Malware Analysis Report

2024-11-16 12:23

Sample ID 240319-qx9awsdc52
Target LDPlayer9_de_1103_ld.exe
SHA256 5717c1e68860552f27d4716b5df35386b6cd926cf86cdb08f4011d567be16d7b
Tags
discovery exploit persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5717c1e68860552f27d4716b5df35386b6cd926cf86cdb08f4011d567be16d7b

Threat Level: Likely malicious

The file LDPlayer9_de_1103_ld.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery exploit persistence

Manipulates Digital Signatures

Creates new service(s)

Possible privilege escalation attempt

Modifies file permissions

Drops file in Program Files directory

Registers COM server for autorun

Launches sc.exe

Executes dropped EXE

Drops file in Windows directory

Loads dropped DLL

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Runs net.exe

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-19 13:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-19 13:39

Reported

2024-03-19 13:46

Platform

win11-20240221-en

Max time kernel

202s

Max time network

401s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_de_1103_ld.exe"

Signatures

Creates new service(s)

persistence

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustFinalPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2223\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2012\FuncName = "WVTAsn1SealingTimestampAttributeEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\FuncName = "DecodeRecipientID" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLREMOVESIGNEDDATAMSG\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-string-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\capi.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\NetFltUninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-localization-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\tstVMREQ.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\dasync.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-convert-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcr120.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5PrintSupport.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxHostChannel.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-rtlsupport-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.cat C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\tstInt.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\USBInstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcp140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\tstPDMAsyncCompletion.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\fastpipe2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxExtPackHelperApp.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\capi.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcp120.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\tstSSLCertDownloads.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-util-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-filesystem-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\EGL.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxSup.inf C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxVMM.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-timezone-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-stdio-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\GLES_V2_utils2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\libOpenglRender2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\bldRTLdrCheckImports.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-memory-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\ucrtbase.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\SDL.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxStubBld.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\concrt140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\host_manager.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-conio-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxGuestControlSvc.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VirtualBoxVM.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-convert-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\regsvr32_x86.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-processenvironment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf.inf C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxNetDHCP.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\tstAnimate.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-debug-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-locale-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\load.cmd C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcp100.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\libcrypto-1_1.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\vcruntime140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\regsvr32_x64.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxStub.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxGuestPropSvc.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\platforms\qoffscreen.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDbg.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" C:\Windows\SYSTEM32\regsvr32.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\NumMethods\ = "16" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\NumMethods\ = "16" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9849-4F47-813E-24A75DC85615} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-71B2-4817-9A64-4ED12C17388E} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3188-4C8C-8756-1395E8CB691C} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\NumMethods\ = "15" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E254-4E5B-A1F2-011CF991C38D}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44A0-A470-BA20-27890B96DBA9} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4022-DC80-5535-6FB116815604}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B855-40B8-AB0C-44D3515B4528} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\NumMethods\ = "13" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ = "IMediumRegisteredEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BF98-47FB-AB2F-B5177533F493} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5409-414B-BD16-77DF7BA3451E}\ = "ISharedFolder" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FEBE-4049-B476-1292A8E45B09} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D8ED-44CF-85AC-C83A26C95A4D} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BA7-45A8-B26D-C91AE3754E37}\ = "IAudioAdapter" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D4FC-485F-8613-5AF88BFCFCDC} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B855-40B8-AB0C-44D3515B4528} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1BCF-4218-9807-04E036CC70F1}\ = "IProgressPercentageChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-32E7-4F6C-85EE-422304C71B90} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\ = "ICloudNetworkGatewayInfo" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\NumMethods\ = "16" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B4A4-44CE-85A8-127AC5EB59DC}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}\ = "IDHCPGroupCondition" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\ = "ISnapshotRestoredEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5409-414B-BD16-77DF7BA3451E}\NumMethods\ = "25" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\NumMethods\ = "58" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-71B2-4817-9A64-4ED12C17388E} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4430-499F-92C8-8BED814A567A} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4022-DC80-5535-6FB116815604}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2E88-4436-83D7-50F3E64D0503}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\ = "IInternalMachineControl" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\ = "IGraphicsAdapter" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4453-4F3E-C9B8-5686939C80B6} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3372 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_de_1103_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 3372 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_de_1103_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 3372 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_de_1103_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 1452 wrote to memory of 1476 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 1452 wrote to memory of 1476 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 1452 wrote to memory of 1476 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 1476 wrote to memory of 968 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 1476 wrote to memory of 968 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 1476 wrote to memory of 968 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 968 wrote to memory of 3956 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 968 wrote to memory of 3956 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 968 wrote to memory of 3956 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1476 wrote to memory of 2376 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 2376 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 2376 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 4676 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 4676 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 4676 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 2072 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 2072 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 2072 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 5088 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 5088 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 5088 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 2012 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 2012 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 2012 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 1520 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 1520 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 1520 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 4584 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 4584 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 4584 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1476 wrote to memory of 3064 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\takeown.exe
PID 1476 wrote to memory of 3064 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\takeown.exe
PID 1476 wrote to memory of 3064 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\takeown.exe
PID 1476 wrote to memory of 1868 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\icacls.exe
PID 1476 wrote to memory of 1868 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\icacls.exe
PID 1476 wrote to memory of 1868 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\icacls.exe
PID 1476 wrote to memory of 972 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\takeown.exe
PID 1476 wrote to memory of 972 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\takeown.exe
PID 1476 wrote to memory of 972 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\takeown.exe
PID 1476 wrote to memory of 4672 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\icacls.exe
PID 1476 wrote to memory of 4672 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\icacls.exe
PID 1476 wrote to memory of 4672 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\icacls.exe
PID 1476 wrote to memory of 2796 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\dism.exe
PID 1476 wrote to memory of 2796 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\dism.exe
PID 1476 wrote to memory of 2796 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\dism.exe
PID 2796 wrote to memory of 5056 N/A C:\Windows\SysWOW64\dism.exe C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe
PID 2796 wrote to memory of 5056 N/A C:\Windows\SysWOW64\dism.exe C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe
PID 1476 wrote to memory of 5112 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\sc.exe
PID 1476 wrote to memory of 5112 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\sc.exe
PID 1476 wrote to memory of 5112 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\sc.exe
PID 1476 wrote to memory of 4320 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\sc.exe
PID 1476 wrote to memory of 4320 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\sc.exe
PID 1476 wrote to memory of 4320 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\sc.exe
PID 1476 wrote to memory of 2640 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\sc.exe
PID 1476 wrote to memory of 2640 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\sc.exe
PID 1476 wrote to memory of 2640 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\sc.exe
PID 1476 wrote to memory of 2068 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
PID 1476 wrote to memory of 2068 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
PID 1476 wrote to memory of 3396 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 1476 wrote to memory of 3396 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 1476 wrote to memory of 2420 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe

Processes

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_de_1103_ld.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_de_1103_ld.exe"

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1103 -language=de -path="C:\LDPlayer\LDPlayer9\"

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=1704032

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\dismhost.exe {AEF81089-DA13-4589-B1F1-156A6AABA363}

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\LDPlayer\LDPlayer9\driverconfig.exe

"C:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\\dnplayer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004B8

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000

C:\LDPlayer\LDPlayer9\vmware-vdiskmanager.exe

"C:\LDPlayer\LDPlayer9\vmware-vdiskmanager.exe" -R C:\LDPlayer\LDPlayer9\system.vmdk

