59c4270993c54e613e7d9438c74ca494257 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062
| MD5 | 59f458bffde502dffff48ccc2a865665 |
| SHA1 | c5542a56ecef7d7ec79de1c2458b17ff22ef13f0 |
| SHA256 | 80d36c19fcae859d661c8ff8c59407bb9a03b0fa6321d155861a44ae79438bc9 |
| SHA512 | 2af8cfb0c3096d16b524aedc7b2ca99c4d3df6f2d58483fac7420ea91010bfc48c393e81d8f53b673d4f30abe8851d3a517cefcbb822390c08c3046a75456d3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065
| MD5 | bd277d6710263cbd9eed572248cb83b2 |
| SHA1 | 2ee01929f87f04b766f04a9dc2e19860139f3a90 |
| SHA256 | 8b96c5f204df1979e7452832ba595b20ee698b5ef9d334cb2342f6ca9a354f04 |
| SHA512 | cc79e88e39f54f7497600716db9d30e073edd4350fec8e4d58d427f8c194bc9532a108ac27d88e1bebbca0780a3fb02294d35a3b5acc8383344eacbafcaafc3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 9a2041762a0a828fe817a78e2b448c6f |
| SHA1 | cce2a06d71c465e4e8daa53e4cf1d146b705c6b5 |
| SHA256 | db90e4325c06408201d4f8605ec5599200cb826cfde242de004d6b99d26f769d |
| SHA512 | 4341881a14621dd2fd3b5a7cf5c893efc4317e2c45d4cbefd194cf3bfeaead1c5369f7f184d3dd92a03a73f649da1b7a3eb1739b4354e2b19ca43cf5270660d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 02654e7f812ed41d844387ee86a7ca37 |
| SHA1 | 28e224faadc7a559f9a6ece10c27eae0442bbae4 |
| SHA256 | e817183646154f6bb5e6dae0448b202e8f890c73b8e1beef2c2d44bfd70f93ea |
| SHA512 | fecbc83862e3983fb03d688e82025b69712321775f26d4f8f758d77fc1641a21cd1b9a41295c25609ec2ad5043b749f91a8596204928b8c8e405bfa710fcfb61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21aa49046ee3111b2b53387a1410a522 |
| SHA1 | 3554ad96690d340ed28eb9585419533d79cb7da7 |
| SHA256 | d3641cfdde85c7277081940fd87feda82e92e6e299bfd249eeed958bf02042d7 |
| SHA512 | f865571d0917d2de0b6ad4e8bcd7bef0a08a78e5761f043ada0c98f74c7294ce28dd5327799bfd92b38a532e70747e0a16ae53ebe47849eae72d5e94b7177cd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000088
| MD5 | daa01cc5a9b8b3a7730d8c940015554c |
| SHA1 | 6d3091870737fffb408000a4664c8a6f088b5cf7 |
| SHA256 | 60dfc7c4f1adc5282ff9d3a0bd9445b59874ce5e123226d3d6f5339d1b998a6d |
| SHA512 | 7de57bc1ef544432cd0cf5e27b87fd19af248d2adde11b9b0b7f1cd5e762fe8ab08954344027b7fe32a62c142ba8411e3db42df87ed47a009437aaa511d6246e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087
| MD5 | d6d1e7dd954ba6d6d40943020628e4e9 |
| SHA1 | ff21bb23bc72d6b523c9d9e6d5a67df6a7561498 |
| SHA256 | af7788b954f7d5bda174f934249443c931557c86bc89dd0ed1c70fbde3e5937c |
| SHA512 | fc982f32aa326dd99a757bb0f69546318260257d7a10e3008e09ba07309694eb0dd0986674d1e17d43f8fa06a653d2c0dbb2626868b60a86833614c9a708198e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091
| MD5 | 3063a7e62c0b62d1df750848304a77c0 |
| SHA1 | 2e93091ad21938d525b69cbacb1072cab03281e8 |
| SHA256 | bafc3557a30f9a45ae9feef34f3bf71d46d5c23c462ea584b131384adb712d35 |
| SHA512 | 359be0ff7f43d7a2d21dbb49c58734e8c2d659c29b1e45b8392fe1adecd2c26e6b49e8783cf0449cb802dc5ec68ee3d3d822fa57c8f078df2b49a3bcb4e29475 |
C:\Users\Admin\Downloads\Unconfirmed 800576.crdownload
| MD5 | 6722e17e25fffab50fd013c412d06ccb |
| SHA1 | fa82b117399022cb178d63d45d57a00d9769d472 |
| SHA256 | 5717c1e68860552f27d4716b5df35386b6cd926cf86cdb08f4011d567be16d7b |
| SHA512 | ede356a298527373f32e7a05eb686590d718242f8d8aef257e0a68cad8555624d733e81fa349e0f64dc656552b022102ee990bec55a85d2b4422f1f0371c5cda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5910919e292237f557ef749c5c228e8c |
