Analysis Overview
Threat Level: Likely malicious
The file http://anydesk.com was found to be: Likely malicious.
Malicious Activity Summary
Creates new service(s)
Possible privilege escalation attempt
Downloads MZ/PE file
Manipulates Digital Signatures
Executes dropped EXE
Modifies file permissions
Loads dropped DLL
Registers COM server for autorun
Checks installed software on the system
Drops file in System32 directory
Launches sc.exe
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Kills process with taskkill
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Runs net.exe
Modifies data under HKEY_USERS
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:47
Reported
2024-06-03 09:05
Platform
win10v2004-20240226-en
Max time kernel
1049s
Max time network
1056s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.2\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221\FuncName = "WVTAsn1CatNameValueEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2005\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETSIGNEDDATAMSG\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2011\FuncName = "WVTAsn1SealingSignatureAttributeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2012\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.2\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.1.1\FuncName = "DecodeAttrSequence" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2DC1B848-1F74-4AF3-9EB5-60090940A2B7\dismhost.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Checks installed software on the system
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\ldplayer9box\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SUPInstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\vbox-img.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-string-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\crashreport.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxAuthSimple.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-environment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-string-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-runtime-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxEFI32.fd | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\regsvr32_x86.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SDL.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSampleDriver.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\VBoxRT-x86.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcr120.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-timezone-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-locale-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxGuestControlSvc.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-environment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-math-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcr100.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-synch-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-process-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ucrtbase.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-datetime-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\dpinst_64.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\platforms\qwindows.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\UICommon.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-libraryloader-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-errorhandling-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxTestOGL.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-processenvironment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-profile-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\EGL.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxNetDHCP.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSupLib.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\capi.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetFltUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBInstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\concrt140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxEFI64.fd | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-memory-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_V2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5Gui.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxStub.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9VMMR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-handle-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-string-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\capi.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxStubBld.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-private-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-localization-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetAdp6Install.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDD.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\2DC1B848-1F74-4AF3-9EB5-60090940A2B7\dismhost.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618782183959791" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-808E-11E9-B773-133D9330F849}\ = "IGuestMonitorInfoChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7F29-4AAE-A627-5A282C83092C}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-762E-4120-871C-A2014234A607}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-604D-11E9-92D3-53CB473DB9FB}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\ = "INATRedirectEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E1B7-4339-A549-F0878115596E} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-319C-4E7E-8150-C5837BD265F6}\NumMethods\ = "20" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\ = "IDnDTarget" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\ = "IBooleanFormValue" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\WOW6432Node\Interface | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7F29-4AAE-A627-5A282C83092C}\ = "INATNetworkSettingEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-DAD4-4496-85CF-3F76BCB3B5FA}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3FF2-4F2E-8F09-07382EE25088}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A2-41AF-A05F-D7C661ABAEBE}\NumMethods\ = "30" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\ = "IGuestUserStateChangedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1EC6-4883-801D-77F56CFD0103}\NumMethods\ = "13" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E191-400B-840E-970F3DAD7296}\NumMethods\ = "15" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0547-448E-BC7C-94E9E173BF57} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E1B7-4339-A549-F0878115596E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\NumMethods\ = "14" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ = "IMediumRegisteredEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D612-47D3-89D4-DB3992533948} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9070-4F9C-B0D5-53054496DBE0}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7556-4CBC-8C04-043096B02D82}\NumMethods\ = "13" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\NumMethods\ = "24" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4022-DC80-5535-6FB116815604}\ = "INATNetworkAlterEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E}\NumMethods\ = "14" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\ = "IGuestDnDSource" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6038-422C-B45E-6D4A0503D9F1}\NumMethods\ = "15" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7BA7-45A8-B26D-C91AE3754E37}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2E88-4436-83D7-50F3E64D0503} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3FF2-4F2E-8F09-07382EE25088} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\ = "ICPUChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3EE4-11E9-B872-CB9447AAD965}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-659C-488B-835C-4ECA7AE71C6C}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B4A4-44CE-85A8-127AC5EB59DC} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4974-A19C-4DC6-CC98C2269626}\ = "IGuestDirectory" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-04D0-4DB6-8D66-DC2F033120E1}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\NumMethods\ = "16" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-402E-022E-6180-C3944DE3F9C8} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3EE4-11E9-B872-CB9447AAD965} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B}\NumMethods\ = "18" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Runs net.exe
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://anydesk.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5364 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4776 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5388 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5784 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5556 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5400 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6028 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6112 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x300
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=5924 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6460 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5792 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7304 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=6332 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=7508 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=7512 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe"