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://de.ldplayer.net/blog/activate-vt-to-support-android-emulators.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffad1963cb8,0x7ffad1963cc8,0x7ffad1963cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2020 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8339117903262455703,8641837088256270240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8424 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 encdn.ldmnq.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
GB 143.204.191.47:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 181.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
NL 142.250.179.206:80 www.google-analytics.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
GB 92.123.128.156:443 tcp
US 52.168.117.169:443 browser.pipe.aria.microsoft.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 18.245.218.51:443 ad.ldplayer.net tcp
CH 18.165.183.81:443 encdn.ldmnq.com tcp
CH 18.165.183.81:443 encdn.ldmnq.com tcp
US 163.181.154.249:443 de.ldplayer.net tcp
CH 18.165.183.81:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 81.183.165.18.in-addr.arpa udp
US 163.181.154.215:443 advertise.ldplayer.net tcp
CH 18.165.183.81:443 encdn.ldmnq.com tcp
CH 18.165.183.81:443 encdn.ldmnq.com tcp
US 163.181.154.215:443 advertise.ldplayer.net tcp
NL 142.250.179.206:80 www.google-analytics.com tcp
CH 18.165.183.39:80 apide.ldplayer.net tcp
CH 18.165.183.39:443 apide.ldplayer.net tcp
CH 18.165.183.39:443 apide.ldplayer.net tcp
GB 18.245.220.27:80 ocsp.r2m03.amazontrust.com tcp
US 163.181.154.244:443 de.ldplayer.net tcp
US 163.181.154.244:443 de.ldplayer.net tcp
CH 18.165.183.29:443 cdn.ldplayer.net tcp
US 104.26.4.6:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 29.183.165.18.in-addr.arpa udp
CH 18.165.183.15:443 encdn.ldmnq.com tcp
CH 18.165.183.15:443 encdn.ldmnq.com tcp
CH 18.165.183.15:443 encdn.ldmnq.com tcp
CH 18.165.183.15:443 encdn.ldmnq.com tcp
CH 18.165.183.15:443 encdn.ldmnq.com tcp
CH 18.165.183.15:443 encdn.ldmnq.com tcp
US 104.18.30.49:443 stpd.cloud tcp
GB 96.17.179.205:80 apps.identrust.com tcp
US 104.26.4.6:443 cmp.setupcmp.com tcp
NL 216.58.214.14:443 apis.google.com tcp
GB 108.156.46.77:443 apide.ldplayer.net tcp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
NL 216.58.214.14:443 apis.google.com udp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
NL 142.250.179.194:443 www.googletagservices.com tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 77.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 66.223.219.8.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
CH 18.165.187.137:443 c.amazon-adsystem.com tcp
CH 18.165.183.38:443 tagan.adlightning.com tcp
BR 142.250.218.163:443 csi.gstatic.com tcp
BR 142.250.218.163:443 csi.gstatic.com tcp
BR 142.250.218.163:443 csi.gstatic.com tcp
GB 52.84.90.86:443 config.aps.amazon-adsystem.com tcp
CH 18.165.181.36:443 aax.amazon-adsystem.com tcp
N/A 224.0.0.251:5353 udp
BR 142.250.218.163:443 csi.gstatic.com tcp
GB 2.19.152.155:443 secure.cdn.fastclick.net tcp
GB 2.19.152.155:443 secure.cdn.fastclick.net tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
CH 18.165.183.26:443 tags.crwdcntrl.net tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
IE 34.252.235.9:443 bcp.crwdcntrl.net tcp
IE 209.85.203.84:443 accounts.google.com udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 155.152.19.2.in-addr.arpa udp
US 8.8.8.8:53 26.183.165.18.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 9.235.252.34.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 146.223.158.64.in-addr.arpa udp
CH 18.165.183.81:443 ldcdn.ldmnq.com tcp
BR 142.250.218.163:443 csi.gstatic.com udp
NL 142.250.179.206:80 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 script.4dex.io udp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
FR 178.250.7.10:443 bidder.criteo.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 104.18.34.178:443 mp.4dex.io tcp
DK 37.157.2.228:443 adx.adform.net tcp
NL 89.149.192.64:443 prg.smartadserver.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 172.67.75.241:443 script.4dex.io tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 172.67.75.241:443 script.4dex.io tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 228.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
NL 178.250.1.3:443 static.criteo.net tcp
US 172.67.138.13:443 adxbid.info tcp
US 34.98.64.218:443 setupad-d.openx.net tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
GB 89.187.167.6:443 vid.vidoomy.com tcp
US 172.64.149.23:80 crt.sectigo.com tcp
US 172.64.151.101:443 ssum.casalemedia.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
GB 89.187.167.3:443 vpaid.vidoomy.com tcp
IE 34.253.110.79:443 ap.lijit.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
NL 216.58.208.97:443 f20a0a43c3c9d4ad4482c0c658ddeabf.safeframe.googlesyndication.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
NL 89.149.192.64:443 prg.smartadserver.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 dnacdn.net udp
NL 178.250.1.11:443 dnacdn.net tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
NL 81.17.55.170:443 ssbsync.smartadserver.com tcp
DK 37.157.4.28:443 cm.adform.net tcp
US 8.8.8.8:53 u.4dex.io udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 sync.adotmob.com udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com udp
US 34.149.40.38:443 u.4dex.io tcp
US 34.149.40.38:443 u.4dex.io tcp
US 8.8.8.8:53 129.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 28.4.157.37.in-addr.arpa udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
CH 18.165.183.126:443 s.ad.smaato.net tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 81.17.55.106:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.106:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.106:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.106:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.106:443 rtb-csync.smartadserver.com tcp
NL 142.250.179.162:443 cm.g.doubleclick.net tcp
NL 142.250.179.196:443 www.google.com tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
NL 142.250.179.162:443 cm.g.doubleclick.net tcp
NL 142.250.179.196:443 www.google.com tcp
US 34.98.64.218:443 u.openx.net udp
NL 142.250.179.196:443 www.google.com udp
DE 159.89.25.223:443 node.setupad.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.182.54.209.in-addr.arpa udp
NL 142.250.179.162:443 cm.g.doubleclick.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 172.217.168.225:443 cdn.ampproject.org tcp
NL 172.217.168.225:443 cdn.ampproject.org tcp
NL 172.217.168.225:443 cdn.ampproject.org tcp
NL 172.217.168.225:443 cdn.ampproject.org tcp
NL 172.217.168.225:443 cdn.ampproject.org tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
IE 54.73.231.133:443 ice.360yield.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
GB 2.17.5.216:443 eus.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 34.149.40.38:443 u.4dex.io udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
DE 51.89.9.254:443 onetag-sys.com udp
NL 145.40.97.67:443 sync.a-mo.net tcp
NL 145.40.97.67:443 sync.a-mo.net tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
DE 18.194.210.76:443 rtb.mfadsrvr.com tcp
FR 217.182.178.229:443 ssbsync-global.smartadserver.com tcp
FR 217.182.178.229:443 ssbsync-global.smartadserver.com tcp
US 74.121.140.211:443 sync.mathtag.com tcp
DE 18.194.210.76:443 rtb.mfadsrvr.com tcp
US 74.121.140.211:443 sync.mathtag.com tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com udp
US 154.62.101.30:443 ads.stickyadstv.com tcp
US 154.62.101.30:443 ads.stickyadstv.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
DE 52.29.151.147:443 match.sharethrough.com tcp
US 104.19.158.19:443 assets.a-mo.net tcp
US 34.96.71.22:443 s.company-target.com tcp
NL 35.214.146.233:443 csync.loopme.me tcp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 172.67.168.151:443 exchange.arcadegamefreeonline.com tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
NL 185.235.87.197:443 ag.gbc.criteo.com tcp
FR 185.235.86.122:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 233.146.214.35.in-addr.arpa udp
US 8.8.8.8:53 151.168.67.172.in-addr.arpa udp
US 8.8.8.8:53 31.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 142.250.179.194:443 www.googletagservices.com udp
US 216.239.34.181:443 analytics.google.com tcp
NL 142.250.27.157:443 stats.g.doubleclick.net tcp
NL 142.250.179.196:443 www.google.com udp
NL 172.217.168.225:443 cdn.ampproject.org udp
US 216.239.34.181:443 analytics.google.com udp
IE 209.85.203.84:443 accounts.google.com udp
NL 178.250.1.11:443 dnacdn.net tcp
NL 89.149.192.64:443 prg.smartadserver.com tcp
FR 178.250.7.10:443 bidder.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 8.2.110.113:443 as.ck-ie.com tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
NL 81.17.55.106:443 rtb-csync.smartadserver.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
NL 81.17.55.106:443 rtb-csync.smartadserver.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 81.17.55.106:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.106:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.106:443 rtb-csync.smartadserver.com tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
DE 57.129.18.113:443 wt.rqtrk.eu tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 52.223.40.198:443 match.adsrvr.org tcp
IE 52.30.18.244:443 a.audrte.com tcp
NL 81.17.55.170:443 ssbsync.smartadserver.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp

Files

C:\LDPlayer\LDPlayer9\LDPlayer.exe

MD5 a6fa52df1439db048d6f95ae54c7651f
SHA1 e8091149d649ac4b0a5aba12b19f379d64cccbc0
SHA256 538f3d41dd94d4552bc940e8a0824445c949f30e6588ae69ee8e31f01ac6630f
SHA512 998f8d13559865b85af8b02892446622dd81e4757ea0b0ca6d59efeb1ff78dbfdb0d2c8b0ce06597a6f83b6cee183fe22bc139fc8707e04bf6d419a0fc19c32d

C:\LDPlayer\LDPlayer9\LDPlayer.exe

MD5 aae6122c3605220ceed140d4438c9922
SHA1 c7255c362d7619e0e825b81328a4c9076b6d4bcb
SHA256 03320b7161f493730e9b38a5d984a4789ed6c8f4e46bbda44d6896e86fb79341
SHA512 dd4c138277a51e8ff171896add6cfac6d7df36e372b408a70cd0bb74c05cedc37be22fed66075dced231d64d4438c4e86dd284793a57778d7ede7dac8957b2cc

C:\LDPlayer\LDPlayer9\dnrepairer.exe

MD5 dd1f8c2dd1295ad16407767962bb75e9
SHA1 f44e9c4153e8e001ae343e337b1a2fc69d5c8443
SHA256 9188dd72c58737bbfb5b564a808e65613a6c43f3dceec5cd317983e37748a2d7
SHA512 79a4dc3c1930f64f730ca4d2a94cc9d1e7e1961e9aecb37929be929139b9ce0a737928e7850d23a04685346206a289c5768fd5b9ff0b26fca453e70b4256d83a

C:\LDPlayer\LDPlayer9\dnrepairer.exe

MD5 b7aae6790e05e86735c7e8a56f2cc55f
SHA1 6ae96aba05e4216688a7bcfa38d11c619712bea3
SHA256 0f4511aadd7889a58eda3e90c4b0da67908174cd76cfc933e723b24ba181450d
SHA512 0d11d4aadb226fb8d5b439bbe751109267a1be3e0b64bc6dabd76502f53f3771b56573b76b13d586fb5f538eb9f2be26466c92802e79f514dea06d294828822d

C:\LDPlayer\LDPlayer9\MSVCP120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\LDPlayer\LDPlayer9\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\LDPlayer\LDPlayer9\dnresource.rcc

MD5 f845753af4cc7b94f180fb76787e3bc2
SHA1 76ca7babbb655d749c9ed69e0b8875370320cc5a
SHA256 a19a6c0c644ce0e655eaf38a8dbddf05e55048ba52309366a5333e1b50bde990
SHA512 0a3062057622ffcff80c9c5f872abdf59a36131bfc60532c853ea858774d89fed27343f838dfe341dafe8444538fc6e2103d3aa19ef9d264e0f8e761c4bfce81

C:\LDPlayer\LDPlayer9\crashreport.dll

MD5 4adc0cb2a5030bc22b6521af4c853295
SHA1 9f7578696cb2d56e98ab036bfbd78a2e323c48a8
SHA256 83a051c9a14cd4bdc9e7b9bfdd7115d0b6c7f2ad4e159d412cc0d2d82e92a295
SHA512 328fb2ac63a18107a400a96d499f0d94ff10120e1813d9842d0dce12a3e63bfea6d0dac59f467137255225ae64a87bc19801d46ae28f112fd2ab3cae007f5b6d

C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

MD5 99d1667577646d6c467278a605cb36f4
SHA1 3b64839cda7f29cb18cad225812a9e2fec6971af
SHA256 53a44d533cafd20276f4635338a4679a7c220f15906b16a92324178b4f27f541
SHA512 ed3c3e14ac1490c58801456d3b07a7ead91a87271775832c1c38c650cdb88751bfd91e30564e3034bbe1c4b256a79742419f4cf9c512d14bd4be7a65bbc4aac7

C:\LDPlayer\LDPlayer9\system.vmdk

MD5 0cf106872bccfb943a43092decfb56dc
SHA1 99d820caa6f552dffd33ccc288238c79827e18b0
SHA256 8878f31b41c023c6a2b3831a8b3db4f833c3ca9647c4bb47b345c4243dae57dd
SHA512 e237db93773668ddc8a25817c791d14ff56955afdebb5d78c1255dc58b53ea0c2055c6472ae4483a701bdd0d07cfb13c8a82f3ebec44aa6a11011dd9230de6e4

C:\LDPlayer\LDPlayer9\system.vmdk

MD5 5c0af44d0f62f156cb030ad9b6b74222
SHA1 0502e966a90b21287bc9bb8440efb9de15692337
SHA256 82e085802b96d5515b9c4753fefd92f3dafbf9272f58281158b9214ae3eb47d4
SHA512 a5058d4c8b47b7e84263af063e3ab7ab376cf2a6ccb9a616bba0139d21fa4c51c1eaa72cb6f9f4d505cb22c906e87804a47b5bfc63e68945b1b00a650fb7e7ff

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\DismHost.exe

MD5 17275206102d1cf6f17346fd73300030
SHA1 bbec93f6fb2ae56c705efd6e58d6b3cc68bf1166
SHA256 dead0ebd5b5bf5d4b0e68ba975e9a70f98820e85d056b0a6b3775fc4df4da0f6
SHA512 ce14a4f95328bb9ce437c5d79084e9d647cb89b66cde86a540b200b1667edc76aa27a36061b6e2ceccecb70b9a011b4bd54040e2a480b8546888ba5cc84a01b3

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\DismCorePS.dll

MD5 7f751738de9ac0f2544b2722f3a19eb0
SHA1 7187c57cd1bd378ef73ba9ad686a758b892c89dc
SHA256 db995f4f55d8654fc1245da0df9d1d9d52b02d75131bc3bce501b141888232fc
SHA512 0891c2dedb420e10d8528996bc9202c9f5f96a855997f71b73023448867d7d03abee4a9a7e2e19ebe2811e7d09497bce1ea4e9097fcb810481af10860ff43dfb

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\DismProv.dll

MD5 2ac64cc617d144ae4f37677b5cdbb9b6
SHA1 13fe83d7489d302de9ccefbf02c7737e7f9442f9
SHA256 006464f42a487ab765e1e97cf2d15bfa7db76752946de52ff7e518bc5bbb9a44
SHA512 acdb2c9727f53889aa4f1ca519e1991a5d9f08ef161fb6680265804c99487386ca6207d0a22f6c3e02f34eaeb5ded076655ee3f6b4b4e1f5fab5555d73addfd7