| SHA1 | 240c9a9c0a1aa569f4303a328dd8ff233a38e729 |
| SHA256 | 75c67415e9f72232854ddb7e1065c9be5feb3f607414d6cea37cdadb828090a2 |
| SHA512 | dbf1912e3fbc8f8f38db801f730809f9ed0935f029871ed237fb5f58ccfdfa4b45abcd0577fa2f1db346e68c87ddf536f999c1eac4e31a40431a0b0c79c2f0d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 02788e8b02dd9e3fab569ad08be5cc9d |
| SHA1 | a6eac45e5a2c370b674207edea0c1050be412c17 |
| SHA256 | aa8739ed6bde655828140926c0fb1b98614ddedfe72ee78f40b2a28bbf5df79f |
| SHA512 | d26c40aa5a86ad242a018a1d566379308b19525632b130c3688cef20fa07d3e79d003ab0dd3b4a2a8136271369d7553b383f1b134dba0c09c362c455b79be8ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 65f4c52947bd8cf30ac42acf6edec630 |
| SHA1 | a01ce17df0792ebb472f432bc497228d61880072 |
| SHA256 | f2668d102a6ab275e21630a2096ea604aa5409a36f06c47db75202f9afd4f1df |
| SHA512 | 5c2242854b47e5263a5c2ae5e55b2ed99c278dd99341ad25f4ab372c50c69e906d5b4c129218e82dba34251e3dba158a07bc6203d64b9e4794657227d14a2702 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3f6e75ee32f46cd6af003c5b92d4f126 |
| SHA1 | ed8de6baeef696a7e29dc695cc90a0055a1d2db4 |
| SHA256 | 636d077f013d00eeaf8b2c1e4b9051702cc93929cdc193ce9c5c46332b445dd2 |
| SHA512 | ca889deecdd5fff293aae9e3d02037bb27db150e0514d9f4ca91f2aa0888f5d34d63e3bebc92bbb6e6ceb451c110669eaca6e542c9ee3cb0ba58a61dd809dbe2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9423cc1b2bbc72484b04b2104b1216d6 |
| SHA1 | 894ede912087ebf00b64d05f2c521e3695edf8ad |
| SHA256 | e3ee8cf63293fa91116c1509ea2349d3cbe293f54308e2336f560f7de285a5f6 |
| SHA512 | 0e1aeaf7223c027b4ef69646f2d4d7bfb98a251502b8bd9e58bbec73e3f80598be3753e94bebec6118765ace0b3d1f00fda34f6e060e22b40749f1b57799280a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8ee3894cf75c717de70b43f2a53d3388 |
| SHA1 | 95989743d82474c606398552162ba3445cd663ae |
| SHA256 | d6f40a6ff8beb5e12815909cbb910fc252067618d15e90e6d4e9082d820393ee |
| SHA512 | 8639cc90b95709273d7a87f5ee5eae13838637ac7957025f928d749d7b2030061f44ff680df086556c0327c664c2af43ac20fda0b34cf2a9db6a34531fbc29c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8ea15bd1881ad6b8fda815ae8e02a988 |
| SHA1 | a1a40a1db4a6edee3a9822d0a43f0cec8019148c |
| SHA256 | 9a96eb6ad6a4396ff1be81cab955a62f459345dee7ef8edd4e4b4fe68824ff1e |
| SHA512 | a658939b52baba36b066200e90c86bdc61157c909c794c4b4ac9e07c603ae2ceb5d34e6040e5afcbd36a97d4b40932a250451ecccaafdf0907ebb35f9ff8b37e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
| MD5 | 6fae1fdafb41e9a0d4b374f1e3f4362c |
| SHA1 | 7da95b27af455ecee48c356219e724b399faa8fa |
| SHA256 | 575ef09cd322dcb886907f599669ea8c0d0b11abf7728e51afff4349b619fb7d |
| SHA512 | 5f64173272e7f7513ac67191a16530643a3d8d2eb2e11440b67a6c0eea38820d969fb19fa5a2ab3b52a23962584c73715749c445f1bd49c5b54d27926c90060d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
| MD5 | 32ab6cfb676296e3809f1cb8c7f98fc0 |
| SHA1 | 673fff826709c61651be617e1f01457d35dd93c3 |
| SHA256 | 6d6d20f586a5e47d13833c71ec6f0453f0556573b230ad26e99e83f76504e8e6 |
| SHA512 | c8c6c32a234ff3825aabf41cdd579a059dce82215d55bf4b45ab527b99d53b041f4e6d1b3b19eaf65f21ba9db51c708eb6c49ce20ef6f886a12d289f2b3d40e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 9dcda8d3cee943b41de9ee5b6fd063e8 |
| SHA1 | 4acb61372012a0f9aa932925b222eea0d9283f57 |
| SHA256 | 84985523c22b9e0256e0248b7818eb7129d6e3681f9b932b6b1a79fb42740872 |