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe"
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe"
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe"
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffae3442e98,0x7ffae3442ea4,0x7ffae3442eb0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2264 --field-trial-handle=2276,i,6064303458576177026,7700615369250054480,262144 --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2308 --field-trial-handle=2276,i,6064303458576177026,7700615369250054480,262144 --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2488 --field-trial-handle=2276,i,6064303458576177026,7700615369250054480,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4516 --field-trial-handle=2276,i,6064303458576177026,7700615369250054480,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4516 --field-trial-handle=2276,i,6064303458576177026,7700615369250054480,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --backend
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4596 --field-trial-handle=2276,i,6064303458576177026,7700615369250054480,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4628 --field-trial-handle=2276,i,6064303458576177026,7700615369250054480,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4716 --field-trial-handle=2276,i,6064303458576177026,7700615369250054480,262144 --variations-seed-version /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffafa929758,0x7ffafa929768,0x7ffafa929778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3244 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3380 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3992 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3996 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4872 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3304 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5156 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5620 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5664 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6028 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6312 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6532 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4712 --field-trial-handle=2276,i,6064303458576177026,7700615369250054480,262144 --variations-seed-version /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5944 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6676 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6008 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2636 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6056 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7340 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7284 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6888 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7780 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7876 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7872 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8016 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8372 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8504 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8636 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8768 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8900 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9032 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8008 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9284 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9416 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9548 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9680 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10008 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10140 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10160 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9888 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9892 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9932 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10652 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10988 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11080 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7912 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7884 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7908 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11544 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11500 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6328 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11868 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11848 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11864 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=6000 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=2752 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=3980 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=3788 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=2740 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=12008 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=7936 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=11088 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11496 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8148 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=10968 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4788 --field-trial-handle=2276,i,6064303458576177026,7700615369250054480,262144 --variations-seed-version /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=6380 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6308 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1001 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=721674
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\2DC1B848-1F74-4AF3-9EB5-60090940A2B7\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\2DC1B848-1F74-4AF3-9EB5-60090940A2B7\dismhost.exe {296AD2E2-40DD-4FFA-AC21-7EE5C82EE0B4}
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=11628 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=2764 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=6068 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=6084 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=11272 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=10980 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=2740 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=6120 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=11056 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=10928 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=7552 --field-trial-handle=1976,i,483680454855218506,2082798949419494725,131072 /prefetch:1
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=2276,i,6064303458576177026,7700615369250054480,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| FR | 18.155.129.95:80 | anydesk.com | tcp |
| US | 8.8.8.8:53 | 95.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| FR | 18.155.129.95:80 | anydesk.com | tcp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| FR | 18.155.129.95:443 | anydesk.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad-wa.anydesk.com | udp |
| US | 8.8.8.8:53 | ad-wa.anydesk.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| GB | 142.250.180.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.224.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| FR | 18.155.129.95:443 | anydesk.com | tcp |
| US | 8.8.8.8:53 | tracking.g2crowd.com | udp |
| US | 8.8.8.8:53 | tracking.g2crowd.com | udp |
| US | 8.8.8.8:53 | www.anydesk.com | udp |
| US | 8.8.8.8:53 | www.anydesk.com | udp |
| US | 104.18.43.31:443 | tracking.g2crowd.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 31.43.18.104.in-addr.arpa | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 8.8.8.8:53 | download.anydesk.com | udp |
| US | 8.8.8.8:53 | download.anydesk.com | udp |
| US | 8.8.8.8:53 | download.anydesk.com | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| DE | 159.69.19.197:443 | download.anydesk.com | tcp |
| DE | 159.69.19.197:443 | download.anydesk.com | tcp |
| US | 8.8.8.8:53 | 197.19.69.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 8.8.8.8:53 | www.dwin1.com | udp |
| US | 8.8.8.8:53 | www.dwin1.com | udp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| US | 8.8.8.8:53 | serve.albacross.com | udp |
| US | 8.8.8.8:53 | serve.albacross.com | udp |
| US | 8.8.8.8:53 | scripts.iconnode.com | udp |
| US | 8.8.8.8:53 | scripts.iconnode.com | udp |
| FR | 18.164.52.76:443 | serve.albacross.com | tcp |
| US | 104.16.137.209:443 | js.hs-scripts.com | tcp |
| FR | 52.222.201.118:443 | www.dwin1.com | tcp |
| FR | 18.164.52.125:443 | scripts.iconnode.com | tcp |
| FR | 18.164.52.76:443 | serve.albacross.com | tcp |
| US | 104.16.137.209:443 | js.hs-scripts.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | lantern.roeyecdn.com | udp |
| US | 8.8.8.8:53 | lantern.roeyecdn.com | udp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 8.8.8.8:53 | js.usemessages.com | udp |
| US | 8.8.8.8:53 | js.usemessages.com | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 3.165.113.49:443 | lantern.roeyecdn.com | tcp |
| US | 104.17.175.201:443 | js.hs-analytics.net | tcp |