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\OSProvider.dll

MD5 e9833a54c1a1bfdab3e5189f3f740ff9
SHA1 ffb999c781161d9a694a841728995fda5b6da6d3
SHA256 ec137f9caebcea735a9386112cf68f78b92b6a5a38008ce6415485f565e5cf85
SHA512 0b18932b24c0257c80225c99be70c5125d2207f9b92681fd623870e7a62599a18fa46bcb5f2b4b01889be73aeb084e1b7e00a4968c699c7fdb3c083ef17a49f9

C:\Windows\Logs\DISM\dism.log

MD5 468d0a480a23171bea7334b2443baece
SHA1 877900e8174e5bdbddb3386169ba2a0b6674971e
SHA256 4f2b24dbbb8ab490c9b5a29bcd1e9e8b3ed639df1e611f0c6347a72cfdcfd676
SHA512 38d4fed4fecaabe2909ea3bfdeb8ffbdfac2e452da66808767f22a7d12cf2616e690be1c80d917b3c410c8f47d4f5d17c5c6d38783d59c82a5c9b686eeb73482

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\TransmogProvider.dll

MD5 dd415786e828009d88c669033c7af947
SHA1 6c117cb945544f3f40c44b38306e62183834c0da
SHA256 637fa68695b4c4d2c6e0cd764ec98ab1c2c190ea8bcb88486a264055441b6a47
SHA512 c66f604449fa6d91af98df0c18b4334f945ad164b9ff1c6d7115e5f0498f4e804386f60b4d3556ac6a5bf64f344e3089b3638be6dd22174e2635490aad4e75fd

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\IntlProvider.dll

MD5 b097210e62a2d3ecddf5daa194342358
SHA1 c8fa90567b7d4243b676927e0296678607b627ee
SHA256 821799bfb18081055c980e31acadc14fb602bd62620154fe02b8d285586425e4
SHA512 7148bfbb594cf456cfa5eee08853fbb0dc5e3918955d8ca8c69b8cb4fa25fd9d670519cc5dc11bb1feed20a5ac77168fabcebd02f31c6ea207430148756f4e9f

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\AppxProvider.dll

MD5 d491bd3ca083723ed3fc6caa40ee3276
SHA1 bbae10837abf0a490555ba2778ba8871795668a0
SHA256 cd1f1280792dfbd4da9e3b3974360156e78314931aa701fcdb3c8a8c7b01548e
SHA512 bc9bb450c87bdd934d22584fde1712e2e6d150ad08a263770a280e9cd9c1bc2b30f8b33bb06e74b1e9105b0745a739aaf66653baad0af2a4b4412edd8e1f22ac

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\en-US\AssocProvider.dll.mui

MD5 3a26818c500fb74f13342f44c5213114
SHA1 af1bfc2ca2a1dcbc7037f61f80a949b67a2c9602
SHA256 421bbff0c63377b5fd85591530f4c28d0109bc1ff39162a42eb294f0d0e7c6bb
SHA512 afa1d62788d24cd6d739ad78cff19e455b776a71904af1400a44e54e56b55b149eca456db9c686c3a0b515d7fd49d96dc77b217ec769e879b0937bedad53de7f

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\en-US\AppxProvider.dll.mui

MD5 f70750a86cda23a3ced4a7ecf03feebd
SHA1 1c2d9d79974338ce21561b916130e696236fbb48
SHA256 8038c5177461aef977ac6e526ac0851bf7eff5928972462657176ff6b6d06050
SHA512 cfb6b5cdb451b12e7aee6e69ab743b91bec8bd417d4d2384def03010851fef0d7f2a65ff6349c4e62e564b44e742597aeb108e71a962a48020b1988a6c6f1a9a

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\CbsProvider.dll

MD5 b76c6e14fb04335a5825f43dee7dda4a
SHA1 204212cb2dd56384a6a6ff32f4cc1f0b18e7e088
SHA256 329173b9ba2b42f9b64aaf185d3cb3459986f8a55f7020db80824cb05747ae1e
SHA512 c07d7e5b769444d11963a8e0ef8e8f493198cb97d370a88a82638b7d8244bbd860c93d288e123719e8b9a9cc2402d076484b41b124fda59e890b63529c6d3fd4

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\CbsProvider.dll

MD5 f51151b2d8d84cddbedbeffebdc6ec6a
SHA1 adc9c19aa0663e65997f54835228968e13532198
SHA256 7fe4e4924fbbfdf6d772cb9d0a4963d49f6aa18b3c86a2e8df6ca49e22f79884
SHA512 802b58617be5e92bfc0c7f8c8d7443128d81908ae99d9a4ce0a785f858dc7832c70dc305f2ad39c9f57db01c05f483f6bf949ad8811fc6fb255c5aee88c729b3

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\GenericProvider.dll

MD5 20fb116831396d9477e352d42097741c
SHA1 7e063ac9bc173a81dc56dc5864f912041e2c725a
SHA256 6a940ba16154c4a1729b8560b03efb5f2558d66b10da4a5ec26c1299ea713bc4
SHA512 851843da748555eba735e1f5457044f24f225bd029534019814a6d1baf2e0bd1f171d297c362cfed5977274b266e823b7ad131ae2512568f7a5f2e3ea498b69a

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\DmiProvider.dll

MD5 e54120aa50f14e0d3d257e77db46ece5
SHA1 922203542962ec5f938dcb3c876f060ecf17f9dc
SHA256 b5fb1a5eb4090598d5f878cdd37ed8eca82962d85995dd2280b8849fba816b54
SHA512 fbce5d707f6a66d451165608520be9d7174a8c22eb9827dfe94d98718e2c961f15ac45583b1743f3b8078b3fe675992d4b97bfc5e4b893b60328d94665f71dc9

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\MsiProvider.dll

MD5 eb171b7a41a7dd48940f7521da61feb0
SHA1 9f2a5ddac7b78615f5a7af753d835aaa41e788fc
SHA256 56a8527d267116af39864feca528be5b7a88c3b5df94750154b2efcf2fda5d55
SHA512 5917266aed1a79ee4cb16bb532ccae99782d0ee8af27cb42a6b39496c3de61c12a30ce524a1a66cc063101ebcfac957d1b129aae0b491c0587f40171ba6bae12

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\SmiProvider.dll

MD5 46e3e59dbf300ae56292dea398197837
SHA1 78636b25fdb32c8fcdf5fe73cac611213f13a8be
SHA256 5a0f1279013d1d379cb3a3e30f1d5be22549728cd9dc92ed5643eacf46199339
SHA512 e0584da3c302ea6ffa85932fa185500543f15237d029fdc4b084aee971ec13967f9e83cad250bea36b31f1a3efb1cc556da7dd231e5b06884809d0af51ebdf8c

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\IBSProvider.dll

MD5 f6b7301c18f651567a5f816c2eb7384d
SHA1 40cd6efc28aa7efe86b265af208b0e49bec09ae4
SHA256 8f4e3f600917d49ada481ff0ed125fef4a316b659bb1197dc3036fc8c21a5a61
SHA512 4087d819706c64a5d2eed546163c55caacc553b02dc4db0d067b8815d3a24fb06ea08de3de86aac058ff2907f200e4e89eef2357ca23328aaacbe29501ea3286