| SHA512 | 14643cfc4ed58139e4a7b935ed948372486d99984ac0472b07e425e9c71c26d35c3f7acc7b7e1acd03f74ea7661b96cdad02baa4cb43caaa60efef2bd0afa3ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | d6f0f524cdc6b88af3e42a3994893719 |
| SHA1 | a4d16e03a69f3b361b4528972ae1d24c5c05c0a8 |
| SHA256 | 8a56fa99f4c9c6ea6f6a5be742ddbf78ed053037b6a2bde5cbaa26084771c808 |
| SHA512 | 445566d0d05cf3e8ac0d7cb3cee4332469926607af0aa450b8341e4916f0b93b55eff551077b9f97c118e79b8b27cbfb58c2d54727abbe575a13112938cfe6a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 3fec781a37fd6100585a04d4bbba33a3 |
| SHA1 | d0fd65560a71bb29041a7fe923473aa91391b066 |
| SHA256 | 3f2db1e75555cc19893fb62ed3e33037e9378b491978ef1eee471fe2e40dc4af |
| SHA512 | 0b2d7b2fa3e89a8d91a0e5dec930a09d7a1359fd69b8e5612571c837598c85e00c77e4fedccd86c14e9d702b575138522ad4d935c1b0bf25f20a5b65135dd78a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 81592ca1ea6d76bb382854d9594e84fa |
| SHA1 | 47456d87b53f5322818243add757424c4f175bcf |
| SHA256 | cfe00932e3ab1da1a56570989c77e1ffdcba441730a026f60434456565eb1f78 |
| SHA512 | ecd03932dfbb0625c056f2dc884e4f424e78965dbb38517a6b5dc382f1b0cd01a0cee4d43cd31faf915c9991664e7443db82830242a90245bd50f467fb2babf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 37d35b1de725ebb2d508d113dafd7ff6 |
| SHA1 | f0f31fdd762a8304753a12aa27e2fa4fc9e2a053 |
| SHA256 | 2d277fa541936acd00cd957dcaf68881d1562c8abd063fb0b103c132107d7606 |
| SHA512 | e6c26b22913b6040a5d61fe9889a6e6104932e81afd94ab3f55566f5ad6b68f574b00cfc3b91001bb6075a828b7b34dfe94e69de734a765bd8a126d4ab14ec9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | db7536ff719634dc9dcc9e1500d712ed |
| SHA1 | f9477f4e2af52df86e8eebee3ec94c86658b903e |
| SHA256 | 8f3fb22bf2dd7b66d63b416319642852b42eb2ee7897c786a55d4088880623c9 |
| SHA512 | bbd3764f27c75167d6828ac24c39a9447b60027c2f5d39a23edced19e7679a87fff9647edb95b30fe505da8297bdbafefad00a8bfd1640b3b78fdd3d1d348770 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 865d3ed509e7233fde12776fc449fe8c |
| SHA1 | e65dd10af38d79e2898e3189083d577f4955857e |
| SHA256 | 5f1992fd38e30483a9868539da133dee1154519f5d32da489c039db64d142137 |
| SHA512 | b3f41693c26a376488efadd8b39fe340bc326667aecadf595489dc890ea2938709bb774547226be70334ead8f52399a64c32a659d755d018c4f59a5a8d8311eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a4917156846b19d2c6afb8704ae3c3f7 |
| SHA1 | 66fc982a8908f623041a6c09aaf6e6b17504f19c |
| SHA256 | a37c3d33fa378a1d6c42f057c89747b7df9a29d726d80fc714f0a47ee37a5a35 |
| SHA512 | db1c437f5d7c45c8cfb5a3ce82b09af97c021c3bd5ea3b3f2053e8cefe31a31635949a255efbf88c966a9a5912055e8e1aec84ef74039bd80243fb78d2075cb8 |
C:\LDPlayer\LDPlayer9\LDPlayer.exe
| MD5 | f1a3d045ca3cef00a833cb417eacf0af |
| SHA1 | 3c514a6ac78a34e2ed0aa91417cdfdf32da8e07d |
| SHA256 | 2f33979db8e873e7553bb8c4801f5ea01cc0397a9a8fe38cb79312f4bc9d3395 |
| SHA512 | b7fc60d860502cd72b00a9bc0ae619500b517db9609918b2058f677b5858b13643523f9624deebcb233091d24c9f9cbfa7bc83fdea688cbba6ba732cbff09d75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 52582839123ec29b1c1e94ad35c90e6b |
| SHA1 | d5bffa26ae2e81ec6a6a3db94796e6368a2e9947 |
| SHA256 | 3cae58a36cbfd22c5acc875c66dc3f51f0d796dccb5f47d03ccbb596fad0faba |
| SHA512 | 0f5fb2196018380c166835a700d742e625ff243f63b9dd03331c5f22a89be42ebf433f8a3054b1e69d102aa71932f65cbef360a148ccd5ac4a1e724cbcdb9aa5 |
C:\Windows\Logs\DISM\dism.log
