Analysis Overview
SHA256
5717c1e68860552f27d4716b5df35386b6cd926cf86cdb08f4011d567be16d7b
Threat Level: Likely malicious
The file LDPlayer9_de_1103_ld.exe was found to be: Likely malicious.
Malicious Activity Summary
Manipulates Digital Signatures
Creates new service(s)
Possible privilege escalation attempt
Modifies file permissions
Drops file in Program Files directory
Registers COM server for autorun
Launches sc.exe
Executes dropped EXE
Drops file in Windows directory
Loads dropped DLL
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Runs net.exe
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-19 13:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-19 13:39
Reported
2024-03-19 13:46
Platform
win11-20240221-en
Max time kernel
202s
Max time network
401s
Command Line
Signatures
Creates new service(s)
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustFinalPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2223\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2012\FuncName = "WVTAsn1SealingTimestampAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\FuncName = "DecodeRecipientID" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLREMOVESIGNEDDATAMSG\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-string-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\capi.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetFltUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-localization-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstVMREQ.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\dasync.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-convert-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcr120.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5PrintSupport.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxHostChannel.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstInt.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBInstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstPDMAsyncCompletion.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\fastpipe2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxExtPackHelperApp.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\capi.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp120.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstSSLCertDownloads.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-util-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-filesystem-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\EGL.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxVMM.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-timezone-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-stdio-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_V2_utils2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libOpenglRender2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\bldRTLdrCheckImports.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-memory-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ucrtbase.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SDL.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxStubBld.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\concrt140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\host_manager.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-conio-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxGuestControlSvc.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VirtualBoxVM.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-convert-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\regsvr32_x86.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-processenvironment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxNetDHCP.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstAnimate.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-debug-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-locale-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\load.cmd | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp100.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\libcrypto-1_1.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\vcruntime140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\regsvr32_x64.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxStub.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxGuestPropSvc.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\platforms\qoffscreen.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDbg.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\NumMethods\ = "16" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\NumMethods\ = "16" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9849-4F47-813E-24A75DC85615} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-71B2-4817-9A64-4ED12C17388E} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3188-4C8C-8756-1395E8CB691C} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\NumMethods\ = "15" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E254-4E5B-A1F2-011CF991C38D}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44A0-A470-BA20-27890B96DBA9} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4022-DC80-5535-6FB116815604}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B855-40B8-AB0C-44D3515B4528} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\NumMethods\ = "13" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ = "IMediumRegisteredEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BF98-47FB-AB2F-B5177533F493} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5409-414B-BD16-77DF7BA3451E}\ = "ISharedFolder" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FEBE-4049-B476-1292A8E45B09} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D8ED-44CF-85AC-C83A26C95A4D} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BA7-45A8-B26D-C91AE3754E37}\ = "IAudioAdapter" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D4FC-485F-8613-5AF88BFCFCDC} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B855-40B8-AB0C-44D3515B4528} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1BCF-4218-9807-04E036CC70F1}\ = "IProgressPercentageChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-32E7-4F6C-85EE-422304C71B90} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\ = "ICloudNetworkGatewayInfo" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\NumMethods\ = "16" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B4A4-44CE-85A8-127AC5EB59DC}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}\ = "IDHCPGroupCondition" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\ = "ISnapshotRestoredEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5409-414B-BD16-77DF7BA3451E}\NumMethods\ = "25" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\NumMethods\ = "58" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-71B2-4817-9A64-4ED12C17388E} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4430-499F-92C8-8BED814A567A} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4022-DC80-5535-6FB116815604}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2E88-4436-83D7-50F3E64D0503}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\ = "IInternalMachineControl" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\ = "IGraphicsAdapter" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4453-4F3E-C9B8-5686939C80B6} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_de_1103_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_de_1103_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LDPlayer9_de_1103_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_de_1103_ld.exe"
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1103 -language=de -path="C:\LDPlayer\LDPlayer9\"
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=1704032
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe {AEF81089-DA13-4589-B1F1-156A6AABA363}
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004B8
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\LDPlayer\LDPlayer9\vmware-vdiskmanager.exe
"C:\LDPlayer\LDPlayer9\vmware-vdiskmanager.exe" -R C:\LDPlayer\LDPlayer9\system.vmdk
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://de.ldplayer.net/blog/activate-vt-to-support-android-emulators.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffad1963cb8,0x7ffad1963cc8,0x7ffad1963cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2020 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8424 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| GB | 143.204.191.47:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 181.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| NL | 142.250.179.206:80 | www.google-analytics.com | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| GB | 92.123.128.156:443 | tcp | |
| US | 52.168.117.169:443 | browser.pipe.aria.microsoft.com | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| CH | 18.165.183.81:443 | encdn.ldmnq.com | tcp |
| CH | 18.165.183.81:443 | encdn.ldmnq.com | tcp |
| US | 163.181.154.249:443 | de.ldplayer.net | tcp |
| CH | 18.165.183.81:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 81.183.165.18.in-addr.arpa | udp |
| US | 163.181.154.215:443 | advertise.ldplayer.net | tcp |
| CH | 18.165.183.81:443 | encdn.ldmnq.com | tcp |
| CH | 18.165.183.81:443 | encdn.ldmnq.com | tcp |
| US | 163.181.154.215:443 | advertise.ldplayer.net | tcp |
| NL | 142.250.179.206:80 | www.google-analytics.com | tcp |
| CH | 18.165.183.39:80 | apide.ldplayer.net | tcp |
| CH | 18.165.183.39:443 | apide.ldplayer.net | tcp |
| CH | 18.165.183.39:443 | apide.ldplayer.net | tcp |
| GB | 18.245.220.27:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 163.181.154.244:443 | de.ldplayer.net | tcp |
| US | 163.181.154.244:443 | de.ldplayer.net | tcp |
| CH | 18.165.183.29:443 | cdn.ldplayer.net | tcp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| US | 8.8.8.8:53 | 29.183.165.18.in-addr.arpa | udp |
| CH | 18.165.183.15:443 | encdn.ldmnq.com | tcp |
| CH | 18.165.183.15:443 | encdn.ldmnq.com | tcp |
| CH | 18.165.183.15:443 | encdn.ldmnq.com | tcp |
| CH | 18.165.183.15:443 | encdn.ldmnq.com | tcp |
| CH | 18.165.183.15:443 | encdn.ldmnq.com | tcp |
| CH | 18.165.183.15:443 | encdn.ldmnq.com | tcp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| GB | 108.156.46.77:443 | apide.ldplayer.net | tcp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| NL | 216.58.214.14:443 | apis.google.com | udp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| NL | 142.250.179.194:443 | www.googletagservices.com | tcp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 77.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.223.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| CH | 18.165.187.137:443 | c.amazon-adsystem.com | tcp |
| CH | 18.165.183.38:443 | tagan.adlightning.com | tcp |
| BR | 142.250.218.163:443 | csi.gstatic.com | tcp |
| BR | 142.250.218.163:443 | csi.gstatic.com | tcp |
| BR | 142.250.218.163:443 | csi.gstatic.com | tcp |
| GB | 52.84.90.86:443 | config.aps.amazon-adsystem.com | tcp |
| CH | 18.165.181.36:443 | aax.amazon-adsystem.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BR | 142.250.218.163:443 | csi.gstatic.com | tcp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| CH | 18.165.183.26:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| IE | 34.252.235.9:443 | bcp.crwdcntrl.net | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| NL | 64.158.223.146:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | 155.152.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.235.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.223.158.64.in-addr.arpa | udp |
| CH | 18.165.183.81:443 | ldcdn.ldmnq.com | tcp |
| BR | 142.250.218.163:443 | csi.gstatic.com | udp |
| NL | 142.250.179.206:80 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| FR | 178.250.7.10:443 | bidder.criteo.com | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| DK | 37.157.2.228:443 | adx.adform.net | tcp |
| NL | 89.149.192.64:443 | prg.smartadserver.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | 228.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 172.67.138.13:443 | adxbid.info | tcp |
| US | 34.98.64.218:443 | setupad-d.openx.net | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| GB | 89.187.167.6:443 | vid.vidoomy.com | tcp |
| US | 172.64.149.23:80 | crt.sectigo.com | tcp |
| US | 172.64.151.101:443 | ssum.casalemedia.com | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| GB | 89.187.167.3:443 | vpaid.vidoomy.com | tcp |