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\AssocProvider.dll

MD5 702f9c8fb68fd19514c106e749ec357d
SHA1 7c141106e4ae8f3a0e5f75d8277ec830fc79eccc
SHA256 21ad24a767aeb22d27d356bc8381f103ab620de1a47e374b9f961e44b543a358
SHA512 2e7d403c89dacdda623ed1a107bac53aafde089fdd66088d578d6b55bcfe0a4fc7b54733642162bd62d0ca3f1696667a6f0cb4b572d81a6eefd6792d6003c0d9

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\IntlProvider.dll

MD5 34035aed2021763bec1a7112d53732f1
SHA1 7132595f73755c3ae20a01b6863ac9518f7b75a4
SHA256 aac13ddb9ab5a165a38611f1b61229268a40d416f07740d4eefba1a8fcf7c731
SHA512 ea045aa46713133a5d0ad20514cc2a8c8fffb99b4e19c4d5262f86167cfce08a31d336222fd3c91e6efbfd90312bb2325337aa02a8489e047b616085fdf46c1d

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\SysprepProvider.dll

MD5 4dfa1eeec0822bfcfb95e4fa8ec6c143
SHA1 54251e697e289020a72e1fd412e34713f2e292cf
SHA256 901cea68c7a158a1d9c030d3939f8f72057d1cf2f902aec1bc1b22a0000c0494
SHA512 5f3f710bef75da8cddb6e40686d6a19f59fbc7d8a6842eaceb9a002ab284a91ecf48c352171e13f6a75366610988e67710439f1dde579311ebbb3cd9e4751aa4

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\UnattendProvider.dll

MD5 7c61284580a6bc4a4c9c92a39bd9ea08
SHA1 4579294e3f3b6c03b03b15c249b9cac66e730d2a
SHA256 3665872e68264bbf3827c2bf0cfa60124ea1d87912728f2fc3685dce32855cb8
SHA512 b30b89d0d5e065042811d6ff397d226877ff698aeb1153681692aedabe3730e2f3746ad9d70e3120e336552bab880644f9ead0c91a451197a8f0977a2126a0fe

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\OfflineSetupProvider.dll

MD5 3437087e6819614a8d54c9bc59a23139
SHA1 ae84efe44b02bacdb9da876e18715100a18362be
SHA256 8b247665218f5151f0d19f59ea902a7c28f745d67a5d51b63b77242ffb4bdd74
SHA512 018e88f6c121dd4ecaceb44794e2fa7a44b52ddb22e7a5a30a332905e02065cbc1d1dcddc197676277b22f741195c1b7c4c185d328b096b6560b84e9749d6dde

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\WimProvider.dll

MD5 bcf8735528bb89555fc687b1ed358844
SHA1 5ef5b24631d2f447c58b0973f61cb02118ae4adc
SHA256 78b742deddee8305ea06d77f296ad9fe0f4b4a27d71b34dcdff8ae199364790c
SHA512 8b2be4e9a4334a5fc7f7c58579c20974c9194b771f7a872fd8e411d79f45fc5b7657df4c57ad11acb915d5ea5d1f0583c8a981b2c05104e3303b3ee1469b93f5

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\EdgeProvider.dll

MD5 c22cc16103ee51ba59b765c6b449bddb
SHA1 b0683f837e1e44c46c9a050e0a3753893ece24ad
SHA256 eb68c7d48f78b46933acba617cf3b5fcb5b8695c8a29295a9fa075f36910825b
SHA512 2c382aaddeca4efda63162584c4a2338ffcc1f4828362ce7e927e0b39c470f1f66a7933ae2210d63afb5a2ae25412266fde2ee6bdb896c3c030bdc08b67ec54e

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\ProvProvider.dll

MD5 2ef388f7769205ca319630dd328dcef1
SHA1 6dc9ed84e72af4d3e7793c07cfb244626470f3b6
SHA256 4915b0c9cd8dc8a29dd649739974d244f9105dc58725f1da0d592af3b546e2bf
SHA512 b465917424dd98125d080c135c7e222a9485ed7ec89004f9a70e335b800e5b9419fbc932c8069bae9ff126494174cf48e2790030dd22aa2d75b7b9d8ccff752b

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\Ffuprovider.dll

MD5 a41b0e08419de4d9874893b813dccb5c
SHA1 2390e00f2c2bc9779e99a669193666688064ea77
SHA256 57ce7761531058f3c4289b1240bea6dc06355c9c4b4e88b9c9c0df8012edc5b3
SHA512 bd370e49da266148d50144c621f6415bdd5358e6274b1d471b8d4ee1888d93774331c3f75e6cb99782f1c8e772981cbc5a4baf5592c6400f340407dc670e547a

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\Vhdprovider.dll

MD5 8a655555544b2915b5d8676cbf3d77ab
SHA1 5a7529f8a6d50d3f4e13b2e3a0585f08eb0511a2
SHA256 d3a2dd7d47bfbb3897b927d1b7230b5b12e5fd7315d687458de15fbb08fb7e27
SHA512 c6da649ae3c3688065b37bccfb5525ade25ba7bc3b163ad7d61f3b3d1c4957c8fd6c9f2bf23b0dbc4fffe32e980acb5a5d3895b8a012c5ed086e3e38caee2e93

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\ImagingProvider.dll

MD5 4c6d681704e3070df2a9d3f42d3a58a2
SHA1 a9f6286ac25f17b6b2acd1fce6459b0bc94c6c81
SHA256 f1bbab35b2602d04d096c8de060b2a5cf802499a937fd1ffe749ff7f54852137
SHA512 daa0c723312680256c24457162e0ef026b753ba267f3e2755f838e2864a163802c078d8668dd2c2064cb8887f4e382a73d6402a5533b6ac5c3cbf662ad83db86

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\ServicingCommon.dll

MD5 07231bdae9d15bfca7d97f571de3a521
SHA1 04aec0f1afcf7732bc4cd1f7aab36e460c325ba6
SHA256 be75afbbc30cad7235adf03dcc07fcee3c0c330c89b00e326ebbef2e57df5935
SHA512 2a46e0657e84481faf5c9d3de410884cb5c6e7b35039f5be04183cdac6c088cc42b12d0097e27836af14699e7815d794ca1cec80960833ab093b8dc6d44e2129

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\TransmogProvider.dll

MD5 c1c56a9c6ea636dbca49cfcc45a188c3
SHA1 d852e49978a08e662804bf3d7ec93d8f6401a174
SHA256 b20b3eb2df22998fd7f9ff6898ba707d6b8833a8274719a5e09d5148d868faaf
SHA512 f6db05e4644d734f81c2461e4ad49c4e81880c9e4beee13dbbda923360ef6cf4821fccd9040671b86ab2cd8c85fc313c951c1a69e4df14d94268753ce7ae5b2e

C:\Users\Admin\AppData\Local\Temp\B68A8FFC-0E33-445B-8A5E-4ECB1A2A9084\LogProvider.dll

MD5 c63f6b6d4498f2ec95de15645c48e086
SHA1 29f71180feed44f023da9b119ba112f2e23e6a10
SHA256 56aca41c62c8d0d1b26db3a01ef6c2da4a6a51fc963eb28411f8f7f029f1bfde
SHA512 3a634340d8c66cbc1bef19f701d8bdb034449c28afecce4e8744d18181a20f85a17af3b66c8853cecb8be53f69ae73f85b70e45deac29debab084a25eb3c69dc