| US | 104.16.78.142:443 | js.usemessages.com | tcp |
| US | 104.18.34.229:443 | js.hs-banner.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.137.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.175.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.78.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.hubspot.com | udp |
| US | 8.8.8.8:53 | api.hubspot.com | udp |
| US | 104.16.117.116:443 | api.hubspot.com | tcp |
| US | 104.16.117.116:443 | api.hubspot.com | tcp |
| US | 104.18.34.229:443 | js.hs-banner.com | tcp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 8.8.8.8:53 | new-collect.albacross.com | udp |
| US | 8.8.8.8:53 | new-collect.albacross.com | udp |
| IE | 54.220.64.187:443 | new-collect.albacross.com | tcp |
| US | 104.16.118.116:443 | track.hubspot.com | tcp |
| US | 8.8.8.8:53 | 116.117.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.hubspot.com | udp |
| US | 8.8.8.8:53 | app.hubspot.com | udp |
| US | 8.8.8.8:53 | app.hubspot.com | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 104.16.118.116:443 | app.hubspot.com | tcp |
| US | 104.16.118.116:443 | app.hubspot.com | tcp |
| US | 8.8.8.8:53 | static.hsappstatic.net | udp |
| US | 8.8.8.8:53 | static.hsappstatic.net | udp |
| US | 104.17.176.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.176.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.176.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.176.91:443 | static.hsappstatic.net | tcp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | app-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 116.118.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.64.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.176.17.104.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 7940397.fs1.hubspotusercontent-na1.net | udp |
| US | 8.8.8.8:53 | 7940397.fs1.hubspotusercontent-na1.net | udp |
| US | 172.64.146.132:443 | 7940397.fs1.hubspotusercontent-na1.net | tcp |
| US | 8.8.8.8:53 | metrics-fe-na1.hubspot.com | udp |
| US | 8.8.8.8:53 | metrics-fe-na1.hubspot.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 132.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | boot.net.anydesk.com | udp |
| NL | 185.229.190.236:443 | boot.net.anydesk.com | tcp |
| NL | 185.229.190.236:443 | boot.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | relay-2cf7befd.net.anydesk.com | udp |
| GB | 195.181.165.139:443 | relay-2cf7befd.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | api.playanext.com | udp |
| US | 8.8.8.8:53 | 236.190.229.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.165.181.195.in-addr.arpa | udp |
| FR | 3.162.38.49:80 | api.playanext.com | tcp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| US | 8.8.8.8:53 | 49.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 13.107.253.64:443 | edge-mobile-static.azureedge.net | tcp |
| IT | 46.255.85.82:50781 | tcp | |
| IT | 46.255.85.82:7070 | tcp | |
| N/A | 192.168.1.113:7070 | tcp | |
| US | 8.8.8.8:53 | 82.85.255.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.253.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.178.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 163.181.154.233:443 | www.ldplayer.net | tcp |
| US | 163.181.154.233:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 233.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| FR | 3.162.38.43:443 | cdn.ldplayer.net | tcp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| FR | 3.162.38.43:443 | cdn.ldplayer.net | tcp |
| FR | 3.162.38.43:443 | cdn.ldplayer.net | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 6.5.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 241.154.181.163.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| US | 8.8.8.8:53 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| FR | 52.222.169.29:443 | apien.ldplayer.net | tcp |
| FR | 52.222.169.29:443 | apien.ldplayer.net | tcp |
| FR | 52.222.169.29:443 | apien.ldplayer.net | tcp |
| FR | 52.222.169.29:443 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | 66.223.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 34.31.224.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 181.32.239.216.in-addr.arpa | udp |
| US | 216.239.32.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 49.31.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.201.98:443 | www.googletagservices.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| FR | 99.86.91.39:443 | tagan.adlightning.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | rtb.adxpremium.services | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| DK | 37.157.6.232:443 | adx.adform.net | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| NL | 89.149.193.80:443 | prg.smartadserver.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.194.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.140.106.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| FR | 149.202.238.100:443 | ssbsync-global.smartadserver.com | tcp |
| FR | 149.202.238.100:443 | ssbsync-global.smartadserver.com | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 18.245.175.30:443 | config.aps.amazon-adsystem.com | tcp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| FR | 52.222.159.154:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.159.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 3.165.113.38:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1f26edcfe401ea9a6c3108e59415a416.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | setupad-d.openx.net | udp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 8.8.8.8:53 | adxbid.info | udp |
| US | 34.98.64.218:443 | setupad-d.openx.net | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 104.21.48.215:443 | adxbid.info | tcp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| GB | 172.217.169.65:443 | 1f26edcfe401ea9a6c3108e59415a416.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | pxl.iqm.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| DK | 37.157.2.230:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 54.239.33.158:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 54.88.142.103:443 | pxl.iqm.com | tcp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| NL | 81.17.55.172:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | u.4dex.io | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| NL | 81.17.55.172:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | tcp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | tcp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | tcp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| IE | 79.125.94.16:443 | pr-bh.ybp.yahoo.com | tcp |
| NL | 64.158.223.140:443 | openx2-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| BE | 23.55.98.169:443 | eus.rubiconproject.com | tcp |
| IE | 34.255.230.248:443 | bcp.crwdcntrl.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 54.164.74.54:443 | sync.srv.stackadapt.com | tcp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.48.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.3.157.37.in-addr.arpa | udp |
| NL | 63.215.202.178:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.33.239.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.40.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.142.88.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.94.125.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.230.255.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.74.164.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.92.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | d3n1ms4uhtqgov.cloudfront.net | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | 161.182.54.209.in-addr.arpa | udp |
| FR | 52.84.186.180:443 | d3n1ms4uhtqgov.cloudfront.net | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | as.ck-ie.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| IE | 52.211.244.182:443 | ap.lijit.com | tcp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 172.64.151.101:443 | ssum.casalemedia.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | ads.betweendigital.com | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.186.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| NL | 188.42.34.65:443 | ads.betweendigital.com | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | node.setupad.com | udp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 172.64.151.101:443 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| FR | 52.222.161.138:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.244.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 113.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.34.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.25.89.159.in-addr.arpa | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 138.161.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| IE | 34.249.65.85:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| DE | 18.197.199.178:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| FR | 18.155.129.119:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 52.18.168.73:443 | ad.360yield.com | tcp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | 121.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.249.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.199.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.129.155.18.in-addr.arpa | udp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | pixels.ad.gt | udp |