| IE | 34.253.110.79:443 | ap.lijit.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 216.58.208.97:443 | f20a0a43c3c9d4ad4482c0c658ddeabf.safeframe.googlesyndication.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 89.149.192.64:443 | prg.smartadserver.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | udp |
| NL | 81.17.55.170:443 | ssbsync.smartadserver.com | tcp |
| DK | 37.157.4.28:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | u.4dex.io | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | udp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| US | 8.8.8.8:53 | 129.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| CH | 18.165.183.126:443 | s.ad.smaato.net | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| NL | 142.250.179.162:443 | cm.g.doubleclick.net | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| NL | 142.250.179.162:443 | cm.g.doubleclick.net | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.182.54.209.in-addr.arpa | udp |
| NL | 142.250.179.162:443 | cm.g.doubleclick.net | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| IE | 54.73.231.133:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| GB | 2.17.5.216:443 | eus.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | udp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| NL | 145.40.97.67:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.67:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| DE | 18.194.210.76:443 | rtb.mfadsrvr.com | tcp |
| FR | 217.182.178.229:443 | ssbsync-global.smartadserver.com | tcp |
| FR | 217.182.178.229:443 | ssbsync-global.smartadserver.com | tcp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| DE | 18.194.210.76:443 | rtb.mfadsrvr.com | tcp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| NL | 213.19.162.80:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | udp |
| US | 154.62.101.30:443 | ads.stickyadstv.com | tcp |
| US | 154.62.101.30:443 | ads.stickyadstv.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| DE | 52.29.151.147:443 | match.sharethrough.com | tcp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| NL | 35.214.146.233:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 172.67.168.151:443 | exchange.arcadegamefreeonline.com | tcp |
| US | 70.42.32.31:443 | b1sync.zemanta.com | tcp |
| NL | 185.235.87.197:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.122:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 233.146.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.168.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 142.250.179.194:443 | www.googletagservices.com | udp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| NL | 142.250.27.157:443 | stats.g.doubleclick.net | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | udp |
| US | 216.239.34.181:443 | analytics.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 89.149.192.64:443 | prg.smartadserver.com | tcp |
| FR | 178.250.7.10:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 193.3.178.3:443 | ads.us.e-planning.net | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| DE | 79.127.216.47:443 | c3.a-mo.net | tcp |
| DE | 79.127.216.47:443 | c3.a-mo.net | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| DE | 79.127.216.47:443 | c3.a-mo.net | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| DE | 79.127.216.47:443 | c3.a-mo.net | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| DE | 57.129.18.113:443 | wt.rqtrk.eu | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 52.30.18.244:443 | a.audrte.com | tcp |
| NL | 81.17.55.170:443 | ssbsync.smartadserver.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
Files
C:\LDPlayer\LDPlayer9\LDPlayer.exe
| MD5 | a6fa52df1439db048d6f95ae54c7651f |
| SHA1 | e8091149d649ac4b0a5aba12b19f379d64cccbc0 |
| SHA256 | 538f3d41dd94d4552bc940e8a0824445c949f30e6588ae69ee8e31f01ac6630f |
| SHA512 | 998f8d13559865b85af8b02892446622dd81e4757ea0b0ca6d59efeb1ff78dbfdb0d2c8b0ce06597a6f83b6cee183fe22bc139fc8707e04bf6d419a0fc19c32d |
C:\LDPlayer\LDPlayer9\LDPlayer.exe
| MD5 | aae6122c3605220ceed140d4438c9922 |
| SHA1 | c7255c362d7619e0e825b81328a4c9076b6d4bcb |
| SHA256 | 03320b7161f493730e9b38a5d984a4789ed6c8f4e46bbda44d6896e86fb79341 |
| SHA512 | dd4c138277a51e8ff171896add6cfac6d7df36e372b408a70cd0bb74c05cedc37be22fed66075dced231d64d4438c4e86dd284793a57778d7ede7dac8957b2cc |
C:\LDPlayer\LDPlayer9\dnrepairer.exe
| MD5 | dd1f8c2dd1295ad16407767962bb75e9 |
| SHA1 | f44e9c4153e8e001ae343e337b1a2fc69d5c8443 |
| SHA256 | 9188dd72c58737bbfb5b564a808e65613a6c43f3dceec5cd317983e37748a2d7 |
| SHA512 | 79a4dc3c1930f64f730ca4d2a94cc9d1e7e1961e9aecb37929be929139b9ce0a737928e7850d23a04685346206a289c5768fd5b9ff0b26fca453e70b4256d83a |
C:\LDPlayer\LDPlayer9\dnrepairer.exe
| MD5 | b7aae6790e05e86735c7e8a56f2cc55f |
| SHA1 | 6ae96aba05e4216688a7bcfa38d11c619712bea3 |
| SHA256 | 0f4511aadd7889a58eda3e90c4b0da67908174cd76cfc933e723b24ba181450d |
| SHA512 | 0d11d4aadb226fb8d5b439bbe751109267a1be3e0b64bc6dabd76502f53f3771b56573b76b13d586fb5f538eb9f2be26466c92802e79f514dea06d294828822d |
C:\LDPlayer\LDPlayer9\MSVCP120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\LDPlayer\LDPlayer9\dnresource.rcc
| MD5 | f845753af4cc7b94f180fb76787e3bc2 |
| SHA1 | 76ca7babbb655d749c9ed69e0b8875370320cc5a |
| SHA256 | a19a6c0c644ce0e655eaf38a8dbddf05e55048ba52309366a5333e1b50bde990 |
| SHA512 | 0a3062057622ffcff80c9c5f872abdf59a36131bfc60532c853ea858774d89fed27343f838dfe341dafe8444538fc6e2103d3aa19ef9d264e0f8e761c4bfce81 |
C:\LDPlayer\LDPlayer9\crashreport.dll
| MD5 | 4adc0cb2a5030bc22b6521af4c853295 |
| SHA1 | 9f7578696cb2d56e98ab036bfbd78a2e323c48a8 |
| SHA256 | 83a051c9a14cd4bdc9e7b9bfdd7115d0b6c7f2ad4e159d412cc0d2d82e92a295 |
| SHA512 | 328fb2ac63a18107a400a96d499f0d94ff10120e1813d9842d0dce12a3e63bfea6d0dac59f467137255225ae64a87bc19801d46ae28f112fd2ab3cae007f5b6d |
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config
| MD5 | 99d1667577646d6c467278a605cb36f4 |
| SHA1 | 3b64839cda7f29cb18cad225812a9e2fec6971af |
| SHA256 | 53a44d533cafd20276f4635338a4679a7c220f15906b16a92324178b4f27f541 |
| SHA512 | ed3c3e14ac1490c58801456d3b07a7ead91a87271775832c1c38c650cdb88751bfd91e30564e3034bbe1c4b256a79742419f4cf9c512d14bd4be7a65bbc4aac7 |