C:\Windows\Logs\DISM\dism.log

MD5 23677dd8a09b5a6e2f12627a9b09223b
SHA1 16423c5990dd9d5dff5cedbd03464e927c0d5a0b
SHA256 52cb4eb2cce86325877b69ae868b428e846907610ac0bbfc40af6424f321bd2d
SHA512 6e20c434515c3b1345b279f3a95e34a8758bd89475b9951de854412ce45c3e090271b670b6e54c4813f57af45208fd6b43095b8955b0132216e554618b551c8d

memory/3724-671-0x0000000002970000-0x00000000029A6000-memory.dmp

memory/3724-672-0x00000000728A0000-0x0000000073051000-memory.dmp

memory/3724-673-0x0000000002A60000-0x0000000002A70000-memory.dmp

memory/3724-674-0x0000000005450000-0x0000000005A7A000-memory.dmp

memory/3724-675-0x00000000052E0000-0x0000000005302000-memory.dmp

memory/3724-676-0x0000000005BF0000-0x0000000005C56000-memory.dmp

memory/3724-677-0x0000000005C60000-0x0000000005CC6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_edpmhjgt.2i2.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3724-686-0x0000000005CD0000-0x0000000006027000-memory.dmp

memory/3724-687-0x0000000006190000-0x00000000061AE000-memory.dmp

memory/3724-688-0x00000000061D0000-0x000000000621C000-memory.dmp

memory/3724-689-0x0000000002A60000-0x0000000002A70000-memory.dmp

memory/3724-690-0x0000000007170000-0x00000000071A4000-memory.dmp

memory/3724-691-0x000000006F2E0000-0x000000006F32C000-memory.dmp

memory/3724-700-0x0000000006780000-0x000000000679E000-memory.dmp

memory/3724-701-0x00000000071B0000-0x0000000007254000-memory.dmp

memory/3724-702-0x0000000007B10000-0x000000000818A000-memory.dmp

memory/3724-703-0x00000000074C0000-0x00000000074DA000-memory.dmp

memory/3724-704-0x0000000007540000-0x000000000754A000-memory.dmp

memory/3724-705-0x0000000007750000-0x00000000077E6000-memory.dmp

memory/3724-706-0x00000000076D0000-0x00000000076E1000-memory.dmp

memory/3724-707-0x0000000007710000-0x000000000771E000-memory.dmp

memory/3724-708-0x00000000077F0000-0x000000000780A000-memory.dmp

memory/3100-709-0x00000000728A0000-0x0000000073051000-memory.dmp

memory/3100-710-0x0000000004AA0000-0x0000000004AB0000-memory.dmp

memory/3100-711-0x0000000004AA0000-0x0000000004AB0000-memory.dmp

memory/3100-720-0x0000000004AA0000-0x0000000004AB0000-memory.dmp

memory/3100-721-0x000000006F2E0000-0x000000006F32C000-memory.dmp

memory/3724-732-0x00000000728A0000-0x0000000073051000-memory.dmp

memory/3100-734-0x00000000728A0000-0x0000000073051000-memory.dmp

memory/4584-737-0x0000000002E40000-0x0000000002E50000-memory.dmp

memory/4584-735-0x00000000728A0000-0x0000000073051000-memory.dmp

memory/4584-736-0x0000000002E40000-0x0000000002E50000-memory.dmp

memory/4584-746-0x0000000006150000-0x00000000064A7000-memory.dmp

memory/4584-747-0x0000000002E40000-0x0000000002E50000-memory.dmp

memory/4584-748-0x000000007FB40000-0x000000007FB50000-memory.dmp

memory/4584-749-0x000000006F2E0000-0x000000006F32C000-memory.dmp

memory/4584-759-0x00000000728A0000-0x0000000073051000-memory.dmp

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 40e3c6e501b029b5dd649aca4f72ae1d
SHA1 fb10bada27bab409b38735c20cd5f2bd1a7da981
SHA256 c79256c217623968877fef431e45e39c9b8acaa9f7d9242367dad707e2600486
SHA512 c16e0564073c06333f4dd4a6671291dffaa01bf9aa6f91ddf9c171d4e49e3c4d7dad7fe9ba7098fd07484161d72a67157585d0290f8a032bd3f80a7831cfee84

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 e4968e2bb7b526381f192724f21c6569
SHA1 7bbb78e47a529b84012ce26fd444a4f84dacb115
SHA256 fcf15c2b1da76b6be977943ba0404d8ae993bf69d9df2b0aa5fb04c21fd431cc
SHA512 db08c93595b6353c3b00fdf578ba94663ab8c0afdcd71a835e2951b9a1855aee1bb591dc933676044fe0e0915e9852bc9b39e1cd412efbb0c3a606a2b9baca47

C:\LDPlayer\ldmutiplayer\libeay32.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf

MD5 ff1660e8dc88bf430a0cf6e684802fe3
SHA1 b09baef6de1f37c6278f92226023a7d2b5c3ef07
SHA256 64545ae9328278ffc5431719b5dfb86e5fd55c20bd7ebd69f703f6e665817d99
SHA512 6f14807a22823eb291065e5f524a7573d625f99835715af7573eb461e8b23e012d7019f63bfabad8fd13444502b4a94d86cccf02014974c290d11882f9535d94

C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc

MD5 930457d324eb3925ce05153211725045
SHA1 cf1c7326bda090d82d9822d259a1ef976d05b744
SHA256 d6e1c51ed9d87a3b8afd579fcb5201a69c6eb4064bfa02ec597b5f6fd01e6ff6
SHA512 b7d506bdc1cf216d2ca74c466996ed6bdbb6ac026fbb2cb9968f216291aa13c9cd07260fff7ccc299a323800e815d9b56daa1cbeaed7cbd4f4ae1592a9aac98c

C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

C:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 077be80ff045e6ab0d057ef94992e699
SHA1 3ffde6e53208d7431022df0944eb03ab464b592a
SHA256 06edcdc1fde9157c45ae5204f2cac7884e2bf057196db9bc8e6d0e610a3d93f6
SHA512 643f19e1104cfb9442144b61cf1b2af5296f1bd1ad546f2cc2f47f6b573053b5094e51ec5bcb5a1d465a9c65c7cf302d1714dc97aed80f50b0a43d252620260c

memory/1360-837-0x00000000729D0000-0x0000000072C21000-memory.dmp

memory/1360-838-0x00000000735E0000-0x0000000073604000-memory.dmp

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 bc8ce9d9627d4d40d4d80c8777e74948
SHA1 0e440ad2f68487b3feeace7a0fcbc3417a12d98f
SHA256 4e4e5015383dae409232dea003fbf29356aa33d92b1a3502458e647613f75b01
SHA512 f23fa16239888ad7174f6b344078e52b01a4dfafd42e41a56940c65de8dd905c400e89c0f86dee3ad20c77362105b0d2a8386c40eb67133510d05c73202fec30

memory/1360-854-0x00000000767C0000-0x00000000768B0000-memory.dmp

memory/1360-851-0x00000000367C0000-0x00000000367D0000-memory.dmp

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 0f6d45d30f4df9ac059cc0a615652ded
SHA1 289aa9b944ef46f8bf66bad5edad9075f9c3d072
SHA256 83cc6add69f7659d71f1da06d7ef6bdd942ab08e82b8de07931246a845e150c6
SHA512 78614ba49d226856394943ee6fb8c92f41ae883e4d385496d78ad5f1b519367c282efa6b11676027a80daf39d4da13702c32353532ddb4b7ac2a33795d0b89a4