| US | 172.67.23.234:443 | pixels.ad.gt | tcp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| IE | 54.217.112.90:443 | rtb.gumgum.com | tcp |
| US | 104.22.5.69:443 | pixels.ad.gt | tcp |
| US | 8.8.8.8:53 | d.turn.com | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.168.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.112.217.54.in-addr.arpa | udp |
| GB | 172.217.169.65:443 | 1f26edcfe401ea9a6c3108e59415a416.safeframe.googlesyndication.com | udp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 8.8.8.8:53 | cookie-matching.mediarithmics.com | udp |
| FR | 54.36.150.182:443 | cookie-matching.mediarithmics.com | tcp |
| US | 8.8.8.8:53 | dis.eu.criteo.com | udp |
| US | 8.8.8.8:53 | 133.200.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.164.228.46.in-addr.arpa | udp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 182.150.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.193.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cs.lkqd.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 8.8.8.8:53 | cdn.doubleverify.com | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d.agkn.com | udp |
| BE | 23.14.90.107:443 | cdn.doubleverify.com | tcp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | tcp |
| IE | 46.51.204.86:443 | d.agkn.com | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| IE | 46.51.204.86:443 | d.agkn.com | tcp |
| US | 8.8.8.8:53 | odr.mookie1.com | udp |
| US | 34.160.236.64:443 | odr.mookie1.com | tcp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | tr.blismedia.com | udp |
| IE | 34.249.65.85:443 | match.prod.bidr.io | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | rtb0.doubleverify.com | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| GB | 89.187.167.5:443 | vid.vidoomy.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| DE | 79.127.216.47:443 | c3.a-mo.net | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| US | 8.8.8.8:53 | 107.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.204.51.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.236.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.105.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.74.204.35.in-addr.arpa | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | pb-am.a-mo.net | udp |
| IE | 34.249.65.85:443 | match.prod.bidr.io | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| NL | 147.75.84.158:443 | pb-am.a-mo.net | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 5.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.44.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| US | 104.18.38.233:80 | crt.sectigo.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| IE | 54.73.162.61:443 | ce.lijit.com | tcp |
| US | 54.164.74.54:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | ws.rqtrk.eu | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| DE | 57.129.18.109:443 | ws.rqtrk.eu | tcp |
| DE | 57.129.18.109:443 | ws.rqtrk.eu | tcp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| NL | 35.214.223.82:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| US | 8.8.8.8:53 | cm-supply-web.gammaplatform.com | udp |
| US | 8.8.8.8:53 | ipac.ctnsnet.com | udp |
| SE | 213.155.156.165:443 | d5p.de17a.com | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | core.iprom.net | udp |
| US | 8.8.8.8:53 | 61.162.73.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.163.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.18.129.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.223.214.35.in-addr.arpa | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | green.erne.co | udp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| IE | 54.217.19.5:443 | cm.adgrx.com | tcp |
| FR | 141.95.171.140:443 | green.erne.co | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| FR | 141.95.171.140:443 | green.erne.co | tcp |
| IE | 54.217.19.5:443 | cm.adgrx.com | tcp |
| US | 8.8.8.8:53 | user-sync.adxpremium.services | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 64.158.223.140:443 | openx2-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | pixel-eu.onaudience.com | udp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| NL | 64.227.64.62:443 | match.adsby.bidtheatre.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| FR | 141.94.171.212:443 | pixel-eu.onaudience.com | tcp |
| US | 172.67.40.173:443 | mwzeom.zeotap.com | tcp |
| NL | 89.207.16.204:443 | pubmatic-match.dotomi.com | tcp |
| NL | 89.207.16.204:443 | pubmatic-match.dotomi.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 64.227.64.62:443 | match.adsby.bidtheatre.com | tcp |
| FR | 141.94.171.212:443 | pixel-eu.onaudience.com | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| US | 172.67.40.173:443 | mwzeom.zeotap.com | tcp |
| US | 8.8.8.8:53 | se.semasio.net | udp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| GB | 216.58.201.98:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | rtbc-ew1.doubleverify.com | udp |
| US | 8.8.8.8:53 | 140.171.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.19.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.165.5.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.48.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.156.155.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.171.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.64.227.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.40.67.172.in-addr.arpa | udp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | vpaid.vidoomy.com | udp |
| GB | 89.187.167.4:443 | vpaid.vidoomy.com | tcp |
| GB | 89.187.167.4:443 | vpaid.vidoomy.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 8.8.8.8:53 | dsp.nrich.ai | udp |
| FR | 51.255.68.171:443 | dsp.nrich.ai | tcp |
| FR | 51.255.68.171:443 | dsp.nrich.ai | tcp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| DK | 77.243.51.121:443 | se.semasio.net | tcp |
| US | 8.8.8.8:53 | 4.167.187.89.in-addr.arpa | udp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| DK | 77.243.51.121:443 | se.semasio.net | tcp |
| US | 8.8.8.8:53 | 180.201.192.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.68.255.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.127.47.198.in-addr.arpa | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| IE | 34.249.65.85:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| IE | 34.249.65.85:443 | match.prod.bidr.io | tcp |
| NL | 35.214.223.82:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | a.vidoomy.com | udp |
| NL | 35.214.223.82:443 | csync.loopme.me | tcp |
| ES | 212.36.83.246:443 | a.vidoomy.com | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| FR | 141.95.171.140:443 | green.erne.co | tcp |
| FR | 141.94.171.212:443 | pixel-eu.onaudience.com | tcp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| DE | 3.122.214.165:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 246.83.36.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.214.122.3.in-addr.arpa | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | matching.truffle.bid | udp |
| DK | 77.243.51.121:443 | se.semasio.net | tcp |
| US | 8.8.8.8:53 | pixel.onaudience.com | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| US | 104.18.25.173:443 | a.tribalfusion.com | tcp |
| CA | 148.113.153.93:443 | pixel.onaudience.com | tcp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| CA | 148.113.153.93:443 | pixel.onaudience.com | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 34.86.82.41:443 | e2c26.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 173.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 34.86.82.41:443 | e2c26.gcp.gvt2.com | tcp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | 41.82.86.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipac.ctnsnet.com | udp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| NL | 185.89.211.84:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| US | 8.8.8.8:53 | 173.193.186.35.in-addr.arpa | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| US | 8.8.8.8:53 | 196.120.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | hentaihaven-xxx.webpkgcache.com | udp |
| GB | 216.58.212.225:443 | hentaihaven-xxx.webpkgcache.com | tcp |
| GB | 216.58.212.225:443 | hentaihaven-xxx.webpkgcache.com | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 225.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.32.239.216.in-addr.arpa | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | 49.4.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| DK | 37.157.6.232:443 | adx.adform.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| NL | 89.149.192.193:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | 193.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.us.e-planning.net | udp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| NL | 185.89.210.244:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | s.e-planning.net | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 193.3.178.1:443 | s.e-planning.net | tcp |
| US | 8.8.8.8:53 | 4.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.226.238:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 238.226.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 172.64.151.101:443 | ssum.casalemedia.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 52.209.124.52:443 | ice.360yield.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | 52.124.209.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| GB | 18.172.89.15:443 | s.ad.smaato.net | tcp |