C:\LDPlayer\LDPlayer9\system.vmdk
| MD5 | 0cf106872bccfb943a43092decfb56dc |
| SHA1 | 99d820caa6f552dffd33ccc288238c79827e18b0 |
| SHA256 | 8878f31b41c023c6a2b3831a8b3db4f833c3ca9647c4bb47b345c4243dae57dd |
| SHA512 | e237db93773668ddc8a25817c791d14ff56955afdebb5d78c1255dc58b53ea0c2055c6472ae4483a701bdd0d07cfb13c8a82f3ebec44aa6a11011dd9230de6e4 |
C:\LDPlayer\LDPlayer9\system.vmdk
| MD5 | 5c0af44d0f62f156cb030ad9b6b74222 |
| SHA1 | 0502e966a90b21287bc9bb8440efb9de15692337 |
| SHA256 | 82e085802b96d5515b9c4753fefd92f3dafbf9272f58281158b9214ae3eb47d4 |
| SHA512 | a5058d4c8b47b7e84263af063e3ab7ab376cf2a6ccb9a616bba0139d21fa4c51c1eaa72cb6f9f4d505cb22c906e87804a47b5bfc63e68945b1b00a650fb7e7ff |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\DismHost.exe
| MD5 | 17275206102d1cf6f17346fd73300030 |
| SHA1 | bbec93f6fb2ae56c705efd6e58d6b3cc68bf1166 |
| SHA256 | dead0ebd5b5bf5d4b0e68ba975e9a70f98820e85d056b0a6b3775fc4df4da0f6 |
| SHA512 | ce14a4f95328bb9ce437c5d79084e9d647cb89b66cde86a540b200b1667edc76aa27a36061b6e2ceccecb70b9a011b4bd54040e2a480b8546888ba5cc84a01b3 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\DismCorePS.dll
| MD5 | 7f751738de9ac0f2544b2722f3a19eb0 |
| SHA1 | 7187c57cd1bd378ef73ba9ad686a758b892c89dc |
| SHA256 | db995f4f55d8654fc1245da0df9d1d9d52b02d75131bc3bce501b141888232fc |
| SHA512 | 0891c2dedb420e10d8528996bc9202c9f5f96a855997f71b73023448867d7d03abee4a9a7e2e19ebe2811e7d09497bce1ea4e9097fcb810481af10860ff43dfb |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\DismProv.dll
| MD5 | 2ac64cc617d144ae4f37677b5cdbb9b6 |
| SHA1 | 13fe83d7489d302de9ccefbf02c7737e7f9442f9 |
| SHA256 | 006464f42a487ab765e1e97cf2d15bfa7db76752946de52ff7e518bc5bbb9a44 |
| SHA512 | acdb2c9727f53889aa4f1ca519e1991a5d9f08ef161fb6680265804c99487386ca6207d0a22f6c3e02f34eaeb5ded076655ee3f6b4b4e1f5fab5555d73addfd7 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\OSProvider.dll
| MD5 | e9833a54c1a1bfdab3e5189f3f740ff9 |
| SHA1 | ffb999c781161d9a694a841728995fda5b6da6d3 |
| SHA256 | ec137f9caebcea735a9386112cf68f78b92b6a5a38008ce6415485f565e5cf85 |
| SHA512 | 0b18932b24c0257c80225c99be70c5125d2207f9b92681fd623870e7a62599a18fa46bcb5f2b4b01889be73aeb084e1b7e00a4968c699c7fdb3c083ef17a49f9 |
C:\Windows\Logs\DISM\dism.log
| MD5 | 468d0a480a23171bea7334b2443baece |
| SHA1 | 877900e8174e5bdbddb3386169ba2a0b6674971e |
| SHA256 | 4f2b24dbbb8ab490c9b5a29bcd1e9e8b3ed639df1e611f0c6347a72cfdcfd676 |
| SHA512 | 38d4fed4fecaabe2909ea3bfdeb8ffbdfac2e452da66808767f22a7d12cf2616e690be1c80d917b3c410c8f47d4f5d17c5c6d38783d59c82a5c9b686eeb73482 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\TransmogProvider.dll
| MD5 | dd415786e828009d88c669033c7af947 |
| SHA1 | 6c117cb945544f3f40c44b38306e62183834c0da |
| SHA256 | 637fa68695b4c4d2c6e0cd764ec98ab1c2c190ea8bcb88486a264055441b6a47 |
| SHA512 | c66f604449fa6d91af98df0c18b4334f945ad164b9ff1c6d7115e5f0498f4e804386f60b4d3556ac6a5bf64f344e3089b3638be6dd22174e2635490aad4e75fd |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\IntlProvider.dll
| MD5 | b097210e62a2d3ecddf5daa194342358 |
| SHA1 | c8fa90567b7d4243b676927e0296678607b627ee |
| SHA256 | 821799bfb18081055c980e31acadc14fb602bd62620154fe02b8d285586425e4 |
| SHA512 | 7148bfbb594cf456cfa5eee08853fbb0dc5e3918955d8ca8c69b8cb4fa25fd9d670519cc5dc11bb1feed20a5ac77168fabcebd02f31c6ea207430148756f4e9f |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\AppxProvider.dll
| MD5 | d491bd3ca083723ed3fc6caa40ee3276 |
| SHA1 | bbae10837abf0a490555ba2778ba8871795668a0 |
| SHA256 | cd1f1280792dfbd4da9e3b3974360156e78314931aa701fcdb3c8a8c7b01548e |
| SHA512 | bc9bb450c87bdd934d22584fde1712e2e6d150ad08a263770a280e9cd9c1bc2b30f8b33bb06e74b1e9105b0745a739aaf66653baad0af2a4b4412edd8e1f22ac |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\en-US\AssocProvider.dll.mui
| MD5 | 3a26818c500fb74f13342f44c5213114 |
| SHA1 | af1bfc2ca2a1dcbc7037f61f80a949b67a2c9602 |
| SHA256 | 421bbff0c63377b5fd85591530f4c28d0109bc1ff39162a42eb294f0d0e7c6bb |
| SHA512 | afa1d62788d24cd6d739ad78cff19e455b776a71904af1400a44e54e56b55b149eca456db9c686c3a0b515d7fd49d96dc77b217ec769e879b0937bedad53de7f |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\en-US\AppxProvider.dll.mui
| MD5 | f70750a86cda23a3ced4a7ecf03feebd |
| SHA1 | 1c2d9d79974338ce21561b916130e696236fbb48 |
| SHA256 | 8038c5177461aef977ac6e526ac0851bf7eff5928972462657176ff6b6d06050 |
| SHA512 | cfb6b5cdb451b12e7aee6e69ab743b91bec8bd417d4d2384def03010851fef0d7f2a65ff6349c4e62e564b44e742597aeb108e71a962a48020b1988a6c6f1a9a |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\CbsProvider.dll
| MD5 | b76c6e14fb04335a5825f43dee7dda4a |
| SHA1 | 204212cb2dd56384a6a6ff32f4cc1f0b18e7e088 |
| SHA256 | 329173b9ba2b42f9b64aaf185d3cb3459986f8a55f7020db80824cb05747ae1e |
| SHA512 | c07d7e5b769444d11963a8e0ef8e8f493198cb97d370a88a82638b7d8244bbd860c93d288e123719e8b9a9cc2402d076484b41b124fda59e890b63529c6d3fd4 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\CbsProvider.dll
| MD5 | f51151b2d8d84cddbedbeffebdc6ec6a |
| SHA1 | adc9c19aa0663e65997f54835228968e13532198 |
| SHA256 | 7fe4e4924fbbfdf6d772cb9d0a4963d49f6aa18b3c86a2e8df6ca49e22f79884 |
| SHA512 | 802b58617be5e92bfc0c7f8c8d7443128d81908ae99d9a4ce0a785f858dc7832c70dc305f2ad39c9f57db01c05f483f6bf949ad8811fc6fb255c5aee88c729b3 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\GenericProvider.dll
| MD5 | 20fb116831396d9477e352d42097741c |
| SHA1 | 7e063ac9bc173a81dc56dc5864f912041e2c725a |
| SHA256 | 6a940ba16154c4a1729b8560b03efb5f2558d66b10da4a5ec26c1299ea713bc4 |
| SHA512 | 851843da748555eba735e1f5457044f24f225bd029534019814a6d1baf2e0bd1f171d297c362cfed5977274b266e823b7ad131ae2512568f7a5f2e3ea498b69a |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\DmiProvider.dll
| MD5 | e54120aa50f14e0d3d257e77db46ece5 |
| SHA1 | 922203542962ec5f938dcb3c876f060ecf17f9dc |
| SHA256 | b5fb1a5eb4090598d5f878cdd37ed8eca82962d85995dd2280b8849fba816b54 |
| SHA512 | fbce5d707f6a66d451165608520be9d7174a8c22eb9827dfe94d98718e2c961f15ac45583b1743f3b8078b3fe675992d4b97bfc5e4b893b60328d94665f71dc9 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\MsiProvider.dll
| MD5 | eb171b7a41a7dd48940f7521da61feb0 |
| SHA1 | 9f2a5ddac7b78615f5a7af753d835aaa41e788fc |