| MD5 | bd0b5065c38330d62fb0817d7ff390b7 |
| SHA1 | b908c894963d58482431af9ef9a1814046fae7aa |
| SHA256 | 7eda639bf9a33d279fb4c5702d5ce3182cf308c9f5991498fbd036fcff61f6ba |
| SHA512 | fe5358894ac6e3b9176208aa8f5e17903d76094c4a004f8066f9dedc48df898cbd0da0fc223b2e06e16d5956e32dc511176e44cd7a8292dfb853f38637832737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099
| MD5 | ba0862bfacc414cb963fa641932c16f0 |
| SHA1 | 368057149bd4f61ee265fc193724b2233ac8968f |
| SHA256 | 9e1393f4839d3f2fcab3fd10bb76b06a7a89ffcad789ebfba1ea83223ec9c9eb |
| SHA512 | 6fce659266013ac77e1f221de981240e6e303a390e31723f0160caf739d1fb0ff2704047daa76b19bc8332562ef44d180ce4fab44277227db048a2a6285e4559 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098
| MD5 | ebff22dcbe7e442c5206ac69a0027b71 |
| SHA1 | e1d17d3722071e476a4f3dd7786f6ceabb8da8b5 |
| SHA256 | 062fc91c7174677ba3ace252cc502c51568dd9a51842786a94e4b98259e7b78a |
| SHA512 | 6ca641d8c628f6854aea47cbef04202c86ceefb11d99faf8856d1181ee035caf2384f588bddb1408921930cda1cfb5e0d17a7c7c716369871a08df064fe10f32 |
memory/6552-2160-0x0000000002D60000-0x0000000002D96000-memory.dmp
memory/6552-2161-0x0000000072740000-0x0000000072EF0000-memory.dmp
memory/6552-2162-0x0000000002E80000-0x0000000002E90000-memory.dmp
memory/6552-2163-0x0000000002E80000-0x0000000002E90000-memory.dmp
memory/6552-2164-0x0000000005850000-0x0000000005E78000-memory.dmp
memory/6552-2165-0x00000000056D0000-0x00000000056F2000-memory.dmp
memory/6552-2166-0x0000000005FB0000-0x0000000006016000-memory.dmp
memory/6552-2167-0x0000000006020000-0x0000000006086000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2pqqhdrt.o0c.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/6552-2177-0x0000000006090000-0x00000000063E4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1
| MD5 | a2322ffe15193c619b775b42e0031a64 |
| SHA1 | 11c4e72d701fb4ae3494d4ba653c7c3d90e98f26 |
| SHA256 | 6241aec4d88a83979696adb57361659ad2113a614d8e46ceaadd4a32f5c8d2b2 |
| SHA512 | b158dcead56dd00dfc2d362aa61a9d8934836a6b3810cc827857ae7cf2ec81ad6d2eb0e6838bf12282d7514c0d3a9d1540abffa1325d2f925e9eeba83b00ac50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a3
| MD5 | dd7912546df9ce20d224932b8e469053 |
| SHA1 | 81eb8e3c843bb0981c41287624156afd209cd3b2 |
| SHA256 | 105ebf54e04276d92843d57d44b6684f62db25a3f7b8ed8958d2f8b01a90f985 |
| SHA512 | 1799bdb4cefa00ff9e56a01379b1a26e16f84f36e9400e75f0968af773c3d89092e3cf4ee2e5d965c6d868bd5bbbb8656646b35c00f1799f179cee4712655875 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a2
| MD5 | 3d223e87f97f1861e9d22ec57492d26e |
| SHA1 | e4d6388aa6cf8f971ac0f39a81dba0c3a5a295e1 |
| SHA256 | 24dc7f476181030bfc92638424cbae4251b9f9c533a0dcc542f7de76f796d53b |
| SHA512 | 216e8b5b63ba52da053cc7767ca6462d924d76e5ac3377d75fe813df98b0097d8b25397a73909f58f6366248a1fc0219856447b7e7a96ea48a283f7f4b5d59e0 |
memory/6552-2184-0x00000000066A0000-0x00000000066BE000-memory.dmp
memory/6552-2185-0x00000000066E0000-0x000000000672C000-memory.dmp
memory/6552-2186-0x0000000002E80000-0x0000000002E90000-memory.dmp
memory/6552-2187-0x000000007F6F0000-0x000000007F700000-memory.dmp
memory/6552-2188-0x0000000006CE0000-0x0000000006D12000-memory.dmp
memory/6552-2189-0x000000006F040000-0x000000006F08C000-memory.dmp
memory/6552-2199-0x0000000006C50000-0x0000000006C6E000-memory.dmp
memory/6552-2200-0x0000000007950000-0x00000000079F3000-memory.dmp