| IE | 63.33.33.194:443 | rtb.gumgum.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.33.33.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| DE | 35.156.183.76:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | amazon-tam-match.dotomi.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | trace-eu.mediago.io | udp |
| NL | 63.215.202.169:443 | amazon-tam-match.dotomi.com | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | 76.183.156.35.in-addr.arpa | udp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| DE | 3.121.157.160:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | 169.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.168.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.157.121.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.140.121.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 104.22.51.98:443 | spl.zeotap.com | tcp |
| US | 8.8.8.8:53 | u-ams03.e-planning.net | udp |
| NL | 193.3.178.4:443 | u-ams03.e-planning.net | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | cookies.nextmillmedia.com | udp |
| US | 54.196.96.93:443 | cookies.nextmillmedia.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| IE | 34.255.48.153:443 | match.prod.bidr.io | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | 93.96.196.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.48.255.34.in-addr.arpa | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| NL | 185.89.210.244:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| IE | 54.216.45.174:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 3.231.251.26:443 | i.liadm.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | 174.45.216.54.in-addr.arpa | udp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | 26.251.231.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.15.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| JP | 124.146.153.162:443 | tg.socdm.com | tcp |
| JP | 124.146.153.162:443 | tg.socdm.com | tcp |
| US | 8.8.8.8:53 | 162.153.146.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | cm.ctnsnet.com | udp |
| US | 8.8.8.8:53 | rtb.adentifi.com | udp |
| US | 44.193.117.232:443 | rtb.adentifi.com | tcp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 64.74.236.127:443 | b1sync.zemanta.com | tcp |
| US | 64.74.236.127:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | 232.117.193.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 185.89.211.84:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | dmp.adform.net | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | dmp.v.fwmrm.net | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| US | 8.8.8.8:53 | aa.agkn.com | udp |
| US | 8.8.8.8:53 | beacon.krxd.net | udp |
| US | 8.8.8.8:53 | usermatch.krxd.net | udp |
| US | 3.231.143.15:443 | dmp.v.fwmrm.net | tcp |
| IE | 46.137.118.5:443 | dpm.demdex.net | tcp |
| FR | 91.134.110.137:443 | sync.smartadserver.com | tcp |
| IE | 54.220.158.112:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.215.95.146:443 | aa.agkn.com | tcp |
| US | 8.8.8.8:53 | obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com | udp |
| US | 3.231.143.15:443 | dmp.v.fwmrm.net | tcp |
| IE | 46.137.118.5:443 | dpm.demdex.net | tcp |
| FR | 91.134.110.137:443 | sync.smartadserver.com | tcp |
| IE | 54.220.158.112:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.215.95.146:443 | aa.agkn.com | tcp |
| IE | 52.16.125.180:443 | obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.110.134.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.118.137.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.143.231.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.158.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.95.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.125.16.52.in-addr.arpa | udp |
| IE | 67.220.226.238:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 64.74.236.127:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.200.42:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
Files
memory/4204-0-0x0000000000D64000-0x0000000001F9A000-memory.dmp
memory/4204-1-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/4204-4-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/4204-7-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 1ba283c085d9ed9584f5a95d5369716c |
| SHA1 | 79e2c8110dae167cc69f769beaf82a5ea88ab8b5 |
| SHA256 | 26c380ab41335e9ebaa74b21555b5de294d1333f3944d8a81b15c725f3c6e5d9 |
| SHA512 | 0b42479022ea67203c79cb0c1b8e768db4c1481c8d16feaedf1523bcc7df9fa8ec143acb85b5a0458bd584860645aaeffa08b4cc4ae4351c4093fd7bdfbd165e |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 69be264c44bcfb17b3bc9527de748094 |
| SHA1 | 0a8515e94758ad11e9b614bcb30ab7985e0f20f9 |
| SHA256 | 89b5909d2229761f743840b853cce798ac16050a19d7a780222481f80f91ad9b |
| SHA512 | ddd3ccd226f743bb1f6507bb256dd719640c0ff31baba1f040f2b35d6ba6079ff9ff37618bd85820abc84354528c2d1beecf0884bd9dbde4d6fb077ded782efa |
memory/4012-8-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
| MD5 | 6efe27aaaf06ebb8a059ad2b6c17d68f |
| SHA1 | 34e8fa81fc7b95a0fae0ebf7e0c0d8d5b07d42cc |
| SHA256 | fbc1fb4f3010859ce08666d2643a10067742e3576ea59552a8a04848e17ac2df |
| SHA512 | ca9d95b6105ccb777ea6925f16f8ed4471d24d71235f956f665af0579d011ba84973f2c4e19b3f0245a98c53d4a0aff092e8f6e2745d199d32033b4034fab6d3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
| MD5 | e9f1554b9de262a4be70efd840b41db8 |
| SHA1 | 1994c1c31e242e4df20ff8d73937514f1d1d462d |
| SHA256 | 211725cbe94711b10ca9e7e31433d68fd30d05d55401c0cd7d6c23c9f758d054 |
| SHA512 | c033bb49f5275c5cfc57aced082dc19c08515bc0728674488f5fb3884fa1d647b36916043d489591f7844046b8a0b7fd3d4fac98c9bcdd534003522bfd670bfd |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | d3acb1c605acea7f2e54d91be6d35004 |
| SHA1 | abf6affe5eacde4372de0b3b27b6ade82d3299a8 |
| SHA256 | 87ec9dd8e895d3c141320ec79aa1f0e0d58c12ce716bf208acdaa89ec78f7f5a |
| SHA512 | b9de57eb3b4ed4c97db7f0b41d8e6c42fa1a300e32edbc2a0fe047420f35e9986df64f3b2391e7cca60119f30cb5d7ace4daa53a18d0fa080b116b65fca52d7c |
memory/1720-25-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/2784-32-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 29027c3e82eff7cf0ea3768b45623897 |
| SHA1 | 43ea58215267e4fd60fab4c1460e42b962527f5a |
| SHA256 | 16f8960e43cd56fa3798a392eb702d02644918a50aa0f784534f28e450e074c7 |
| SHA512 | 2234538fad56bcf61c0c0c63e9c1276dabdbac512d225f362ffa295cd16a2ce8dc6566baff419946fd3a27e2d83a9d77505e24e31e10913fd8ea95204258cd4f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
| MD5 | d795513ae1e73df16a496e6171400440 |
| SHA1 | 7e5b9b1c31e1bf26eb60a0f7b58491b064088f92 |
| SHA256 | 8ad14dcebda73fd6f0c68b8ac726865f5b976a220fd4a4437742a83dc9b49bee |
| SHA512 | fbd6b65865ed5f9efcc358f23297fd088f2dfc5dda6a12b95b84a7e31fa28985cbe236387a1b19693d3e388804b5302d30c608f55a459e1b806f78e19732c78f |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 8237f91aa46841b31c63fdb5faec9ac9 |
| SHA1 | 81387e32cccbae4781cd1eaba75e5efd9b016992 |
| SHA256 | fb1e7be063c130aa8bd4cfdf16197258e59fe5f0bc8cb3d891d80cae068b54a8 |
| SHA512 | 232e934baba7d664439cc764c5601930fb40a56596f608baeb7a59ffa704bb1d2b7dbc4eb2439ae48a26133de3266a67786760f2f969699a8c6873b28109fffc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
| MD5 | 9d2647de5bf0e6976eae524647670868 |
| SHA1 | 745c80d592af18e5d9b171b3975c279d2ce241ee |
| SHA256 | b87b98355b24babe5fdcde4ae67b4b96792b44bcc803a2e43ce8ddc33c2841f8 |
| SHA512 | 6dc55cb08bf699534f500dc66f791b8eea585ac4cafdb0e97a7eee591522c4dda1f510520b382c4ee0d68425935769560118684769c990fd73c33e4b35a06652 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 09e0a5f2c827914bbe16143787d17584 |
| SHA1 | df3d342a6d2b93ca73d88b45ff06f28d008c5533 |
| SHA256 | 1a5d25bc48faf71b2282080fa274b47253fc2558bfd1e255285e9201be3fdea9 |
| SHA512 | 8f5e35b9a15af544cf52e6a371261bef951adf4fb6782b7635324a4ca5139f160e6e078ef12c3180c7bb8f3ab04e824cb58182bad7f591be24ead0aaaaf713da |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | aab8d2e173e120429173f5d20bac5f3e |
| SHA1 | e050cf592d192d0de9f96173c71335c224dd2be2 |
| SHA256 | 1e2b6a4f9c9b40b5c7c639a339dd887044b7d967c2ae8d67ccdfe9ab83d56684 |
| SHA512 | d829adca7b22badbb61066e11f865253952cdef64fe412f6c9013a6635fe03cd38de5ed940a67071821d9a82b96b7a44be3d843870b3e34b1e89bad1746c5fac |
memory/1384-63-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | f873945c7bca2eb5b7cf980778ebad68 |
| SHA1 | c9bf34a97573fc3c07cf26120fcb0c57286f69b2 |
| SHA256 | 5354ff99cb72e08c862285be74b8ca8a5db0093622ea8c412ecdcc354eec947a |
| SHA512 | c71f7a83964877fbfbb142b7c2dd4d6dff2afede7b1998faa2dc111a2ec1585bd5e9e400f435db5c220ec5be5cd38b77ab821250a8128759c50880fa933bb830 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 0c04ad1083dc5c7c45e3ee2cd344ae38 |
| SHA1 | f1cf190f8ca93000e56d49732e9e827e2554c46f |
| SHA256 | 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0 |
| SHA512 | 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492 |
memory/3644-65-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 853146adbe5807bd4cf6cfbac89b1dcf |
| SHA1 | 2d2a134da9ca957bee132b3982c47486ca8125a5 |
| SHA256 | bc13c52bbbc4d02666bd8e56dd1e1e3e69b8809f167e0d04bfc370823ec6374f |
| SHA512 | 0f65d128a362f345d3b884024c9b1cf1a773a2e8542f86a7e8c7fe6501d51c1c85d8cbbc3d680965e82e96197e05755a7d640a2b32041bb9348d9dcf9782784c |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | a990860f79ee082a3bf40d36d4d158dd |
| SHA1 | ae02a3a440d18968c696383135cf3d144cadde8b |
| SHA256 | cc181e15ce05f5ef8bafcde492fd0cd4872060f0dfcc50b2a9af194b864df41d |
