Analysis Overview
Threat Level: Likely malicious
The file http://delta-executor.com was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Creates new service(s)
Downloads MZ/PE file
Manipulates Digital Signatures
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Executes dropped EXE
Modifies file permissions
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Drops file in Windows directory
Launches sc.exe
Drops file in Program Files directory
Enumerates physical storage devices
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Kills process with taskkill
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Runs net.exe
Modifies Internet Explorer settings
Suspicious behavior: LoadsDriver
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious behavior: MapViewOfSection
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-02 14:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-02 14:11
Reported
2024-07-02 14:17
Platform
win10-20240404-en
Max time kernel
303s
Max time network
304s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.4\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverCleanupPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\2.5.29.32\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLREMOVESIGNEDDATAMSG\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\FuncName = "WVTAsn1SpcSigInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainFinalProv" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libeay32.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5PrintSupport.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\capi.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-string-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetLwfInstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDD.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSVGA3D.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5Gui.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSampleDevice.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\concrt140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\comregister.cmd | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxNetDHCP.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDbg.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDTrace.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxHostChannel.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-string-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\ucrtbase.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxEFI64.fd | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\padlock.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\dpinst_64.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libcrypto-1_1-x64.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ldutils.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-timezone-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-environment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-sysinfo-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_V2_utils.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBInstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxRT.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES12Translator.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxVMM.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9VirtualBox.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp100.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\regsvr32_x86.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstPDMAsyncCompletion.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxGuestPropSvc.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-processthreads-l1-1-1.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_CM.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\bldRTLdrCheckImports.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-debug-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-utility-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxProxyStub.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-util-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libOpenglRender.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstInt.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SUPInstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-synch-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-libraryloader-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetFltUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\vbox-img.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644031235658480" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\ = "IKeyboardLedsChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AE84-4B8E-B0F3-5C20C35CAAC9}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-a227-4f23-8278-2f675eea1bb2} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}\ = "IGuestFileIOEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0547-448E-BC7C-94E9E173BF57}\NumMethods\ = "43" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-26f1-4edb-8dd2-6bddd0912368} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-b5bb-4316-a900-5eb28d3413df} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-762e-4120-871c-a2014234a607} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-604D-11E9-92D3-53CB473DB9FB} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\ = "IGuestSessionRegisteredEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B4A4-44CE-85A8-127AC5EB59DC}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\ = "IExtPackManager" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2FD3-47E2-A5DC-2C2431D833CC}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-800A-40F8-87A6-170D02249A55}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\ = "VirtualBox Type Library" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4430-499f-92c8-8bed814a567a} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\Ld9BoxSVC.exe\ | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}\ = "IGuestFsObjInfo" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E5DB-4D2C-BAAA-C71053A6236D} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\0\win32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2D12-4D7C-BA6D-CE51D0D5B265}\NumMethods\ = "16" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4BA3-7903-2AA4-43988BA11554} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\VersionIndependentProgID | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\ = "IForm" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4022-DC80-5535-6FB116815604}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8384-11E9-921D-8B984E28A686}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44A0-A470-BA20-27890B96DBA9}\NumMethods\ = "32" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2E88-4436-83D7-50F3E64D0503} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\VersionIndependentProgID | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E254-4E5B-A1F2-011CF991C38D} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\ = "Session Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4a9e-43f4-b7a7-54bd285e22f4} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7BA7-45A8-B26D-C91AE3754E37}\ = "IAudioAdapter" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-73a5-46cc-8227-93fe57d006a6} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457b-99fc-bc52c851a44f} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3EE4-11E9-B872-CB9447AAD965} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\ = "IFormValue" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4430-499F-92C8-8BED814A567A} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\NumMethods\ = "30" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9849-4F47-813E-24A75DC85615}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6FA-430E-6020-6A505D086387}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E87-11E9-8AF2-576E84223953} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7}\NumMethods\ = "40" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\CLSID | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\NumMethods\ = "17" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\NumMethods\ = "16" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://delta-executor.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb73989758,0x7ffb73989768,0x7ffb73989778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2620 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2640 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4748 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4908 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5116 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5136 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5944 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6212 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6404 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6528 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6480 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6628 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6668 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6908 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6920 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5508 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5440 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7068 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6096 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7408 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7548 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5856 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6968 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8004 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8100 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7312 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8288 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8500 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8512 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8504 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8636 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8980 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7404 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8004 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7424 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8808 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9572 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8468 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8788 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7344 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8216 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9708 