memory/6552-2201-0x0000000008080000-0x00000000086FA000-memory.dmp
memory/6552-2202-0x0000000006D60000-0x0000000006D7A000-memory.dmp
memory/6552-2203-0x0000000007A20000-0x0000000007A2A000-memory.dmp
memory/6552-2204-0x0000000007C30000-0x0000000007CC6000-memory.dmp
memory/6552-2205-0x0000000007BD0000-0x0000000007BE1000-memory.dmp
memory/6552-2206-0x0000000007C10000-0x0000000007C1E000-memory.dmp
memory/6552-2207-0x0000000007D10000-0x0000000007D2A000-memory.dmp
memory/5700-2208-0x0000000072740000-0x0000000072EF0000-memory.dmp
memory/5700-2209-0x00000000027B0000-0x00000000027C0000-memory.dmp
memory/5700-2210-0x00000000027B0000-0x00000000027C0000-memory.dmp
memory/5700-2220-0x00000000027B0000-0x00000000027C0000-memory.dmp
memory/5700-2221-0x000000006F040000-0x000000006F08C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a7
| MD5 | 1afe1af9ac6fc91269f9d116fdd9ffe8 |
| SHA1 | 82cb96d520ab00a6b56519ee9be112a8507ad071 |
| SHA256 | e8551aa783f246e2aadf0f3d8dff0218375583c0e9da72c888ef8e4e08044ac8 |
| SHA512 | b3fa7e50543fa66c74883a92b184c2f9b6dacd7f423cfe2b88cf9ba6857499502a646f3ee1aae768ed60b3c4448f63b5d9449ce174a7cf1672fb6b987cc13cb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6
| MD5 | 7f18d99c55f859a7d30bd23c4c77a87d |
| SHA1 | a6317e7d71541eb25df6a0bab2d5690a0e28f03e |
| SHA256 | fb9c0477cac9a62141a7893185141aae31000f176fa7ec374f18a63171609dc7 |
| SHA512 | 0ee6a29990cdb84d3fa3a8cda4ade538f5307a7f86f1be2e85b97d06061fb5215d177b6c9e7f469aa0e6a6e676f3536dba1fd4d1e0dbef581996b77a4e563f52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5
| MD5 | bcfc5f68d10591955701bddf1e247e76 |
| SHA1 | 679bde74b8630af6aa359f786000baab4fe1c680 |
| SHA256 | 86b634e330424f2f366da8f560d5bb3499a368fa3e29fa26048ee712df9899ac |
| SHA512 | 8e57d8d5ece8900fad8cb91c9e5052d17a7728717f67fabf79b02a71dadcb91dd8cff3e5c09bf02ea7dc9c14ef2b865abc3e221f06a514b7e9bc2df222bad71b |
memory/6552-2239-0x0000000072740000-0x0000000072EF0000-memory.dmp
memory/5700-2241-0x0000000072740000-0x0000000072EF0000-memory.dmp
memory/2476-2242-0x0000000072740000-0x0000000072EF0000-memory.dmp
memory/2476-2243-0x0000000002710000-0x0000000002720000-memory.dmp
memory/2476-2244-0x0000000002710000-0x0000000002720000-memory.dmp
memory/2476-2254-0x0000000005C70000-0x0000000005FC4000-memory.dmp
memory/2476-2255-0x0000000002710000-0x0000000002720000-memory.dmp
memory/2476-2256-0x000000006F040000-0x000000006F08C000-memory.dmp
memory/2476-2276-0x0000000072740000-0x0000000072EF0000-memory.dmp
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | aac4d2aae2be727d4750c7f10bbcc625 |
| SHA1 | 242b86a5b7105411f828ca3720eb07c0ef026b05 |
| SHA256 | 6467f8be9c2847a4acedb584ae28c0c998d43e594c606ddae6268d30776fa638 |
| SHA512 | a88388e95d0ea60138ca7cf337e5f92199277a2f636e66795914cfb1c2e7712ab6b87bac5a30e46fa5d6893a93cea76f88050075dd656ca7accc0424a9b67d0f |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | 7570ce405a637e9d6f720712e330bcd1 |
| SHA1 | c551d624c087b968eacb83fbf737d77833460311 |
| SHA256 | 5b1ebec3d22f0c2376e030af96d0b58c361af2067a7d43d9b68e92dbba66f350 |
| SHA512 | a5d428e71bfa816e3d3853c6e5686b60afab396f30e6fcf5c84f2798f0e5f4f974ed53e206b06707454395020062c21a144206b29b78106609826b0b8174c866 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc
| MD5 | bceb254ed8dc0694abf190b9eb12f88f |
| SHA1 | 682cc3cc49f528ebaf469aa1a08755599fc403be |
| SHA256 | 097278bdf7b8642bd0b184290ff807e869815e41b8defc2eb5da3e9f7e781efe |