| SHA512 | 447ae03f60e026d0f5859d680c29b5fb07000f3e7a08bb96e34fc15078d0b11c7edb6a237d56b895601fc04bb7cea11934e82814b0e78d5405cb187c2ea51637 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 4f36da934536a09db859cf625287b38b |
| SHA1 | 53ee7b2dd1c162d4c05512b7015547b7e54faba4 |
| SHA256 | cead80f47396d828dbbc3d4290f874f8696a7e1c562036b0b16fabadfafda4d7 |
| SHA512 | f3c645a1f6a3e0333a91216c4847ad2fb8cf6d5d0276bd9add0c7eb8af248365a0b1c4b97f3c3d79d3e93025df3a210c9d1ceee405b5632fcc0ff32b5b18e44e |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | 10dadb1274306694248e3095b8c516a6 |
| SHA1 | 7b94e89a4307de5d171d6186d93f86c1e57a0e36 |
| SHA256 | 55fe6f866bf3ce97254e3da300f8a845b8670ede8bd431a766146993bb18db84 |
| SHA512 | 4f008983a28d41cad69cd1453ae18c1657de3c3e307128c0d19ebebf6b7dc8a85e0e0874871ae3b70c3dab49cebedbdb4c7e12ba220cf1dd1955f52dd15c59e2 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 680e6bd52f2169f045f0af99fddf5a10 |
| SHA1 | c2388970e771fe7d226967b83329efdc1421ae75 |
| SHA256 | 23f8ef994563accc613f8480253da75446e335d0893af724b064f66093f9f6e5 |
| SHA512 | 308567f78d1988939691a6b8db428097051230561d56e3eaa60f5e85f3e7f462494a7e4eef1becdbccd9df6df56167255e9c3ddf13801626cc7e7d17de97e125 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 2914bd0d338c2505a0eb3469bf348d66 |
| SHA1 | 4912a53e6068f88943b3f261c9ef4ae4aa23bc77 |
| SHA256 | 03b10a3e3e16667b6cbdfdeb4ca7f0f1bd826977ff76c53a3bf64d026df1bd73 |
| SHA512 | 67feb6339be1ff4753b6001bc8f48470e8f4bb9f7e9e7403501f662dae97c6f65bba63df57c87a50a45588a27b6cf7f433584b55c36004d4d12fe4eae7e40080 |
C:\Users\Admin\AppData\Local\Temp\gcapi.dll
| MD5 | 1ce7d5a1566c8c449d0f6772a8c27900 |
| SHA1 | 60854185f6338e1bfc7497fd41aa44c5c00d8f85 |
| SHA256 | 73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf |
| SHA512 | 7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | fa9fbe8e53554dd016748212b91a205a |
| SHA1 | 4679ed23d0c2210879f85992c4e289bd260afb7c |
| SHA256 | be784e3fd6406076557ebfac872652b72bfbefa4a0db9f8434fbc08da7860664 |
| SHA512 | 7dfc15b923633eff0d602181abc0b79fac78c7c975a6aa1ce9a6d1e234b14fe475b1749509cde9145e866579a8dc5df550441c96a319abb621d1d0dd72497ba9 |
memory/4204-589-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/1720-591-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/4012-590-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/2784-592-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/3644-594-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/1384-595-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6ef6d15ccc52300750908642e01e8650 |
| SHA1 | 74621478bdb371cf1518b7fb9e2d719bc3007fb1 |
| SHA256 | 53713ea4fc8054e666c57beb4cff67dd62020f7f9deaead16f948787b4d83bd4 |
| SHA512 | dfffe7a02e97cf6edf33dd71be0c9a5a4f0286d621ee6e1c7b7451f9404724bfb86054cca4657f05276e90ebbf8fefeca8b4b9db73b9d8e7d0284f373304ec27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
memory/6204-655-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5275c4f646dd5bc7a7615e2d6fd28aaf |
| SHA1 | 64b207d4fc0b8735957d242f7bc4804d7eb28d12 |
| SHA256 | af6dadf0007c10c27df7ee9d48d8f723a1538688555e0fae760262d343df5bd9 |
| SHA512 | 0bf8d47d4b5e3806a709954b0c29d1b0ff094b223e98b3c3444bf92ffa5d9d1940b9e983d8aba1d9cd78f2482a49a2088687bc994f112573f6e72f6fcec199de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 66d1c513621841d6dbfeeb088aa9bbdc |
| SHA1 | 42ec329caba481a3d3cdb7255941be8e0517c938 |
| SHA256 | 5d1585d0a746af097c08e2412eecc2cb88528c943271bcfa127ba29af10c679f |
| SHA512 | c4f05a871a10865c046cf4800bf57a59770d01479d67a46d52567dcd9222ba9981cadbb9c3b780beb5c2639840932bc5cf20f36c6a238e2ab4be6d38ea3f4081 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | a4c517f817d7755fe0ae418ac8128af1 |
| SHA1 | d96b570f7da43e32eefc1cb729a612f9b24f531b |
| SHA256 | 84f44e1e7f07c9c90ecc48b9a8768f5d7dc3325cd4c60cc48d8b9f18b33b5442 |
| SHA512 | c873528fd751b66f9dd6293c38b1821f82ac464d940e898858bf15dff105554e980dc44c25afbe07600859db287d72c35605e379e9e91c606afaec316ca3d91b |
memory/3644-690-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/6204-696-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/4204-697-0x0000000000D64000-0x0000000001F9A000-memory.dmp
memory/1384-704-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/3644-703-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/6204-710-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 75c6b27aaec2e501aee8894c08f2e026 |
| SHA1 | 3fda672a60e1673b14d9591706107818779cc98d |
| SHA256 | 51a268735fc456bcda22cb22f3641efe4330a69a0b928206dc0cb341c8f8737a |
| SHA512 | 4ffd7ed540e18dc68de9cbedf430257513589bdcbafe0a3d976899a833db2e8712309dec3cf1bc1f2947d19b43b88b0985b74d9e5b2e7d6826c20c265dfcbc63 |
memory/1720-712-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
| MD5 | ac429a60d1b2cda09280442b89098b44 |
| SHA1 | 2feadf0f437bb5dcd20860354705c2b9f1897852 |
| SHA256 | 2d08e2b68c7c293b71319d8d56e6e0b4584ac250d5efe0f43aab2b0afefbac0d |
| SHA512 | a5f7d9d11e68ab2542e5ecda4e02108309442b07a13d27b5ff94ce88fb474fdc595c795cfa50efc55808da94d53d03b64e8f7303940cd69d529e48709b06098b |
memory/1720-744-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 39d421d2521fd7280b4ea82ff7fb2409 |
| SHA1 | 3e0efe82e7026eae8c293f9196dc3f4ac9cfa337 |
| SHA256 | 3ea656c4976c3732d3c5be397c3eb84a4e8d2f0dc208e80540caae6dccab9551 |
| SHA512 | 1831646093a3b195fbd0e96e515f31874a5045e4f868a0b2c2762737c8bd1fcfbe74e27b46a96824cd0d51fd4fee517e02f3f29c74edfedc8e32ea8d9b7ae6e8 |
memory/4012-759-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 620ce244d8cdb161d88def6fff432204 |
| SHA1 | bee82b11f961f93fe11d751ef7a6db805e040a74 |
| SHA256 | 2353f6e3fb2732252a00fb3b42cd7c76265d0e56b433d5a7e6d9474b0e9abc58 |
| SHA512 | d27e91d802cb084cf9689ac87e54d273111368ab2645fffe3512ff5bd18618ee9ec7306057d3763eb72fbbf91cfdd145396ab542c9fc6da9869289b1d8d5c44e |
memory/4204-783-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/3644-784-0x0000000000D60000-0x00000000024A9000-memory.dmp
memory/4204-789-0x0000000000D64000-0x0000000001F9A000-memory.dmp
memory/6204-792-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b7cb57f4-0373-40f6-a92a-61c68f87f3bd.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d469bd6a5376224f61759fbeeb147c40 |
| SHA1 | e03bd662f32a4bced737072cfb03b50dcc3c6f52 |
| SHA256 | a2a8eb969f468f4a02bfcba355be128d667bf0abd1bcd5b65a71cd874a2519e9 |
| SHA512 | 0b38eb66e121c146497d077cabd44a99677f58e8331da7393c84a402fdddd15386352c39a4bed3e3dd693e01a889c9c0af2f354f9d441cb3b6e5c1f1d41942cf |
memory/6204-834-0x0000000000D60000-0x00000000024A9000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 09d5fe641ee783eb0b65e0446518efb8 |
| SHA1 | 1190e2e1a5ca0bb887a573bfb0423b93151aa417 |
| SHA256 | 795c60c3a3ba486abebc5b1981a429ff09a0af507bbefd5bc30088c975de57ca |
| SHA512 | 924856fa9693e21226560f41045c1019c0ff47bb71e49b7956d15f0dd1bdb40b310b4a8f46ba68a319e7c832e4536472b8a75a22206d88c5006fcb0df5ed4862 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 45667626f8bf1ed0adae35fbb45bd3af |
| SHA1 | f903b8502281abac92227b3e8df4b8f89b21aea6 |
| SHA256 | 0cdfaa0c6a8e39644ace431c3d62ace0a8d91ed27363019d32b2c53a8f9fc7ba |
| SHA512 | 35bf9a67e5aa67ff47a4d100f346736148678fb496bb6bb08d72d223aad51f0018466744f0ec2a4bac607c4c99368df3462f70bd7f2bc397a4cb45d450181bb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | f1045051384dc4e3551b68fa31f81550 |
| SHA1 | 32141ebf8e8da6a0db585ef9da7d4e5eb2511ec0 |
| SHA256 | b4d661b531429edc2de97268efda653c668b4bf11fe4d3874e1db41ae4ccef63 |
| SHA512 | cdf8cd8d8964ce0d6d961c17fe2759f45d7a28978ab16bb67e9d85389d42aa7ca299f330a65680fb0cd204135af8dcd494b82dd9c800853f3c02f04f119ea007 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ca9df3c441c1cce83c2d4f800e1ec7ab |
| SHA1 | a5b046d6418fb8a1461aadc0189f1fa63635c80a |
| SHA256 | 5c6fc05e7b983c1900dd1146b73da15f50b83abedbaee7c89942c2106113154c |
| SHA512 | 20f493f0cc748fa427e1c52e5949b1144773aebba2df5673249a8b58c3c58f0fb6e5de9f403c65ef2e8dac7e5b09a343c0d1dbbf089a0a9f6e7eb5299ff4477e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a7f14.TMP
| MD5 | a7b026a94446a90553b4cdc2ebee945b |
| SHA1 | d83628774e47e2f7520a0ed4a49967daaff12431 |
| SHA256 | 4ce8d66f6a9f5b38bbdece5e316a0e60e34e040433660240497d11206f2a30e2 |
| SHA512 | 7dc33c9b8467314cffc070df0723da31050b4e62ae8e7e7c506b64c4950277ff4e25a2a63efd808a32ed26a519b2ee6fbc46d94c03d7c136cdad693e5fa04751 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8bfdfb634f6dfd4880aa920cfea2f080 |
| SHA1 | 47555e02dab99b5f89293d98384d1bd6007cd10a |
| SHA256 | 9f03672504fc1123cf59156dc0642e56e4ac70a125566c3e8397fe67ddea1964 |
| SHA512 | 0a6ab891cc6bea5918f9710450568938aebc98c5771b13ad087047969df6201640877912547e93b1fdda35cbdcc36cd4b69d3b9d4c4690bcc21c710da75b8052 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8305320326f168991e3b3a6aa651eb92 |
| SHA1 | 3a5f32c0a39e7bcb1f2e53e5388db109f17c107d |
| SHA256 | d71cf318ceadfad64eca52aa0e1911aadcb9d967c6796b35143d2f75bb133079 |
| SHA512 | b234af1dd2e9921fc34d5b234f508ec0b2535912d179284adfaff93cf75a41ebbd697e3ceb18f5da00113ea36fe04ff36f1986953fcd72430b5b5a5b6ad29442 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c86c6adb952aaedcb541f880071efc6a |
| SHA1 | 8bca09a2c06b47f236839ab0166fb66cb12ef6fd |
| SHA256 | ade13d4ed9d3490b6e42715cc69b19c44c001aae4a93031c7266199cc123fc25 |
| SHA512 | 044fe1c3e8eac4e602cfb94c9eefb0da9d312d5c8627f00732e6eddca73381f8d89a8cfe0e590f26f1fa54533c2a4295c88853a67867b9c737e1f298b4e14cf9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 44e787c8a7bb96d9a0a3dd17c455b184 |