| SHA256 | 56a8527d267116af39864feca528be5b7a88c3b5df94750154b2efcf2fda5d55 |
| SHA512 | 5917266aed1a79ee4cb16bb532ccae99782d0ee8af27cb42a6b39496c3de61c12a30ce524a1a66cc063101ebcfac957d1b129aae0b491c0587f40171ba6bae12 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\SmiProvider.dll
| MD5 | 46e3e59dbf300ae56292dea398197837 |
| SHA1 | 78636b25fdb32c8fcdf5fe73cac611213f13a8be |
| SHA256 | 5a0f1279013d1d379cb3a3e30f1d5be22549728cd9dc92ed5643eacf46199339 |
| SHA512 | e0584da3c302ea6ffa85932fa185500543f15237d029fdc4b084aee971ec13967f9e83cad250bea36b31f1a3efb1cc556da7dd231e5b06884809d0af51ebdf8c |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\IBSProvider.dll
| MD5 | f6b7301c18f651567a5f816c2eb7384d |
| SHA1 | 40cd6efc28aa7efe86b265af208b0e49bec09ae4 |
| SHA256 | 8f4e3f600917d49ada481ff0ed125fef4a316b659bb1197dc3036fc8c21a5a61 |
| SHA512 | 4087d819706c64a5d2eed546163c55caacc553b02dc4db0d067b8815d3a24fb06ea08de3de86aac058ff2907f200e4e89eef2357ca23328aaacbe29501ea3286 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\AssocProvider.dll
| MD5 | 702f9c8fb68fd19514c106e749ec357d |
| SHA1 | 7c141106e4ae8f3a0e5f75d8277ec830fc79eccc |
| SHA256 | 21ad24a767aeb22d27d356bc8381f103ab620de1a47e374b9f961e44b543a358 |
| SHA512 | 2e7d403c89dacdda623ed1a107bac53aafde089fdd66088d578d6b55bcfe0a4fc7b54733642162bd62d0ca3f1696667a6f0cb4b572d81a6eefd6792d6003c0d9 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\IntlProvider.dll
| MD5 | 34035aed2021763bec1a7112d53732f1 |
| SHA1 | 7132595f73755c3ae20a01b6863ac9518f7b75a4 |
| SHA256 | aac13ddb9ab5a165a38611f1b61229268a40d416f07740d4eefba1a8fcf7c731 |
| SHA512 | ea045aa46713133a5d0ad20514cc2a8c8fffb99b4e19c4d5262f86167cfce08a31d336222fd3c91e6efbfd90312bb2325337aa02a8489e047b616085fdf46c1d |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\SysprepProvider.dll
| MD5 | 4dfa1eeec0822bfcfb95e4fa8ec6c143 |
| SHA1 | 54251e697e289020a72e1fd412e34713f2e292cf |
| SHA256 | 901cea68c7a158a1d9c030d3939f8f72057d1cf2f902aec1bc1b22a0000c0494 |
| SHA512 | 5f3f710bef75da8cddb6e40686d6a19f59fbc7d8a6842eaceb9a002ab284a91ecf48c352171e13f6a75366610988e67710439f1dde579311ebbb3cd9e4751aa4 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\UnattendProvider.dll
| MD5 | 7c61284580a6bc4a4c9c92a39bd9ea08 |
| SHA1 | 4579294e3f3b6c03b03b15c249b9cac66e730d2a |
| SHA256 | 3665872e68264bbf3827c2bf0cfa60124ea1d87912728f2fc3685dce32855cb8 |
| SHA512 | b30b89d0d5e065042811d6ff397d226877ff698aeb1153681692aedabe3730e2f3746ad9d70e3120e336552bab880644f9ead0c91a451197a8f0977a2126a0fe |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\OfflineSetupProvider.dll
| MD5 | 3437087e6819614a8d54c9bc59a23139 |
| SHA1 | ae84efe44b02bacdb9da876e18715100a18362be |
| SHA256 | 8b247665218f5151f0d19f59ea902a7c28f745d67a5d51b63b77242ffb4bdd74 |
| SHA512 | 018e88f6c121dd4ecaceb44794e2fa7a44b52ddb22e7a5a30a332905e02065cbc1d1dcddc197676277b22f741195c1b7c4c185d328b096b6560b84e9749d6dde |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\WimProvider.dll
| MD5 | bcf8735528bb89555fc687b1ed358844 |
| SHA1 | 5ef5b24631d2f447c58b0973f61cb02118ae4adc |
| SHA256 | 78b742deddee8305ea06d77f296ad9fe0f4b4a27d71b34dcdff8ae199364790c |
| SHA512 | 8b2be4e9a4334a5fc7f7c58579c20974c9194b771f7a872fd8e411d79f45fc5b7657df4c57ad11acb915d5ea5d1f0583c8a981b2c05104e3303b3ee1469b93f5 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\EdgeProvider.dll
| MD5 | c22cc16103ee51ba59b765c6b449bddb |
| SHA1 | b0683f837e1e44c46c9a050e0a3753893ece24ad |
| SHA256 | eb68c7d48f78b46933acba617cf3b5fcb5b8695c8a29295a9fa075f36910825b |
| SHA512 | 2c382aaddeca4efda63162584c4a2338ffcc1f4828362ce7e927e0b39c470f1f66a7933ae2210d63afb5a2ae25412266fde2ee6bdb896c3c030bdc08b67ec54e |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\ProvProvider.dll
| MD5 | 2ef388f7769205ca319630dd328dcef1 |
| SHA1 | 6dc9ed84e72af4d3e7793c07cfb244626470f3b6 |
| SHA256 | 4915b0c9cd8dc8a29dd649739974d244f9105dc58725f1da0d592af3b546e2bf |
| SHA512 | b465917424dd98125d080c135c7e222a9485ed7ec89004f9a70e335b800e5b9419fbc932c8069bae9ff126494174cf48e2790030dd22aa2d75b7b9d8ccff752b |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\Ffuprovider.dll
| MD5 | a41b0e08419de4d9874893b813dccb5c |
| SHA1 | 2390e00f2c2bc9779e99a669193666688064ea77 |
| SHA256 | 57ce7761531058f3c4289b1240bea6dc06355c9c4b4e88b9c9c0df8012edc5b3 |
| SHA512 | bd370e49da266148d50144c621f6415bdd5358e6274b1d471b8d4ee1888d93774331c3f75e6cb99782f1c8e772981cbc5a4baf5592c6400f340407dc670e547a |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\Vhdprovider.dll
| MD5 | 8a655555544b2915b5d8676cbf3d77ab |
| SHA1 | 5a7529f8a6d50d3f4e13b2e3a0585f08eb0511a2 |
| SHA256 | d3a2dd7d47bfbb3897b927d1b7230b5b12e5fd7315d687458de15fbb08fb7e27 |
| SHA512 | c6da649ae3c3688065b37bccfb5525ade25ba7bc3b163ad7d61f3b3d1c4957c8fd6c9f2bf23b0dbc4fffe32e980acb5a5d3895b8a012c5ed086e3e38caee2e93 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\ImagingProvider.dll
| MD5 | 4c6d681704e3070df2a9d3f42d3a58a2 |
| SHA1 | a9f6286ac25f17b6b2acd1fce6459b0bc94c6c81 |
| SHA256 | f1bbab35b2602d04d096c8de060b2a5cf802499a937fd1ffe749ff7f54852137 |
| SHA512 | daa0c723312680256c24457162e0ef026b753ba267f3e2755f838e2864a163802c078d8668dd2c2064cb8887f4e382a73d6402a5533b6ac5c3cbf662ad83db86 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\ServicingCommon.dll
| MD5 | 07231bdae9d15bfca7d97f571de3a521 |
| SHA1 | 04aec0f1afcf7732bc4cd1f7aab36e460c325ba6 |
| SHA256 | be75afbbc30cad7235adf03dcc07fcee3c0c330c89b00e326ebbef2e57df5935 |
| SHA512 | 2a46e0657e84481faf5c9d3de410884cb5c6e7b35039f5be04183cdac6c088cc42b12d0097e27836af14699e7815d794ca1cec80960833ab093b8dc6d44e2129 |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\TransmogProvider.dll
| MD5 | c1c56a9c6ea636dbca49cfcc45a188c3 |
| SHA1 | d852e49978a08e662804bf3d7ec93d8f6401a174 |
| SHA256 | b20b3eb2df22998fd7f9ff6898ba707d6b8833a8274719a5e09d5148d868faaf |
| SHA512 | f6db05e4644d734f81c2461e4ad49c4e81880c9e4beee13dbbda923360ef6cf4821fccd9040671b86ab2cd8c85fc313c951c1a69e4df14d94268753ce7ae5b2e |
C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\LogProvider.dll
| MD5 | c63f6b6d4498f2ec95de15645c48e086 |
| SHA1 | 29f71180feed44f023da9b119ba112f2e23e6a10 |
| SHA256 | 56aca41c62c8d0d1b26db3a01ef6c2da4a6a51fc963eb28411f8f7f029f1bfde |