| SHA512 | 394bf01477cc8c16c3c1a3e3cf0ddc0a05dc6e189ea6f77594492a972611fd2a4d207180ad00335fc11a2c20828fead60e0051f4045464a286096303b63a40ce |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 2b6a8e2cd18e32402954ec446324c7ea |
| SHA1 | ffb2e0781f19df04d582c427cd60ea0a765289e8 |
| SHA256 | 2afc552ae257f2dd4ebbea1189c9d1db7d2d084fc3ab03785f64e0aeb451fe9e |
| SHA512 | eace62252ebe52735f8688b87aaada7a0a0f6bc2cba7ace4ca3b672de614f9cb584c0e44de0510ab02a02e19a10c4e75d8bb5bb1dcc74be9dfa88e4fbd12d871 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
C:\LDPlayer\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
C:\LDPlayer\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
C:\LDPlayer\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000aa
| MD5 | 712c30ae9b7f321df9ce1093abe1db9d |
| SHA1 | 9f09eba62e777dfedce97b53042ae5d692791edb |
| SHA256 | 488f92648d8ae3b5efa784f2e7dd0ab31be7d42f0c36ff4a09e9250974f0722f |
| SHA512 | 0d89f226f963b3ef54ea5698d6b8e1a6c7ec3cfe77543f0c39e5efa615e37acfb990e5d7b3e0afca59b0d021a2b6a91c282babdcec145a90cee1799e52ade0e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9
| MD5 | db4ecaf8fc798add2d26da88de7f86d2 |
| SHA1 | d8f528bb7770e94c0e6c87758776545073d6917e |
| SHA256 | 59400e36bcc310b34c525eee54a62b9e9fe5d7d39172ab544cf2f5871279c60f |
| SHA512 | 00cb4d59141252431a5610292f294bb6cf9b3cc41ae7c2d74b8f9fdeb02423a7ae1c63c98038b7e76e51c7b5a943451ae5670927843146c990013d78ab9100da |
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8
| MD5 | 9a4a7215730b644ccc4b2879a3415720 |
| SHA1 | 0ee97d0488e04eb424161e6c6303743def5e7b4c |
| SHA256 | b9d0582678c5d6462322db0567d876fce722a4e8f00f2081bf4fba06e26cf7ea |
| SHA512 | b08e88f95a24c91a433ca8afd50d239be7fecc90ead9345870cafcee51c832f94c5999786372b74f6195008571bda389895445b8d0cfdf165adb4610de6afe93 |
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf
| MD5 | 854fc8bcffd4f710316a711b7ab79c51 |
| SHA1 | b72442273de68fa3b9d0432094c6d0c884a49768 |
| SHA256 | fde62a438435d8630a2bb69069bfe17bede8d3ddea5ff997c36b33eab8def905 |
| SHA512 | c7874e1bbd8e3daf739d37890e6e5e29bc52ebe0bd8cdc569f1313cb49a446b39d873cea5c572f1c4cb9bd47132be7bf431db0ad82e74029cb942d78bc92182d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac
| MD5 | bb57fb9adf26ce5c952fda2052516efa |
| SHA1 | 9c355bebcaf2128bba6c8b31ca85d6fd86d770db |
| SHA256 | 7b043f36636dbb6fe18271a201778cdfcc9bf8863b28e025176b735a1ec58b13 |
| SHA512 | 0fbf64e8068f2b3df342e18ec5edfeced634970c89eeea2b1306d9c47846aee3ac8b21a142f8b4b2fdd294e0216fda92f907c9e54740ee0c45fcdbca0db1c86f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ab
| MD5 | 499863bac73bd01049b02017e87fc682 |
| SHA1 | 2a3a849f47ac93fc3cdeec6a4b875adee2f993f0 |
| SHA256 | 512de5430763ff228bcc94111522b9f64f82d7c57fad6ff5dfa33a01e0e1715b |
| SHA512 | 346ebebe4adce705b7788161f562eed72387df1fee835aeb14d2f4ac480c4625edd59730ae5c2c647da1343d10c17c48948008b389aa27657932e496c763b81c |
memory/4208-2385-0x0000000000F40000-0x0000000000F56000-memory.dmp
memory/4208-2386-0x00000000729B0000-0x0000000072C01000-memory.dmp
memory/4208-2387-0x0000000073170000-0x0000000073194000-memory.dmp
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | 9b980209f6ee1b6761d934dddc132e88 |
| SHA1 | 058c69d94c2c40fa8fe615b55ba726f5fcc74ae2 |
| SHA256 | e624f4d96b7e22ba5178cd369dde82192f8bbdb7d42020e56ab4dcb7aadffede |