C:\LDPlayer\LDPlayer9\system.vmdk.lck\E04949.lck

MD5 6e60791c03a4931423c766ea55468c3c
SHA1 060c85cc47443ef1eb0f2dfbb543dad0306c9785
SHA256 9567470e1c77111075efd3e7d784dc2dcf2b4862af21d10bd3f4d3116e9c8b51
SHA512 5f237a84ef8f8ae26f731412285812c97b35ef2e1f9ecd058558a450e879b9d5614a2d53688b818f1a711777de5d97263f3969554bb1f878bc2adbc066a1c64a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7c194bbd45fc5d3714e8db77e01ac25a
SHA1 e758434417035cccc8891d516854afb4141dd72a
SHA256 253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3
SHA512 aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d

memory/1360-923-0x00000000767C0000-0x00000000768B0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 caaacbd78b8e7ebc636ff19241b2b13d
SHA1 4435edc68c0594ebb8b0aa84b769d566ad913bc8
SHA256 989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a
SHA512 c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b3a929e4bea6d9e663965d6be3a560df
SHA1 5f640143ea6a8849de0fb5b73dc3f0de10f43569
SHA256 ae7f999af68a066056d2d7e8b3a9374da8b29b8506a1356414440f4c5d689421
SHA512 594b35e4dcd6a76148681e6396707221ddf6163b1df853d1271edcacf761dedab993f977ac137c9ef3548a865b0ab67fed4c29e29c405cd40289f72d4012ad3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e00619a5d1859397bd8021876d82e92b
SHA1 9ec48e8ba29438fe6d7df79463f5044ac2f2f77c
SHA256 c611aa6b542aaf6367f81324b455e283c83fc1e167b573e314d8e7bbbd068201
SHA512 4b422c742004548c4e3d020258ddd33604a546564951287a642fd6c1c53db3c22853d65769a52f0fa8e63f7bbed6bfc76708c2941a9f06a86f9c192bbb36db29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cbbb1d0f41a0944b4bf9decbcca3c336
SHA1 16823ea5cf6adc62a9a58b353a9608f33d71b881
SHA256 fb3eada7969b1d054a79ac11ae63b79a0c2053f572bf86f2333eed2993725714
SHA512 3cb359cb91c4185eea1020f1c81051fdef40ae8a4c1990aa576e55af34bcd182940c7acabbde31df301ec9c9479e634bea243ff2f95b7f92cf86f6b48ecb2373

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\LDPlayer\LDPlayer9\system.vmdk

MD5 7534954a233402660f7e6534130ce955
SHA1 8ae81f41e63e2f78158554f95361a3e121abd4b6
SHA256 a9ef53359ef4e0d293ea83d3ffce7add086483620dfa28c4cd5b98b47730f9cc
SHA512 48f5c831b042509b5896a51ac51016f4e7a0f6cafd9f74016702275772b204604790a9db97db12d38269a080a57561bf4249f72ed0f3130fd4eaaac9bdb5c9fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d13862859772777e2f88285012d5e791
SHA1 765be587429077ef782a5c216df1568807501c0a
SHA256 8b001db372ad6899a7f53ed0614213e52d43ba1aa8cbee4faaf06542f43de1e2
SHA512 56a77d8943dfd94fd07c1d0a6aaf221be1a085fe09b77fd5494f6d32a2b30ed158dce8fd59db32bbf9895c3f7603c2540e94466a3da17df725f0ea58d48a6484

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8207b581e61f7a0ce5523610a148f382
SHA1 6c8d954b72696317066b8899771ede5070cdd284
SHA256 2b020c022d9b16ece1cdb391a1d61dd7c208a7ce9d3213018d301f564a6857a4
SHA512 c049fcfd27ae313eede7421d79adc95e96f4575d70d98bcc8f482caae33cb331955bcbcb88cfa39f38ae3988caa7de9c399141e5b4e3242442a9f2ccfedd16be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 2473640b7cc1c25af2ebd10066a5ac97
SHA1 7a92b411c8220bea9b7a505154929fd567ac1866
SHA256 5b86a6503acafb919848af9d18b10436741c2cf6c6a1f1b447f804b806e5e7eb
SHA512 9bb403a4096ebeeb09a09750243f0956380bea72456d243f5c6e43ea7e187100ba798396985e32490d819cd1cf9cb70b9b5566621191e5362a417a483c92c74f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 b6eabce1ca89cd9c4e328e8455199cd8
SHA1 0d450470d87a56363122763f46042cb5e20a44d3
SHA256 22b546aafc021b918993b28bca3ccbb89e54d3a93d8d77d2410c3b0668ba3888
SHA512 2cd44882a133e7dab8fd859a900d864431fba074f82a0f709809b203884fbab9ef5d6ac6a46e08d5b6ed50cc02c12934c3aefdec4cd6e1fea797ef0b0fac7688

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 cfa2ab4f9278c82c01d2320d480258fe
SHA1 ba1468b2006b74fe48be560d3e87f181e8d8ba77
SHA256 d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e
SHA512 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 05e9679509b61424a07cc4d4efb7247f
SHA1 db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81
SHA256 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b
SHA512 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 36cef9b921a5e7269efe992096d8daee
SHA1 a0bed6e494b1758ebad93a919a199c7ad03bf4e7
SHA256 c7a8e332f0ab4329e453e9bf8f703782480239192af59666ffb7ac02f047f0c7
SHA512 6d8a39a928a97ab828fd6dc9ed1852e2cee8c98d3b4c716cec586f351a6835713685b432b81773ff5abf60c2a1800125941ab373b2fbf17a2a00e56dae7bc04e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 8f4f4a43d478db32b383b35475ae4a3d
SHA1 bf1ea27537bb3a3abb0b0b9f089b163c9a34f707
SHA256 fb3ba4d4a721bb8b52cd6623ee9353509bf7f069b19c16f59eecb1713e367808
SHA512 de43b3eb1c753623d591e067f0a8ed9ad33d760a0eaddc8d85a9edae5fa0dc8443e5127c86f51e7a2072cf894f5e3ac6da61880ec16dbd9889dfd079e80c2cf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 d453eca18d366c4054d2efd57717cf9d
SHA1 c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4
SHA256 be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc
SHA512 a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 47953bcd62e93772ee22d834d1438f17
SHA1 5d1dd3b5dcb3e1fd32d552eaf0e583ef02f2acd2
SHA256 f17878d7c848d8cdc3652e58692f7636a9d19a48e94030d64009dfd66b0e8425
SHA512 5590afbb8a596d3b4f329458f05c5be230048a1e65aa9559aa18ba5e46a14362788e61e728dbe0ecf9fea6caae8b455dd6e29cb50b497f85eafd0f89c5b5910c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 e22be493da1dc48a98d8d6f0178cd1f6
SHA1 8c9b7faba91939dd36b502417d1a9eb35714314d
SHA256 ac73feacde76fe096b76b0e319ffd553366a25e73b326c4bfd0d565e0babc845
SHA512 b471700ab86108c321ede5c805bf043be8b13fd1e7073ab072a99f45a417eec3b627501a5d996eb0665303397f99b59c4270993c54e613e7d9438c74ca494257

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a2f42e0b659724bfa355b05b121f643a
SHA1 edfff93f328e633629d64f1fc02e11142239f157
SHA256 148e6773804d8b143cdd9fb8dd0247dd9b3886a6dc0cf735703a126d7798543c
SHA512 b3485bb96f06b4d4c38f19ebbc32db3076d8cfa3d3aaedc066e3d94dea37a22f739b4d176d122444cd74ea1f8f49eb1791d3c8f0ef01ff3f8440d7bdcac334fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d1c55.TMP

MD5 86ddef361ea1867bfbef24834cb6ab62
SHA1 951473ac52102184a8fd1971294aa774ef599ac0
SHA256 f99a3431956e2eb247eecf26ff069fcf54428061016a3c1315a90ea3e6bcc1bd
SHA512 29ce7c11056b5feac5e683e92727f6f7fc0a85c0536c30bb5bf839908a8a9e617687df08ec7c3f2892abb00a3e9d80350ef6eb6651048b72a5b1cb3eee0a484c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 af8f11bc43c59c22e6a6a928b12e78cd
SHA1 f0afad604c78a04153bdbc205956e1525f5151be
SHA256 286c1a8527e1f3cf3b9ce8d28ab0a128f1807f0fd227512d1c98cc28ae512b0d
SHA512 753074ca93dcf16769f857f349284272a8055a2d37cc5fe579b46afbeca3cb20f13c39177449696b9dd3e05014f17a6aae2aecc4cee003cb95cef9e40f428482