| SHA1 | 169ba860f11c0e24aa40ae05611e8e0029261d41 |
| SHA256 | a11b4d29592fa54d0b08ebce7bd5de08d735461102f6606e6d00e1af077dcf3a |
| SHA512 | 7d133e4cae6c94031314b3effce17bd2537a1eafe42c50d2c77a474b629207f1e931e43dfbea01abe4d60e99682932525cb9950e3b61ccb16fc39a8c3f36b692 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ae986.TMP
| MD5 | faf030ba18683dc58447115e426282b0 |
| SHA1 | e678b12c1e5d7d401b7e5896662cf373ba97f8a1 |
| SHA256 | 0f3ecdb111e2cab837baff8fe795ddc5a5e93e835efea26f2a17d4c1cb26d3ae |
| SHA512 | cf9a181fa8ac67c1b935085e2bf2e3434f8b5436de198ab4e4e3caaa1aa81642685cdbc8b3a0502cd4b26d30c80294fe1cea182604f98d48a29b3ff52177c615 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2beb7c487afa790cce4687886dcea866 |
| SHA1 | 755df3eab43c2adc001947b350b54354d7e8b658 |
| SHA256 | da6808d9164cb94d6cde8e3dc1c135c72ecf221852b5116ac26206f4ecd7990d |
| SHA512 | bfe3c6b02445d33d95a97b1f11aae7739e535f4f0e17ba00ee2a18a5e204e6dc64028d10a7fc049af0bcdaf8e4e639d7007bad0f0a398be9f22f3c89bde57a48 |
C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe
| MD5 | 3470dad8219537a4b4d9f1ff73436893 |
| SHA1 | fc5ba88ce9719ad6ba6febbaab971801cd625933 |
| SHA256 | 1f5cc5c2211c48f57acf7d4113a487fbbd74a423303102821c913139d7ff782a |
| SHA512 | 2cf931cf203650781ca27051cf58b61a26700cb492086ce04a8680a49126b63276c77241d5d3f31a8a948edf56e0accec57c78e620200d310af48fa076d33c94 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5a92ead26042d14e5e25282bdbc19761 |
| SHA1 | fcff593a4296381b4dbff9088ece3c502ba32962 |
| SHA256 | 2b1ba599fb2858f759b280dba9b764affd05736ad20580585964ed9286770232 |
| SHA512 | 74c139dba4ea875cd89dbea2fef69f93249ae012af872618b76a31aad95a25fb50bcfafbbd032d8a6daeb9b54bac019ca171dffc4573cdddd3e3addadb3057cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 60e3b3d20df0d38c305994f71cf2cbf4 |
| SHA1 | fec75c9811ee8dfe2c5fea1e86a23de2f13f7834 |
| SHA256 | 73206137f77b294e2193514a34bb233d0dfcba05412320a089abc792de1fe082 |
| SHA512 | e3e539d8136c946074313b86e2b5cdd029a20497c331d4407c90ae3f6041d22a7abfc91a4b14b96355f37a75047166dc8331b40a046850ad6ae8fad3e6889c88 |
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | 7d5d3e2fcfa5ff53f5ae075ed4327b18 |
| SHA1 | 3905104d8f7ba88b3b34f4997f3948b3183953f6 |
| SHA256 | e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4 |
| SHA512 | e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589 |
memory/5148-1408-0x0000000072010000-0x0000000072024000-memory.dmp
memory/5148-1407-0x0000000008210000-0x0000000008224000-memory.dmp
memory/5148-1414-0x0000000008810000-0x0000000008DB4000-memory.dmp
memory/5148-1415-0x0000000008360000-0x00000000083F2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e205e045c87636144f0dd6789c715298 |
| SHA1 | 0d729a2fb5c50929b9e1b458b735ed6236c70e62 |
| SHA256 | cad00e8eb6811e1d05bd461cf974b753f0cf3c7e19996dad165ec29bf4d85de6 |
| SHA512 | 959087fc638dd08f36e851d48731e502c519ee7305ee187f10932f9a2888d5769e73ba48db33cc111204313d4b71d7599c56b3d137227038eccb496d787d4ef9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053
| MD5 | bcc4b91575004b43a8d8784b3ce12385 |
| SHA1 | d3248f3bdaea64ee97ba0196051000c31abffa38 |
| SHA256 | ccaebf2f7e94b54ccd54438896cc4c3867be5dc986527cc71f57a9404d07af41 |
| SHA512 | a1c3dc049ca0252a442cd9fcd7ca4786c43b9d0086b6a1273c224c476e613c53f4966c88b6c5350e026da1e27ec977e3ee6a9b53d33eea9995480d4b41e7e98e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/5148-1452-0x0000000009780000-0x00000000097C4000-memory.dmp
memory/5148-1454-0x0000000009900000-0x0000000009966000-memory.dmp
memory/5148-1453-0x0000000009860000-0x00000000098FC000-memory.dmp
memory/5148-1457-0x0000000009EA0000-0x000000000A3CC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2db02d8c7fc82eba4751aceba382547b |
| SHA1 | 64711af32e06eed59aeb716e1141b3eb5a3aaffc |
| SHA256 | 94dea1fd2895a7f656a8d9406a32482f0018e424857a5b5bf8838c077f7d77ac |
| SHA512 | 37136cc865a1ff323bc296cdfc520d7ac48e699866a4aba98b928e2142909f4a9e37dd99266ebaa9457374851d8bdd1c3491a63fc4faac07dc8b7b4c0de27920 |
memory/5148-1495-0x000000000AB00000-0x000000000AB0A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f
| MD5 | f3dc36eb8d102c5b65b1a457ea739ef0 |
| SHA1 | b18742e75723d4379811ec5cd6a714d5841878e1 |
| SHA256 | 7b8db0f76ae02660aeb9294c337153d4365ea193c2e9c0ddd4ca2a54fe7457c2 |
| SHA512 | db56010e8d7b5f831d64c4daa8ccdeb21deba6ce5b4594f065eb942d551c56c6174a306ee17b3359cb7260f512dfdd645ce0b62bff992bf0d2a96e9771bdbce0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3a0b95b8fa5a0d5ef175a57a1d524f9c |
| SHA1 | feb2199efba90518b5e28a6cb30c884cfa4d88e7 |
| SHA256 | bd7badd58be6f085712929b3ae84d554c9771d86d3c6a17288cda4dcfbc5271f |
| SHA512 | 6678f93b54f2975ae49676a513fd3bf97f08896e8af97a64404be50e63adeb334ec18c1687719b5d362d3406d5308f2582e742c19b4b1c9012f3603a61b701f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d3ceb9a8d3ff8c77c6c634ca0ca0cdfa |
| SHA1 | 4a7c77a90969f0f28c385a3a478b6dbaa6ad8876 |
| SHA256 | 6456359db1795fd4edcd21b56b1efc57ec4a0999633532f5862f645d8db38b48 |
| SHA512 | b7ba378543d4cf44b5f20e4f716a5d3c62fb3a34c8b61703e39cb1d83a3f6632939ddfea912af969a7f157ab79b7b977330a1ad179ae99667dddc10f6b4307fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dd5148a3583a61fed1aaab45cace6781 |
| SHA1 | 7ab881b2978dad81493f4924aac59cee0e6ddcd0 |
| SHA256 | c4ca22e7d71e5be55833fa32f44acbfb23c0a098dc199f898e8f81caa7874e55 |
| SHA512 | dd584e08e5902a5b4b107fc40769eaf598e2862ffa6fac0c384499a49a3f5f5acd9b4227a8edc54a71d960381742b1b885e2c8baeb406e01e60ca8bb774471ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d3de2a818c2352f0e3562f93b93c66ac |
| SHA1 | c9b5eba2f9528a1d024fb3c1620b85716faee5c8 |
| SHA256 | 7b000ac7d10d227ea283800dbbd71c5b2398bb4b78c35eda8635745fe593e9dc |
| SHA512 | 25d3e148717effbe486fd84380b4264fca98833d78f90812b7d2d0d82023761333badfd69e85a9a045b864bb39cb8c37527bac8d600f666332c0a57470376277 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61273b36470cbc3c938803812a1c6311 |
| SHA1 | b56702e848dbd8ac1b0d2c0d24e8ccf0160e592e |
| SHA256 | 5ac23083cb74934d2af16089c9fba6964baab6c31453bda5d6e6894f60dfaf0f |
| SHA512 | d80a78d676483759032ea1cc25227109f8ada8ede67779b4436ba84c0daca58c5af3b7f6977d2c771ba66f66f0e1caa596332c6ef6e98bb63a5d48c8b4ba279f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0f695b1fd30ea06440c15cc9d03dcb96 |
| SHA1 | 4698e20f2b090d03a2ccaed068f2bded38434e69 |
| SHA256 | 5b2d752d480f495838c090b1261396254ce4c0d4a8baff8856d8358ed5d7658e |
| SHA512 | 18838c31f27e21b7cfc160512c9dd23c61d8adc817c181178255664858918c297322869f8a9ce26fd08aab3d9432abb412e277ec117d5f129fa2c098f30f55e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6b1b72e68a15c732415515a47eca20ae |
| SHA1 | 35283f0679f6d9ed24ede998ee2583e4181e6a65 |
| SHA256 | 4df51740e0a436228080d0bfe339be191d2c00f2d43908d5140276ee6e061764 |
| SHA512 | 37e9e1d6b4185f37ba7f07ddad8ddf28e95f51e86deb11f5922b3a7f2a7c8c29fb88e5acb4edd56a989230925685f2e09b7d146a13f1e500e5a4a58f8e68dbce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 49714d7119d98d844a6c1357ec67dee0 |
| SHA1 | 620223c2d679ab74b5f1c38c85ef291a772cbe44 |
| SHA256 | 5360c2ac1ecbb9f4eed8e86e2cea310473e9960a3122f85c60595616a24f4028 |
| SHA512 | 6c854e95011ee2dea79d1c2b52b0905c56ed88e3fbd27340103fa04e69fbed9da35bd7dd3589da2acc8cad52e4ab0b4c7d29f2bdb328ddf54829b396b2c6fd7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | c356a0c771a0209d3482777edfc10768 |
| SHA1 | 1ff2d992af8a6f19c30ecbe8f3591f26fe1cab08 |
| SHA256 | 32381f4549d36fa4583e599adc04056a4da80a6067c6805b7081c3f3f54a27ad |
| SHA512 | 561084baf8d65579ead79e79c2c3920ef987384d52ecc11a2689aff95c54a6b823a0c4a8e5b910e60e569450e36563f53adb5796f261f13bbeea59130b81fe3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | af3899196275dae45500fc7671ba1a97 |
| SHA1 | 8baed8b4951ae14677fa093e56d5540f6d989372 |
| SHA256 | 7413bc9ead0d8ece381038166e278e2554908209d8a084e961fc18eab8ee6c7e |
| SHA512 | 32a8c08b55013ebdc62eb9b1cfcaf54a8ce7ef7ab3dd208a30a3cd1f6281cafc7d667e0c19ffe6dfbea8be5cf53df9509ed0c34337d8bfbad0723aa620542d3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | fd2c40ab6f28f98b083ddd7d14bdced8 |
| SHA1 | 8bd5fd35434b0dc61620e527eb935bc294de9bc8 |
| SHA256 | b8b68b20bab08cd4e19b8b20abd676b5ab0e8d3bf04f61ff5e9d2207e5b292ff |
| SHA512 | 31e8abaca6af52cd0232c1cb552a015106ef0b09c224b49a2dff4fbec5afb5a951163693b5b113fc6803d928a1ec999269f7d7ea997462e22b731ea39f898f61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | a06dcd12ab1eab766d22c22b772435e1 |
| SHA1 | de36891470ceaa364c65e9e31998aa1f1a0d4b03 |
| SHA256 | eccc0756122ada1ed0f4f7df11d6445e980c44de3e6cd961271c821a669623ee |
| SHA512 | 3998d3656f3e4e68a0507b51a6aab8251602dbd439839729eadc55e352c35ad81c1da0bd8cafd82dcf74ede5d7daaee47e1f37dcc6f6b308f5d1e355850f7b29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 8f1f73a6bbe39bdf9491f7672b28db4a |
| SHA1 | 17e1b5e01c6ec0fe14e5091c4bcfebc17c0c0f79 |
| SHA256 | fc0f0e634256ad4acba4e91d7dbe8f18d90b5daa7c5868a5e2115cd45e41c92b |
| SHA512 | ea228c4f2126a188005608488b2d980d36984a06999d8fa5a00ffdf14073e4a00d417518fb1716f664394613bbf1ea70b74ad6d12335d1afaddfab51d42538f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 951ecfe5e2d40c7e7cd54ed7382c9da6 |
| SHA1 | bed76a0adc6d1e6b3fe286deb26da6eee374b2f9 |
| SHA256 | 6244ffd804c37d5916b610177c44a3698d2ea614935affbacc5ec2bc98c8fb2e |
| SHA512 | b98d7cc4b9261042f31535bca35289baa085eae9c19e3fc6cf189c72e2137793b60ba928f9730164407de7d2238a61e8d1342d40201f9a914b5e6aa351484d24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 71c5ddb59ed85460a18c8b0d48b2f7d2 |