| SHA512 | 7a691ee9af65e3027bb2c51a35d35e9d7ca7017ec0815d39726cc42fb5f340561ea5a0fc4c311f6ec4681c734b8a0e88a33d98c559d2db1453e11eccec5e2b6f |
memory/4208-2408-0x0000000035A80000-0x0000000035A90000-memory.dmp
memory/4208-2409-0x0000000075A80000-0x0000000075B70000-memory.dmp
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 97c2e256bdeab828d6a2c448b7766818 |
| SHA1 | 48a31cddaf2331a8fe7521a30ea41db87083599e |
| SHA256 | 8184b85b7914cf219ccded54f8818044ec7d0959bdab174a240c17cee14f2e96 |
| SHA512 | 07b0eae84648952e95c5b85875f761e3ba3a3c800fc785fc5a9a8dd5500c81c79fa8b32ee5b6aec3a541959919f62bf5b34000e9356d936977fcf9b330598287 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bd
| MD5 | c85af06fcc26b8a8af06090b58dd3b69 |
| SHA1 | 71e406afba8216c1f5a40267393ae6d67658b66e |
| SHA256 | e411b51450b0d73f69fb2450a88479d9df7c68036a8d77275bb7ce537eeced3f |
| SHA512 | 09b2b6ff937239ecffd310ec9058329ee605bf53991b439f89ccc2f79ba68da65010b02669c51b90c2b6b8487b1295936cac18bfbc2d350ef5c07e6e4f85affe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097
| MD5 | d453eca18d366c4054d2efd57717cf9d |
| SHA1 | c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4 |
| SHA256 | be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc |
| SHA512 | a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e
| MD5 | 89a574ff00e6b0ec61d995d059ce6e65 |
| SHA1 | aea09e96808ab77165ffa712eaa58b8f056d0bb6 |
| SHA256 | e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44 |
| SHA512 | 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dd35d5c4d37b8500_0
| MD5 | f7fed3dfbd41b7a42e4748b51fa54a20 |
| SHA1 | 66fe14a3a4a551f322b85692ebfdb7528d0e4e3c |
| SHA256 | d27fb7d289f20214b8573e2effe75e2d3afb1a080cc907d5400323ddb07dfda6 |
| SHA512 | 57b29013e712aa3781939ec88bd22be9c752ea9de6cbde970a29298ca5941c169b538a9ccccef929a9dedd2c519ce86f1ab875a4bce808c7793fdbdea0ce2170 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083
| MD5 | b598f33d037b0af8744a4a6dbf9a8f41 |
| SHA1 | 35eb36d6129bbb54c02c5e433013926961d5c3dc |
| SHA256 | fbf5b0c915e03d804b5febb071c11931c4df675d87bcab94f430b92ccfdc571a |
| SHA512 | 405bc6b42d6969adbc4cf4802e052d962921c37f6c4e03d2384b3bed814ff68625e67c9005dc0ee109674df473fc5bba7ebb1b67f7802924dc6723328ad242ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095
| MD5 | c15d33a9508923be839d315a999ab9c7 |
| SHA1 | d17f6e786a1464e13d4ec8e842f4eb121b103842 |
| SHA256 | 65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98 |
| SHA512 | 959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f
| MD5 | cfa2ab4f9278c82c01d2320d480258fe |
| SHA1 | ba1468b2006b74fe48be560d3e87f181e8d8ba77 |
| SHA256 | d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e |
| SHA512 | 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6dad06634fd9d194a9a3af307471771d |
| SHA1 | 4a450dde0f1092548050394abb2ee2e1f0793b84 |
| SHA256 | c0a087866612b4adf6aae539a89e09d79d106ef7b21a2b5e5b479cd7d7b6e31b |
| SHA512 | 0143fdc03bd938e4ead818b718f81e59ab658b7b1cbb3668049c904463553eda45b406a2ff9e832c19b4e99a3ba3ea7548a9e6b952c3e9a51763e75a538ded75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073
| MD5 | 8a42ba5472aa4afa3d3ac12f31d47408 |
| SHA1 | 2add574424ac47c1e83b0b7fae5d040c46ac38a7 |
| SHA256 | 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4 |
| SHA512 | 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 264d9d6ab2842580b049cc5d8cde3a61 |
| SHA1 | b44951ba72deadfc1286747090ca7166305cc582 |