| SHA512 | 3a634340d8c66cbc1bef19f701d8bdb034449c28afecce4e8744d18181a20f85a17af3b66c8853cecb8be53f69ae73f85b70e45deac29debab084a25eb3c69dc |
C:\Windows\Logs\DISM\dism.log
| MD5 | 23677dd8a09b5a6e2f12627a9b09223b |
| SHA1 | 16423c5990dd9d5dff5cedbd03464e927c0d5a0b |
| SHA256 | 52cb4eb2cce86325877b69ae868b428e846907610ac0bbfc40af6424f321bd2d |
| SHA512 | 6e20c434515c3b1345b279f3a95e34a8758bd89475b9951de854412ce45c3e090271b670b6e54c4813f57af45208fd6b43095b8955b0132216e554618b551c8d |
memory/3724-671-0x0000000002970000-0x00000000029A6000-memory.dmp
memory/3724-672-0x00000000728A0000-0x0000000073051000-memory.dmp
memory/3724-673-0x0000000002A60000-0x0000000002A70000-memory.dmp
memory/3724-674-0x0000000005450000-0x0000000005A7A000-memory.dmp
memory/3724-675-0x00000000052E0000-0x0000000005302000-memory.dmp
memory/3724-676-0x0000000005BF0000-0x0000000005C56000-memory.dmp
memory/3724-677-0x0000000005C60000-0x0000000005CC6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_edpmhjgt.2i2.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3724-686-0x0000000005CD0000-0x0000000006027000-memory.dmp
memory/3724-687-0x0000000006190000-0x00000000061AE000-memory.dmp
memory/3724-688-0x00000000061D0000-0x000000000621C000-memory.dmp
memory/3724-689-0x0000000002A60000-0x0000000002A70000-memory.dmp
memory/3724-690-0x0000000007170000-0x00000000071A4000-memory.dmp
memory/3724-691-0x000000006F2E0000-0x000000006F32C000-memory.dmp
memory/3724-700-0x0000000006780000-0x000000000679E000-memory.dmp
memory/3724-701-0x00000000071B0000-0x0000000007254000-memory.dmp
memory/3724-702-0x0000000007B10000-0x000000000818A000-memory.dmp
memory/3724-703-0x00000000074C0000-0x00000000074DA000-memory.dmp
memory/3724-704-0x0000000007540000-0x000000000754A000-memory.dmp
memory/3724-705-0x0000000007750000-0x00000000077E6000-memory.dmp
memory/3724-706-0x00000000076D0000-0x00000000076E1000-memory.dmp
memory/3724-707-0x0000000007710000-0x000000000771E000-memory.dmp
memory/3724-708-0x00000000077F0000-0x000000000780A000-memory.dmp
memory/3100-709-0x00000000728A0000-0x0000000073051000-memory.dmp
memory/3100-710-0x0000000004AA0000-0x0000000004AB0000-memory.dmp
memory/3100-711-0x0000000004AA0000-0x0000000004AB0000-memory.dmp
memory/3100-720-0x0000000004AA0000-0x0000000004AB0000-memory.dmp
memory/3100-721-0x000000006F2E0000-0x000000006F32C000-memory.dmp
memory/3724-732-0x00000000728A0000-0x0000000073051000-memory.dmp
memory/3100-734-0x00000000728A0000-0x0000000073051000-memory.dmp
memory/4584-737-0x0000000002E40000-0x0000000002E50000-memory.dmp
memory/4584-735-0x00000000728A0000-0x0000000073051000-memory.dmp
memory/4584-736-0x0000000002E40000-0x0000000002E50000-memory.dmp
memory/4584-746-0x0000000006150000-0x00000000064A7000-memory.dmp
memory/4584-747-0x0000000002E40000-0x0000000002E50000-memory.dmp
memory/4584-748-0x000000007FB40000-0x000000007FB50000-memory.dmp
memory/4584-749-0x000000006F2E0000-0x000000006F32C000-memory.dmp
memory/4584-759-0x00000000728A0000-0x0000000073051000-memory.dmp
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 40e3c6e501b029b5dd649aca4f72ae1d |
| SHA1 | fb10bada27bab409b38735c20cd5f2bd1a7da981 |
| SHA256 | c79256c217623968877fef431e45e39c9b8acaa9f7d9242367dad707e2600486 |
| SHA512 | c16e0564073c06333f4dd4a6671291dffaa01bf9aa6f91ddf9c171d4e49e3c4d7dad7fe9ba7098fd07484161d72a67157585d0290f8a032bd3f80a7831cfee84 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | e4968e2bb7b526381f192724f21c6569 |
| SHA1 | 7bbb78e47a529b84012ce26fd444a4f84dacb115 |
| SHA256 | fcf15c2b1da76b6be977943ba0404d8ae993bf69d9df2b0aa5fb04c21fd431cc |
| SHA512 | db08c93595b6353c3b00fdf578ba94663ab8c0afdcd71a835e2951b9a1855aee1bb591dc933676044fe0e0915e9852bc9b39e1cd412efbb0c3a606a2b9baca47 |
C:\LDPlayer\ldmutiplayer\libeay32.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf
| MD5 | ff1660e8dc88bf430a0cf6e684802fe3 |
| SHA1 | b09baef6de1f37c6278f92226023a7d2b5c3ef07 |
| SHA256 | 64545ae9328278ffc5431719b5dfb86e5fd55c20bd7ebd69f703f6e665817d99 |
| SHA512 | 6f14807a22823eb291065e5f524a7573d625f99835715af7573eb461e8b23e012d7019f63bfabad8fd13444502b4a94d86cccf02014974c290d11882f9535d94 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc
| MD5 | 930457d324eb3925ce05153211725045 |
| SHA1 | cf1c7326bda090d82d9822d259a1ef976d05b744 |
| SHA256 | d6e1c51ed9d87a3b8afd579fcb5201a69c6eb4064bfa02ec597b5f6fd01e6ff6 |
| SHA512 | b7d506bdc1cf216d2ca74c466996ed6bdbb6ac026fbb2cb9968f216291aa13c9cd07260fff7ccc299a323800e815d9b56daa1cbeaed7cbd4f4ae1592a9aac98c |
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | 077be80ff045e6ab0d057ef94992e699 |
| SHA1 | 3ffde6e53208d7431022df0944eb03ab464b592a |
| SHA256 | 06edcdc1fde9157c45ae5204f2cac7884e2bf057196db9bc8e6d0e610a3d93f6 |
| SHA512 | 643f19e1104cfb9442144b61cf1b2af5296f1bd1ad546f2cc2f47f6b573053b5094e51ec5bcb5a1d465a9c65c7cf302d1714dc97aed80f50b0a43d252620260c |
memory/1360-837-0x00000000729D0000-0x0000000072C21000-memory.dmp
memory/1360-838-0x00000000735E0000-0x0000000073604000-memory.dmp
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | bc8ce9d9627d4d40d4d80c8777e74948 |
| SHA1 | 0e440ad2f68487b3feeace7a0fcbc3417a12d98f |
| SHA256 | 4e4e5015383dae409232dea003fbf29356aa33d92b1a3502458e647613f75b01 |
| SHA512 | f23fa16239888ad7174f6b344078e52b01a4dfafd42e41a56940c65de8dd905c400e89c0f86dee3ad20c77362105b0d2a8386c40eb67133510d05c73202fec30 |
memory/1360-854-0x00000000767C0000-0x00000000768B0000-memory.dmp
memory/1360-851-0x00000000367C0000-0x00000000367D0000-memory.dmp
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 0f6d45d30f4df9ac059cc0a615652ded |
| SHA1 | 289aa9b944ef46f8bf66bad5edad9075f9c3d072 |
| SHA256 | 83cc6add69f7659d71f1da06d7ef6bdd942ab08e82b8de07931246a845e150c6 |
| SHA512 | 78614ba49d226856394943ee6fb8c92f41ae883e4d385496d78ad5f1b519367c282efa6b11676027a80daf39d4da13702c32353532ddb4b7ac2a33795d0b89a4 |
C:\LDPlayer\LDPlayer9\system.vmdk.lck\E04949.lck
| MD5 | 6e60791c03a4931423c766ea55468c3c |
| SHA1 | 060c85cc47443ef1eb0f2dfbb543dad0306c9785 |
| SHA256 | 9567470e1c77111075efd3e7d784dc2dcf2b4862af21d10bd3f4d3116e9c8b51 |
| SHA512 | 5f237a84ef8f8ae26f731412285812c97b35ef2e1f9ecd058558a450e879b9d5614a2d53688b818f1a711777de5d97263f3969554bb1f878bc2adbc066a1c64a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7c194bbd45fc5d3714e8db77e01ac25a |