| SHA1 | b50e9e2d6e961d91d9e037b3cc89c524f96a2be4 |
| SHA256 | 2729cc146f33bd4de5ea5f43cbbb44c1864aa702c9d57b5bb8ae1ec8537afa05 |
| SHA512 | bc9576372e3b7d0d251db6fd010de03d64754005e0d3e8d8d5eda5f95b6c6bafcea7d1601f838896cd62081b552d492f4e07050f65f89078d9257d2ec11d944d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f66b02fcdd1c6e00040474986292cbd0 |
| SHA1 | 025e119e7e5dc7224c0a357b9c22ceac1b9ace25 |
| SHA256 | 418fa55c3823251f6930014bb8724c47f6a10be8892c9d97adadc61c0ed23e3c |
| SHA512 | 23247bf1eb16f9ab9e2be77e8d62b7027871395d233b7139d9c46d9847a4694d8bd8e370669d16ab49c58329b421309be9e49ccd44656f832215b32233f09a77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3f1402c0a6655d0db91fdd70f3daba6c |
| SHA1 | 4b8e1ba5ca24d6302ebeaadb363443ffc8c8cee3 |
| SHA256 | 4ef26b12ea48328f154d14c552cdd8bd63b4bd567dfb17712581a65a42dc9274 |
| SHA512 | 25c1bd738f9aa001e2ce757b8a02c2ac3a7f85ffbd4a2af4c845d071571097db292ed9b2c5cb796b729182ecc18ebb8ae853c42e0306c15d379f9c4b002bfce9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7509de11f1f1e8d3a4aa9ead786a3aca |
| SHA1 | ad2df15bdf1104b142dda8611be69c07361b75fe |
| SHA256 | fb15574356b8ab3bdf4ae0e2f8c262cd0feb2ba12c0307330479b9bd612d281e |
| SHA512 | 61f46d835c43dc5954379fbcbaf5a76ba0fa6db3b5fb8a5dfb681f9fbea73863dd25457a2e1475f48cf1790c4ccc068d9989e030b22daa25da128be776c42514 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cd0bbd9d26173aae4191c8ceef2e3011 |
| SHA1 | 3df2dfae1558af0414f7d448b262a243f2121a48 |
| SHA256 | ab78ee962298226ffa1c293bede8daae88b4e66a4cbb3f6e2c05d5bc89e61cad |
| SHA512 | e058a883997cba0b23fcd08339904f55c3ffa788cf71c3372bf85062217701930e6b1708e61262da8e954f5fa7b42555ac8c87e56d79b288810268012fdb63aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 65871e36c16b4ec06b2ed19edbb6453e |
| SHA1 | 5e53f4583ee2a7f1078900a8c4ef2365f3f851cd |
| SHA256 | fc998dbf2c0c246489f0518e86875e17e430ec7cad758573bc1f409d5286c5f5 |
| SHA512 | 56fa5c9ef2252dd9adf21d6bc1cb7dc0ba833eb407d755424c5f24ba6e72463db2391657e5c8cef90c179479840737262a50aa673a89899c94b104c6e50697f4 |
C:\Windows\Logs\DISM\dism.log
| MD5 | 283ebb10dbb074b59ec2850ab13e41f1 |
| SHA1 | 27b24b8d1ac5b5b5a1fcfb008e8be2f12b3b17d0 |
| SHA256 | d4c653a5f3245665988ef06501f94ee4ec3162718f55d71e2cb91cb4b08828a7 |
| SHA512 | 2a55b17bf8c9520b7baaea16cde7b37eeead9cf818ae0778286dd494f6e34770ad80652cc1b9e46ae52a5da8032967895759819ad4dc0f9dca4d245556dc22b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8dfd7a20b0c3166991d7c50c3f13e1b1 |
| SHA1 | 17acb699db0841c8260bf3017d817d04babc27ec |
| SHA256 | 6fe4439f12acd0459f8ef55f4afb43cdbb1566ece0ea3bc4c431c665649546ff |
| SHA512 | d994df0bfc3699a0623956f782541a92f7ab7dc3cd85e5649a324ed6d3d27dc1c4fbcfe6f45358678289fd2ada93c6fc046383ffabcbcdb5226a8cd9dd4b3878 |
memory/6232-2690-0x00000000027A0000-0x00000000027D6000-memory.dmp
memory/6232-2691-0x0000000005260000-0x0000000005888000-memory.dmp
memory/6232-2692-0x0000000004FF0000-0x0000000005012000-memory.dmp
memory/6232-2693-0x0000000005A00000-0x0000000005A66000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u1wkbteg.wn0.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/6232-2704-0x0000000005AE0000-0x0000000005E34000-memory.dmp
memory/6232-2706-0x0000000004E40000-0x0000000004E5E000-memory.dmp
memory/6232-2707-0x0000000006160000-0x00000000061AC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fe61ae964c47338238ece30edc026964 |
| SHA1 | d21c1062fe0dae555bfd55b03829f6cc1e9a525b |
| SHA256 | 29138432627ca20c6dd2a0437864d287e18b4cc3cc234a795e52a46bbdb733a3 |
| SHA512 | 481ebc6855fb67167b90dd0de7652a9485000f18fa5653c7b08253dabed9ebca86ee97c757698a4fe3b7e1ba5e4f09174a654a2ab8438f1efad65ca5af263db4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 27e58ed12268a457098a95221133b892 |
| SHA1 | 8ad7052e18b8bba4f0bdc40e1de543f0fd37d726 |
| SHA256 | a0359cafaa5c931dd5dc9cf85a0467453e775d315e9f191fe4c5a69164f27648 |
| SHA512 | db5f4457bcecc5f08be7eefd080b6d2ae31c8e2b4999e13e81fb92813815f6ec3da24ef233d8eca7e00cf6fa29a66e1982b9cbeca685018c6b95d8ed356fb56b |
memory/6232-2743-0x0000000006600000-0x0000000006632000-memory.dmp
memory/6232-2754-0x00000000065E0000-0x00000000065FE000-memory.dmp
memory/6232-2744-0x000000006D060000-0x000000006D0AC000-memory.dmp
memory/6232-2756-0x0000000007360000-0x0000000007403000-memory.dmp
memory/3728-2758-0x000000006D060000-0x000000006D0AC000-memory.dmp
memory/6232-2764-0x0000000007A90000-0x000000000810A000-memory.dmp
memory/6232-2768-0x00000000067A0000-0x00000000067BA000-memory.dmp
memory/6232-2770-0x0000000007460000-0x000000000746A000-memory.dmp
memory/3728-2776-0x0000000007A40000-0x0000000007AD6000-memory.dmp
memory/3728-2781-0x0000000006A50000-0x0000000006A61000-memory.dmp
memory/6232-2785-0x0000000007750000-0x000000000775E000-memory.dmp
memory/6232-2786-0x0000000007790000-0x00000000077AA000-memory.dmp
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | a723044f1c511790dd0ee3a3fa68c4cf |
| SHA1 | 670e6f907c2557c9685ad26c26d6d8fee5139942 |
| SHA256 | 861be3e240b075752d52c7b50c41bf22eab9314db4f11a20362c648198a0f2e4 |
| SHA512 | 0fa7da71864d1abdff83d3aa01597f5902c01899513b0333bcc5d756a15be02b8c5293b55c1d88e556010f53412a7dbd27b57b63b1074565f1f6de8e2952377c |
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | f96c25bb4feee47fe4111660fa0706b3 |
| SHA1 | 284126ce4f80b6bfd6037f6137dee90c941e4eec |
| SHA256 | 9b5d44c60b18b36bcc1cc0e28585ae168d92239beda197d739c3e64edb229867 |
| SHA512 | b4297728f031863ccfb50de52d18f443d6ae893322e2f6b315497e187329275fbf41828867e614b35e9ff60ac6e3e1ae77d876fa8e131336c2d6a1fb6ff7db36 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc
| MD5 | 70058f2d60daef1ccc7bbcba210f0ace |
| SHA1 | ef214ade419a724272ac82e9de5233d7c0afa64b |
| SHA256 | 43b26f40e04ae6854569a01803541245abffcd130f1345191afd8bf6b0ca7873 |
| SHA512 | a0b3ca59ffad882fbff69012023eaa8aadb77d3ff1252562e5480e7dc3c9336afb3c5f58fb435246ec48c758d3c9d17ae9ea8a28f9d4766fad1a4c672cbf9b9a |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf
| MD5 | 93b877811441a5ae311762a7cb6fb1e1 |
| SHA1 | 339e033fd4fbb131c2d9b964354c68cd2cf18bd1 |
| SHA256 | b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b |
| SHA512 | 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
memory/7804-2869-0x000000006D060000-0x000000006D0AC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7174023b93d5f3184302b17b8bb05ef3 |
| SHA1 | d030772457e2be4c5a13098b439717db7bcc6252 |
| SHA256 | d84e5d84c8e9f91ad0d02ecd16bdbf7c881d667f24d7fc44cf7b0d1e08998c3a |
| SHA512 | 6be1e70b218d97e4d5150fbf0dd9548e1d0d8bcd8899ed03aa59cee62487787617f867badb200eb33b989b3c72f1db1932e22555b4a642824db67daf5471ef60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5c542c6cfa1fc68680e9734d81e54e92 |
| SHA1 | a55de5740ee05aeeba601003b39a3b0766caf8b3 |
| SHA256 | b928fbe1a81fa1b74898164de89b029eb3ae74612d35228e44f92b20c281111e |
| SHA512 | cabc4bc7ae444d577a376c39e086041562e79cd13bc5064f6ad16c3482826c4a15a7259cadc156bdd3b3bbc7b169b7e6bef8d55445253afc18235ca273c2a94a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 924023296b380069fcd634980ba3d426 |
| SHA1 | 571901fb70ba30febb96e086a633ec2fdcbcfa59 |
| SHA256 | 25f02fd65c82a9f57d71a7c7ab362e40fb0994cc563c3d26fb42796f32774f3a |
| SHA512 | 5fdf4dbe0dbeb8da1a18cf2debd4fa6bb00788834feaff8fc02630ac60f71a371bcc00432d1a731198fb528fe5f63306772deab0d43c3cb6f03856a25566a5ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9d83d8372341446312ce81a41ec73fe6 |
| SHA1 | 7ae40f016a51db8d60bc60bac6468d0c8c83f0c9 |
| SHA256 | 81ec16ab5cc07209c828cc66fb9b9f1d8672e7264961f123003e539a53ac94bd |
| SHA512 | 45d62cdfcb45bad63d400abfaa3d0783bb8758357ab9922bf7a9d8309f13d30e6e4d3b198774a5de38fdb3d33663f01a98691ed541934bdabfa0cb660b72efac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5085ef585eb553b2e15a4d8f37224589 |
| SHA1 | 5c7ab83273dcc683f3f32ebb6878d0944c361200 |
| SHA256 | 5dbc78ca1acf7a781d55eeaceb00b9ead65a5a44ad619327e31abc15c08af811 |
| SHA512 | f9b5ab4a42c28d719c80bb213a5689e788cc146bbb5296f6e985a78ac646c06944c88ba57525f10bd58a3deb9bbf90e622df7a599158ca8112e50744f9b2ac48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1c4c439d905f2e6d9ce775896555437e |
| SHA1 | 3aa5bdd2efdd1d28f2113133d5294b7357d98b01 |
| SHA256 | a6085c44bbe807b2fd16e9bb215e12bb3d420b07c7950bb1a722d314185f5163 |
| SHA512 | d1fc131acbbc7fd80161826f9a0b8f8ec08c89845c54ae639caa445a1255600a101d01c76c5e7a6513cd0421c288e632f9ed84618b2214256e48e43ad0f46e00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4a942e6a1c984e702c7f4e6b62373523 |
| SHA1 | 4ae2b322a27fcca85b9b8589778f7383d3ac87c9 |
| SHA256 | ff30f04d01ad4fae02ec876c9e593a6e0283096ba81253823fe85405a40389bf |
| SHA512 | 2b38d400816ada31c5b0156249139dddb853036338e378426cc966166eb24bc50b71b49b533b0947ce2cc0ff523ae2da8110d24d71c0d731d162bfebe40c4d6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 69417a03550f0724a0f110d7fd380b29 |
| SHA1 | 63668f71b37b55fe06a7a5e9ad234426c6e16be7 |
| SHA256 | d2195ddeacec08fc55ccb048db03053f36c2d1536c57b0603f88c4c16f54e72a |
| SHA512 | e67fa612cfbc4a443b02cc5c4da7024f21851b68818ac35e55924af609b36b4b83a48d35b7c1caceabf1ab54307b0d00e4e7b9eb97540a74cac554e601fa6b1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9dddf95d4c460ab89fd9d71131f3d495 |
| SHA1 | 511cf105f1f5e9ee0ab98c5eb78fd0aaf2342b6a |
| SHA256 | 24589a79930121a5607436cffc767567c0f2ba4a202b3cb89d0710348a322b45 |
| SHA512 | 7703c7caede21b051e10655624abe01d2824fbb0371c9927ad16e3e60fbd8fb35cf7445d332049e92aa846385b0864710572d31467b180b748b3bb14bf7a0874 |