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e2bcd7c01185a835c4d79c892c95d992
SHA1 906672f4fed1bd44c88468d570fb4879e5dc8cad
SHA256 1784c296eb415727422f9f2d690dcb7cabc126754739b69d40669d95420eb282
SHA512 50ed1ed2be69b9471924e60c9e6ffe4c56ce7ea1a5c0e92569606124c02042542bde4c7916a17dae09b379bb1c7a3e3c046acc5f5d02d94a42f63e40847dc9fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 ca851ba732a77513de4d01a7a2715057
SHA1 ad77f0b1794ff71f62b908eb72b28cd267df4d0d
SHA256 34cc70ba0e0821f1c90b44019408adf164a4e2c9ee41212b0bcb70ec631bb7d7
SHA512 984c694d2f94f60329fa1b9059dc9f91c761f1cc7aa38b68228eaa598477178977bd52f18a17c1f7609671ff5e99af430210bf9a2eda6828df7db77b32a71566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 d7ab34372c3354cce1155292d78a16af
SHA1 aa4029dbd7a088d4dd1af5dd282e21c0024aacd9
SHA256 fa67ca3a712b8fda45107556936305a84004754afa3540e1727328e9a1c0de33
SHA512 55883a8d24112a7c49a361cd10d30c461342d88e790d6d5afc194f2e75867889302a1fa9e9f873e897514fec593aa55c8b2475f9e18b0ae78ec98d6ef7c11216

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 c7174bb44a5d8a34405fbe4f6863aa43
SHA1 711fa524e3ad46083273b3fda65eadbbbb56eb18
SHA256 80407b0c6aa2af0ebdfc6926d93465e8a40bc02e64aed26d43dcc1bc9b2e97c5
SHA512 465a46788e8a0a666848bf353834fe9698ba13e2f6bdfaa8418e8b94d8f77328fc5d12c52f52e928bfa6f29fd15edb3effc43d13b56210293f97b3384bacc8ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d2c0bc95691a359fff02e4cffc01def
SHA1 7ead4376a56ad285bae72b88d4ae111cfaf6cc0c
SHA256 cd3d6e8dabe09ef39277deb0cdcc27663331f635e0ca908505dbdf236665537d
SHA512 cc1f3aa5f6f557adef7f2391e4babd85afaee9431eb7e02df53fff602bb85694d9fa4752ab427f239c7e4c47c41aaf1a8e8a882f31a0a690664d0ff6dd8d4174

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 26b7962db99dc90fd6c02500c89d6a8a
SHA1 f97f323c4a6fa32c4dd1b11df6007642a2d03d4c
SHA256 5e3931e3c21b934092d7b3d327bc05f5b2b1c7f0a8d60009f5c5749f974bec16
SHA512 beaf56510d538ba22f6b7677db8db28a6adcf62af3cb182eae554ef6cd043577f6f3475df69877d638c236960cbaa9655ebdc6c09365b16339f7092fa8816847

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad4cdc90a7633669_0

MD5 6351079aeed05dd14d497737762ba954
SHA1 a47006f7d867227f1ce698a841621c8388b8a45c
SHA256 9f9102c985e2b2a26ce95be3bfb72292848a3443c8539d422c1cbeaeae3a2605
SHA512 36f44547ec83417c766d0bcfd6c56e6351e5a665d6badccdab86e9580bb40457c3120a785980c2ffd309875bd5e242b70987697ffeb6112438ad182a74ee4c78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53b92fbc4d68952f_0

MD5 3d49a51cde02199faf4b5510de05e3ab
SHA1 36593d9b7b86e142636bb5b6720309a9c78f4efe
SHA256 eb56665de1fc06f10276582e7c05be34f2bf569192320d5f0edda9a239c03b9f
SHA512 636da3b46213e653efde056a46cc44b4601a50d7cbed533e91b6c7fa398480875430168b95fd70afa9f5c9804378615ad4d388d1cc5a7fbb6c10e0bdd21b2b2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\55153f9885059735_0

MD5 abb111ed77355352d5adc604c86dd7e3
SHA1 8ea7933e7d97f0b800ca4e74b1a8501ccf2ac663
SHA256 de1c8d415b3ca166c9e75d0307df9f37d237c5cb9b3963f44b2999a5c5d07153
SHA512 2be0e420c8702eb846456b3ad128220b9d364df156441fd3f2de613b20b8437e97135b14b4c9a52754225c3dffaf552b0a9a9462390f50d386f964cdcc760a01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 c15d33a9508923be839d315a999ab9c7
SHA1 d17f6e786a1464e13d4ec8e842f4eb121b103842
SHA256 65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
SHA512 959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 24f9d4cc7e8c2fd8f7106a9132959fd6
SHA1 e3baa42299754bb3123640e4e384fc8f750224f8
SHA256 deb2260b5f3a62cf8462f6a0428e160d6328dd8e49b765771e008cac3462a88b
SHA512 40fbe248e71791c72436290678c49a00ab816279da65aa0b38b3d4f3fb578b76dc2f90c8bc6c35e2ec591cbe69169351aeadc3bdb9a51d57c790adfa33c24d85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

MD5 2335c53afb1602527663457cc9c69410
SHA1 8f5fc5d6c267d93a855106d908eb3e29c6b77d11
SHA256 9eace0b1569f237f159f7f0a949ba8c435b994331aea1f5c7f73c88d2383da89
SHA512 fb5c29cc151f75126a610aa2b81f05f0cc74ae3a115846ae3e0ea2ce5d233b48c3807868ea9043945de64107af790931fd44938ba28e8ceb90c0d549b0834984

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 8a42ba5472aa4afa3d3ac12f31d47408
SHA1 2add574424ac47c1e83b0b7fae5d040c46ac38a7
SHA256 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4
SHA512 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 589f5285cf0c17d2f832651a31d1c431
SHA1 49ec278df6dc45c1ea0554c0299cfd934462ac6f
SHA256 f9902bf2e05df5b22ea6a5d0fc1c583085dfaa73b03c3f198d35bfae178aa239
SHA512 e425672a259f1b17ac620e106fc39120c37cdf2626e90c9689e8ea19da94b57d18b8d0fbf07e86c27946f03d36a4b27e6b63d6bbf599315c684195b837699d24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2f3fe74665122e8_0

MD5 79b4ccb0af6706316d9695590c487a8f
SHA1 86417dfb3d7e33cad88dd32595803db7ebfea503
SHA256 4825d7ef8c7fb758a47a027c66e09b8ace4e057177b518c3690e91508673b86c
SHA512 a3a73dadccfd9e218123b8b9bf2de2c6374ed181704a1dce90d560d8d0b83786cf6e3316c64749576ad1c673731ba87ae60fae8bb6976b8d1c8817d23d0e1411

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c644062b95acf88_0

MD5 4956744c46cf38fa092b4c6e2d100dd7
SHA1 95e294cf8c7a80207d33eeaa299479709f87a7ea
SHA256 205bf4aff7b9710b9f3ad6897aa7a9c1f48fc71e1249a0ff0b918cd69485b31a
SHA512 503e3eb3b9cadcb9fe5fbf18e0733fda05a228e62a9a9258559c82b7b262c5b5bdafb387fc872356506b44418eb34359dafcaae48114a979029b18aae2aa0afc