| SHA1 | e758434417035cccc8891d516854afb4141dd72a |
| SHA256 | 253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3 |
| SHA512 | aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d |
memory/1360-923-0x00000000767C0000-0x00000000768B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | caaacbd78b8e7ebc636ff19241b2b13d |
| SHA1 | 4435edc68c0594ebb8b0aa84b769d566ad913bc8 |
| SHA256 | 989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a |
| SHA512 | c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b3a929e4bea6d9e663965d6be3a560df |
| SHA1 | 5f640143ea6a8849de0fb5b73dc3f0de10f43569 |
| SHA256 | ae7f999af68a066056d2d7e8b3a9374da8b29b8506a1356414440f4c5d689421 |
| SHA512 | 594b35e4dcd6a76148681e6396707221ddf6163b1df853d1271edcacf761dedab993f977ac137c9ef3548a865b0ab67fed4c29e29c405cd40289f72d4012ad3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e00619a5d1859397bd8021876d82e92b |
| SHA1 | 9ec48e8ba29438fe6d7df79463f5044ac2f2f77c |
| SHA256 | c611aa6b542aaf6367f81324b455e283c83fc1e167b573e314d8e7bbbd068201 |
| SHA512 | 4b422c742004548c4e3d020258ddd33604a546564951287a642fd6c1c53db3c22853d65769a52f0fa8e63f7bbed6bfc76708c2941a9f06a86f9c192bbb36db29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cbbb1d0f41a0944b4bf9decbcca3c336 |
| SHA1 | 16823ea5cf6adc62a9a58b353a9608f33d71b881 |
| SHA256 | fb3eada7969b1d054a79ac11ae63b79a0c2053f572bf86f2333eed2993725714 |
| SHA512 | 3cb359cb91c4185eea1020f1c81051fdef40ae8a4c1990aa576e55af34bcd182940c7acabbde31df301ec9c9479e634bea243ff2f95b7f92cf86f6b48ecb2373 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\LDPlayer\LDPlayer9\system.vmdk
| MD5 | 7534954a233402660f7e6534130ce955 |
| SHA1 | 8ae81f41e63e2f78158554f95361a3e121abd4b6 |
| SHA256 | a9ef53359ef4e0d293ea83d3ffce7add086483620dfa28c4cd5b98b47730f9cc |
| SHA512 | 48f5c831b042509b5896a51ac51016f4e7a0f6cafd9f74016702275772b204604790a9db97db12d38269a080a57561bf4249f72ed0f3130fd4eaaac9bdb5c9fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d13862859772777e2f88285012d5e791 |
| SHA1 | 765be587429077ef782a5c216df1568807501c0a |
| SHA256 | 8b001db372ad6899a7f53ed0614213e52d43ba1aa8cbee4faaf06542f43de1e2 |
| SHA512 | 56a77d8943dfd94fd07c1d0a6aaf221be1a085fe09b77fd5494f6d32a2b30ed158dce8fd59db32bbf9895c3f7603c2540e94466a3da17df725f0ea58d48a6484 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8207b581e61f7a0ce5523610a148f382 |
| SHA1 | 6c8d954b72696317066b8899771ede5070cdd284 |
| SHA256 | 2b020c022d9b16ece1cdb391a1d61dd7c208a7ce9d3213018d301f564a6857a4 |
| SHA512 | c049fcfd27ae313eede7421d79adc95e96f4575d70d98bcc8f482caae33cb331955bcbcb88cfa39f38ae3988caa7de9c399141e5b4e3242442a9f2ccfedd16be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 2473640b7cc1c25af2ebd10066a5ac97 |
| SHA1 | 7a92b411c8220bea9b7a505154929fd567ac1866 |
| SHA256 | 5b86a6503acafb919848af9d18b10436741c2cf6c6a1f1b447f804b806e5e7eb |
| SHA512 | 9bb403a4096ebeeb09a09750243f0956380bea72456d243f5c6e43ea7e187100ba798396985e32490d819cd1cf9cb70b9b5566621191e5362a417a483c92c74f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | b6eabce1ca89cd9c4e328e8455199cd8 |
| SHA1 | 0d450470d87a56363122763f46042cb5e20a44d3 |
| SHA256 | 22b546aafc021b918993b28bca3ccbb89e54d3a93d8d77d2410c3b0668ba3888 |
| SHA512 | 2cd44882a133e7dab8fd859a900d864431fba074f82a0f709809b203884fbab9ef5d6ac6a46e08d5b6ed50cc02c12934c3aefdec4cd6e1fea797ef0b0fac7688 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 89a574ff00e6b0ec61d995d059ce6e65 |
| SHA1 | aea09e96808ab77165ffa712eaa58b8f056d0bb6 |
| SHA256 | e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44 |
| SHA512 | 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | cfa2ab4f9278c82c01d2320d480258fe |
| SHA1 | ba1468b2006b74fe48be560d3e87f181e8d8ba77 |
| SHA256 | d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e |
| SHA512 | 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 05e9679509b61424a07cc4d4efb7247f |
| SHA1 | db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81 |
| SHA256 | 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b |
| SHA512 | 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | 36cef9b921a5e7269efe992096d8daee |
| SHA1 | a0bed6e494b1758ebad93a919a199c7ad03bf4e7 |
| SHA256 | c7a8e332f0ab4329e453e9bf8f703782480239192af59666ffb7ac02f047f0c7 |
| SHA512 | 6d8a39a928a97ab828fd6dc9ed1852e2cee8c98d3b4c716cec586f351a6835713685b432b81773ff5abf60c2a1800125941ab373b2fbf17a2a00e56dae7bc04e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 8f4f4a43d478db32b383b35475ae4a3d |
| SHA1 | bf1ea27537bb3a3abb0b0b9f089b163c9a34f707 |
| SHA256 | fb3ba4d4a721bb8b52cd6623ee9353509bf7f069b19c16f59eecb1713e367808 |
| SHA512 | de43b3eb1c753623d591e067f0a8ed9ad33d760a0eaddc8d85a9edae5fa0dc8443e5127c86f51e7a2072cf894f5e3ac6da61880ec16dbd9889dfd079e80c2cf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | d453eca18d366c4054d2efd57717cf9d |
| SHA1 | c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4 |
| SHA256 | be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc |
| SHA512 | a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 47953bcd62e93772ee22d834d1438f17 |
| SHA1 | 5d1dd3b5dcb3e1fd32d552eaf0e583ef02f2acd2 |
| SHA256 | f17878d7c848d8cdc3652e58692f7636a9d19a48e94030d64009dfd66b0e8425 |
| SHA512 | 5590afbb8a596d3b4f329458f05c5be230048a1e65aa9559aa18ba5e46a14362788e61e728dbe0ecf9fea6caae8b455dd6e29cb50b497f85eafd0f89c5b5910c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | e22be493da1dc48a98d8d6f0178cd1f6 |
| SHA1 | 8c9b7faba91939dd36b502417d1a9eb35714314d |
| SHA256 | ac73feacde76fe096b76b0e319ffd553366a25e73b326c4bfd0d565e0babc845 |
| SHA512 | b471700ab86108c321ede5c805bf043be8b13fd1e7073ab072a99f45a417eec3b627501a5d996eb0665303397f99b59c4270993c54e613e7d9438c74ca494257 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a2f42e0b659724bfa355b05b121f643a |
| SHA1 | edfff93f328e633629d64f1fc02e11142239f157 |
| SHA256 | 148e6773804d8b143cdd9fb8dd0247dd9b3886a6dc0cf735703a126d7798543c |
| SHA512 | b3485bb96f06b4d4c38f19ebbc32db3076d8cfa3d3aaedc066e3d94dea37a22f739b4d176d122444cd74ea1f8f49eb1791d3c8f0ef01ff3f8440d7bdcac334fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d1c55.TMP
| MD5 | 86ddef361ea1867bfbef24834cb6ab62 |