| SHA256 | f49b1f3d2adca73cd487df75b7505e203fb44002321c97d6124e5ee351651a44 |
| SHA512 | 464f74e1e9c7211b20f2ac8e5c2d0cc4ccd8f30eb5d78529c9b5312fb7caa28880351c97a11cbe7917a85a383c5c77e600c601816aa18017803018d280879e5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | af77b5bab88eb69f4d2745d2fd418e61 |
| SHA1 | 8ba373df080e843f290902e3bf300a260a6568c7 |
| SHA256 | e2bb76c057c43b98194268c99c0231ed08edc2a7afb8d885854eb421731ca8b6 |
| SHA512 | 7f8b9898c8d4bcd074e2a0529df1b1b0b066016238d48d561b2e07230d5da4e89cbfd2cacd2bdd55321af6fcedeb621efa6be7b1043db1f02464c14494c0694c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 52166030a1180138b82fd3612d310478 |
| SHA1 | df2cece75d2a2f8e2b6c66e79dbe7470849a3b61 |
| SHA256 | 0511fa9b5d7cc24ea09b53ab03843428ded8c8ee61c3863c52797a5d5872e78e |
| SHA512 | f57d4cc4cb02665548e080e28075afaa3c104eaad775e22d09f112ed277c5a43f086b91a26753a3acd9959081035a91630e83c97eda293b42b26a3a198a6e24b |
memory/4208-2984-0x0000000075A80000-0x0000000075B70000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4319277adcdf6811b48aeab0ba466d86 |
| SHA1 | 2d939a80f30dcbc85d85f81ed0c1f3994f8ff14d |
| SHA256 | 463727c0ebb913c966fcec1fb6688f5f51f5d37a6b42843ad5066adcb7e4e618 |
| SHA512 | 31f98b30977a196c386a11bebc5458ec5dcb6f71a62454942cffe72998bd632d435af1e96b33f096e0553a9113fafd95e325b7ca6d7474bbb8d375279cf69fcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b25f1434525cebb17e94b6aaf50204b8 |
| SHA1 | d57762b3a6de9aa07d9fe82069caccdd9e2acc4a |
| SHA256 | 2c96d914190f5931126b91a4de34d793535c53a0d1bb0fb2e2266d252e37e3d4 |
| SHA512 | 015d7ebc3b15ee4dd15169876937bfd0ee92d8869afced2fe6c44886f9048a7c1d2640edae9cb0fbc2e4eb9a20a5324f10040b5b4ca2e3bcda88bf116a7bc672 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dc
| MD5 | 05e9679509b61424a07cc4d4efb7247f |
| SHA1 | db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81 |
| SHA256 | 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b |
| SHA512 | 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000db
| MD5 | a9e8904eae36a13deae2ef1aeb74a1b8 |
| SHA1 | fb329927f4221e84b3101a8d65e2fd48d2192efd |
| SHA256 | 17ab3142e068e6c28477e8d074a3aec9f51d771ef4ca4ed987ee03ba07b51e1a |
| SHA512 | 03eba74e726b388111d879e4bd8b256fe6dd095ab20edcb802b21b8d34ce0d013f3f3c91e1d2ab2296eaa96ed5ab79bb0d55d9280c193fdb23e4b939719e954d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 06f4b4fd23db56d91d5528be2fee1b47 |
| SHA1 | 61fff675e5235444403b9f4e8c2e9bc7885ed758 |
| SHA256 | c0b5f4de3a0f5fcf5bd1918396c5e76a94deca7b3489ab528b79e6cd6acf45f9 |
| SHA512 | e7c8d8c68b741bf6a98c19b4faf40e0d3d312938a289c93b134c008810417ad17aff425b77dbfb2714f5d91a6bfbd5699ce18d34c5513033c71776c4e6cf87c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 47e70cc5b727aa70827c1ca1aa628ba1 |
| SHA1 | 978cbcef263026133706dcb867c3f13ffa1d128a |
| SHA256 | ce639ae7ab72fa21923f4695187f2b96b14b72f89c5feb1659b1c636b0a482e7 |
| SHA512 | 1ef2f0de60b9cad64aa8b1e15d29c97e0ec311d06ce3a2c1d4d9f51b3ff684c877f4263aa22237245ee113eaf032d1d34feedd201a0668f324b890fe97cb9169 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1d552f3a9d09a20b12b55df43bb6b766 |
| SHA1 | b7cf9604b26bd48cc0614913f0c91bb6d22dda0b |
| SHA256 | 90d649a8258893e26d4bf7bb9918b688524b1838b207813547e7fc4f1398e27d |
| SHA512 | 8a0a90645fc3627d8628cf71647b174c92717ed6b06daeffcb8b1a5ae6cff17878555f11a40b3b7d67bdaa7c42e784af187389b737fa5567ebaf5a6b4deddb15 |