| SHA1 | 951473ac52102184a8fd1971294aa774ef599ac0 |
| SHA256 | f99a3431956e2eb247eecf26ff069fcf54428061016a3c1315a90ea3e6bcc1bd |
| SHA512 | 29ce7c11056b5feac5e683e92727f6f7fc0a85c0536c30bb5bf839908a8a9e617687df08ec7c3f2892abb00a3e9d80350ef6eb6651048b72a5b1cb3eee0a484c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | af8f11bc43c59c22e6a6a928b12e78cd |
| SHA1 | f0afad604c78a04153bdbc205956e1525f5151be |
| SHA256 | 286c1a8527e1f3cf3b9ce8d28ab0a128f1807f0fd227512d1c98cc28ae512b0d |
| SHA512 | 753074ca93dcf16769f857f349284272a8055a2d37cc5fe579b46afbeca3cb20f13c39177449696b9dd3e05014f17a6aae2aecc4cee003cb95cef9e40f428482 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2bcd7c01185a835c4d79c892c95d992 |
| SHA1 | 906672f4fed1bd44c88468d570fb4879e5dc8cad |
| SHA256 | 1784c296eb415727422f9f2d690dcb7cabc126754739b69d40669d95420eb282 |
| SHA512 | 50ed1ed2be69b9471924e60c9e6ffe4c56ce7ea1a5c0e92569606124c02042542bde4c7916a17dae09b379bb1c7a3e3c046acc5f5d02d94a42f63e40847dc9fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | ca851ba732a77513de4d01a7a2715057 |
| SHA1 | ad77f0b1794ff71f62b908eb72b28cd267df4d0d |
| SHA256 | 34cc70ba0e0821f1c90b44019408adf164a4e2c9ee41212b0bcb70ec631bb7d7 |
| SHA512 | 984c694d2f94f60329fa1b9059dc9f91c761f1cc7aa38b68228eaa598477178977bd52f18a17c1f7609671ff5e99af430210bf9a2eda6828df7db77b32a71566 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | d7ab34372c3354cce1155292d78a16af |
| SHA1 | aa4029dbd7a088d4dd1af5dd282e21c0024aacd9 |
| SHA256 | fa67ca3a712b8fda45107556936305a84004754afa3540e1727328e9a1c0de33 |
| SHA512 | 55883a8d24112a7c49a361cd10d30c461342d88e790d6d5afc194f2e75867889302a1fa9e9f873e897514fec593aa55c8b2475f9e18b0ae78ec98d6ef7c11216 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | c7174bb44a5d8a34405fbe4f6863aa43 |
| SHA1 | 711fa524e3ad46083273b3fda65eadbbbb56eb18 |
| SHA256 | 80407b0c6aa2af0ebdfc6926d93465e8a40bc02e64aed26d43dcc1bc9b2e97c5 |
| SHA512 | 465a46788e8a0a666848bf353834fe9698ba13e2f6bdfaa8418e8b94d8f77328fc5d12c52f52e928bfa6f29fd15edb3effc43d13b56210293f97b3384bacc8ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3d2c0bc95691a359fff02e4cffc01def |
| SHA1 | 7ead4376a56ad285bae72b88d4ae111cfaf6cc0c |
| SHA256 | cd3d6e8dabe09ef39277deb0cdcc27663331f635e0ca908505dbdf236665537d |
| SHA512 | cc1f3aa5f6f557adef7f2391e4babd85afaee9431eb7e02df53fff602bb85694d9fa4752ab427f239c7e4c47c41aaf1a8e8a882f31a0a690664d0ff6dd8d4174 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 26b7962db99dc90fd6c02500c89d6a8a |
| SHA1 | f97f323c4a6fa32c4dd1b11df6007642a2d03d4c |
| SHA256 | 5e3931e3c21b934092d7b3d327bc05f5b2b1c7f0a8d60009f5c5749f974bec16 |
| SHA512 | beaf56510d538ba22f6b7677db8db28a6adcf62af3cb182eae554ef6cd043577f6f3475df69877d638c236960cbaa9655ebdc6c09365b16339f7092fa8816847 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad4cdc90a7633669_0
| MD5 | 6351079aeed05dd14d497737762ba954 |
| SHA1 | a47006f7d867227f1ce698a841621c8388b8a45c |
| SHA256 | 9f9102c985e2b2a26ce95be3bfb72292848a3443c8539d422c1cbeaeae3a2605 |
| SHA512 | 36f44547ec83417c766d0bcfd6c56e6351e5a665d6badccdab86e9580bb40457c3120a785980c2ffd309875bd5e242b70987697ffeb6112438ad182a74ee4c78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53b92fbc4d68952f_0
| MD5 | 3d49a51cde02199faf4b5510de05e3ab |
| SHA1 | 36593d9b7b86e142636bb5b6720309a9c78f4efe |
| SHA256 | eb56665de1fc06f10276582e7c05be34f2bf569192320d5f0edda9a239c03b9f |
| SHA512 | 636da3b46213e653efde056a46cc44b4601a50d7cbed533e91b6c7fa398480875430168b95fd70afa9f5c9804378615ad4d388d1cc5a7fbb6c10e0bdd21b2b2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\55153f9885059735_0
| MD5 | abb111ed77355352d5adc604c86dd7e3 |
| SHA1 | 8ea7933e7d97f0b800ca4e74b1a8501ccf2ac663 |
| SHA256 | de1c8d415b3ca166c9e75d0307df9f37d237c5cb9b3963f44b2999a5c5d07153 |
| SHA512 | 2be0e420c8702eb846456b3ad128220b9d364df156441fd3f2de613b20b8437e97135b14b4c9a52754225c3dffaf552b0a9a9462390f50d386f964cdcc760a01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | c15d33a9508923be839d315a999ab9c7 |
| SHA1 | d17f6e786a1464e13d4ec8e842f4eb121b103842 |
| SHA256 | 65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98 |
| SHA512 | 959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 24f9d4cc7e8c2fd8f7106a9132959fd6 |
| SHA1 | e3baa42299754bb3123640e4e384fc8f750224f8 |
| SHA256 | deb2260b5f3a62cf8462f6a0428e160d6328dd8e49b765771e008cac3462a88b |
| SHA512 | 40fbe248e71791c72436290678c49a00ab816279da65aa0b38b3d4f3fb578b76dc2f90c8bc6c35e2ec591cbe69169351aeadc3bdb9a51d57c790adfa33c24d85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
| MD5 | 2335c53afb1602527663457cc9c69410 |
| SHA1 | 8f5fc5d6c267d93a855106d908eb3e29c6b77d11 |
| SHA256 | 9eace0b1569f237f159f7f0a949ba8c435b994331aea1f5c7f73c88d2383da89 |
| SHA512 | fb5c29cc151f75126a610aa2b81f05f0cc74ae3a115846ae3e0ea2ce5d233b48c3807868ea9043945de64107af790931fd44938ba28e8ceb90c0d549b0834984 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 8a42ba5472aa4afa3d3ac12f31d47408 |
| SHA1 | 2add574424ac47c1e83b0b7fae5d040c46ac38a7 |
| SHA256 | 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4 |
| SHA512 | 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 589f5285cf0c17d2f832651a31d1c431 |
| SHA1 | 49ec278df6dc45c1ea0554c0299cfd934462ac6f |
| SHA256 | f9902bf2e05df5b22ea6a5d0fc1c583085dfaa73b03c3f198d35bfae178aa239 |
| SHA512 | e425672a259f1b17ac620e106fc39120c37cdf2626e90c9689e8ea19da94b57d18b8d0fbf07e86c27946f03d36a4b27e6b63d6bbf599315c684195b837699d24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2f3fe74665122e8_0
| MD5 | 79b4ccb0af6706316d9695590c487a8f |
| SHA1 | 86417dfb3d7e33cad88dd32595803db7ebfea503 |
| SHA256 | 4825d7ef8c7fb758a47a027c66e09b8ace4e057177b518c3690e91508673b86c |
| SHA512 | a3a73dadccfd9e218123b8b9bf2de2c6374ed181704a1dce90d560d8d0b83786cf6e3316c64749576ad1c673731ba87ae60fae8bb6976b8d1c8817d23d0e1411 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c644062b95acf88_0
| MD5 | 4956744c46cf38fa092b4c6e2d100dd7 |
| SHA1 | 95e294cf8c7a80207d33eeaa299479709f87a7ea |
| SHA256 | 205bf4aff7b9710b9f3ad6897aa7a9c1f48fc71e1249a0ff0b918cd69485b31a |
| SHA512 | 503e3eb3b9cadcb9fe5fbf18e0733fda05a228e62a9a9258559c82b7b262c5b5bdafb387fc872356506b44418eb34359dafcaae48114a979029b18aae2aa0afc |