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9716 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7812 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8016 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4580 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7732 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=2296 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7760 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7520 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=4940 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7904 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=5660 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=4952 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=4376 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=872 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=4640 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=4584 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=6016 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=4448 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=7508 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=3576 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=4760 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=6152 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=7876 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=6360 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=692 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7604 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1001 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=524902
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=6856 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=7872 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=6404 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=7112 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | delta-executor.com | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 104.21.26.58:80 | delta-executor.com | tcp |
| US | 104.21.26.58:80 | delta-executor.com | tcp |
| US | 104.21.26.58:443 | delta-executor.com | tcp |
| US | 104.21.26.58:443 | delta-executor.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | magictag.digislots.in | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | 58.26.21.104.in-addr.arpa | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| GB | 185.77.97.219:443 | magictag.digislots.in | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 143.244.38.136:443 | images.dmca.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | generat-script.digislots.in | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 154.41.250.177:443 | generat-script.digislots.in | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 7bbd2ebea5941f4a30eb9f0e72c3fabe.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | 7bbd2ebea5941f4a30eb9f0e72c3fabe.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.250.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 922a387265dc8893f2e49b984882e397.safeframe.googlesyndication.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 154.41.250.177:443 | generat-script.digislots.in | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 541dac7add3ac081f005c80b3a59a046.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | servedby.flashtalking.com | udp |
| BE | 104.68.68.28:443 | servedby.flashtalking.com | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s.cdnsynd.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| IE | 54.72.128.117:443 | s.cdnsynd.com | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| US | 8.8.8.8:53 | sync.teads.tv | udp |
| US | 8.8.8.8:53 | gtrace.mediago.io | udp |
| US | 8.8.8.8:53 | reports.magicbid.ai | udp |
| GB | 172.217.16.226:443 | googleads4.g.doubleclick.net | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 64.202.112.63:443 | b1sync.zemanta.com | tcp |
| JP | 211.120.53.203:443 | tg.socdm.com | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| IN | 217.21.82.103:443 | reports.magicbid.ai | tcp |
| US | 8.8.8.8:53 | gcm.ctnsnet.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | analytics.pangle-ads.com | udp |
| NL | 23.53.245.94:443 | sync.teads.tv | tcp |
| NL | 23.53.245.94:443 | sync.teads.tv | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 35.186.193.173:443 | gcm.ctnsnet.com | tcp |
| NL | 23.53.245.94:443 | sync.teads.tv | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | tcp |
| US | 151.101.130.49:443 | sync-tm.everesttech.net | tcp |
| US | 23.213.158.79:443 | analytics.pangle-ads.com | tcp |
| JP | 211.120.53.203:443 | tg.socdm.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajs-assets.ftstatic.com | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.68.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.128.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.74.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.168.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.245.53.23.in-addr.arpa | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 23.213.158.79:443 | analytics.pangle-ads.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 34.98.64.218:443 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | r.turn.com | udp |
| NL | 23.62.61.136:443 | ajs-assets.ftstatic.com | tcp |
| NL | 23.62.61.136:443 | ajs-assets.ftstatic.com | tcp |
| US | 8.8.8.8:53 | agen-assets.ftstatic.com | udp |
| GB | 13.224.245.81:443 | agen-assets.ftstatic.com | tcp |
| US | 8.8.8.8:53 | 173.193.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.112.202.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.82.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.158.213.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.53.120.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.245.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d9.flashtalking.com | udp |
| US | 8.8.8.8:53 | cdn.flashtalking.com | udp |
| US | 8.8.8.8:53 | js.ad-score.com | udp |
| IE | 52.17.200.81:443 | d9.flashtalking.com | tcp |
| BE | 104.90.24.47:443 | cdn.flashtalking.com | tcp |
| BE | 104.90.24.47:443 | cdn.flashtalking.com | tcp |
| BE | 104.90.24.47:443 | cdn.flashtalking.com | tcp |
| GB | 216.137.44.57:443 | js.ad-score.com | tcp |
| US | 8.8.8.8:53 | ad-events.flashtalking.com | udp |
| US | 8.8.8.8:53 | stat.flashtalking.com | udp |
| BE | 104.90.24.47:443 | stat.flashtalking.com | tcp |
| US | 8.8.8.8:53 | data.ad-score.com | udp |
| GB | 3.11.159.224:443 | ad-events.flashtalking.com | tcp |
| US | 8.8.8.8:53 | code.createjs.com | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| GB | 2.20.12.68:443 | code.createjs.com | tcp |
| US | 8.8.8.8:53 | 81.200.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.24.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.159.11.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.115.211.130.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | secure.flashtalking.com | udp |
| BE | 104.90.24.47:443 | secure.flashtalking.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| GB | 79.133.176.166:443 | www.ldplayer.net | tcp |
| GB | 79.133.176.166:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | udp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.154.181.163.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| US | 8.8.8.8:53 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| GB | 99.86.114.124:443 | apien.ldplayer.net | tcp |
| GB | 99.86.114.124:443 | apien.ldplayer.net | tcp |
| GB | 99.86.114.124:443 | apien.ldplayer.net | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 22.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 99.86.114.124:443 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | 49.4.236.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 216.58.201.98:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | 49.30.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| GB | 216.137.44.59:443 | tagan.adlightning.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 8.8.8.8:53 | rtb.adxpremium.services | udp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| US | 172.64.153.78:443 | mp.4dex.io | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| DK | 37.157.6.237:443 | adx.adform.net | tcp |
| NL | 81.17.55.161:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| DK | 37.157.2.230:443 | cm.adform.net | tcp |
| ES | 3.160.231.79:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| BE | 23.60.223.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| FR | 149.202.238.100:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 54.229.28.67:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | 59.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.140.106.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.154.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.231.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| BE | 104.90.26.20:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 58.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.223.60.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| US | 8.8.8.8:53 | f98319599bac88015fe4944b85cfb148.safeframe.googlesyndication.com | udp |
| NL | 63.215.202.178:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| IE | 52.95.118.179:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | u.4dex.io | udp |
| IE | 52.95.118.179:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| IE | 52.213.253.239:443 | match.prod.bidr.io | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| IE | 54.171.22.149:443 | pr-bh.ybp.yahoo.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | 67.28.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.26.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.118.95.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.40.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.253.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.143.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 54.217.83.233:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | node.setupad.com | udp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| IE | 99.81.85.68:443 | ce.lijit.com | tcp |
| US | 172.64.146.152:443 | capi.connatix.com | tcp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 52.87.131.177:443 | sync.ipredictive.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| DE | 3.65.142.90:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| US | 8.8.8.8:53 | 149.22.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.83.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.25.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.85.81.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.131.87.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.142.65.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 104.22.51.98:443 | spl.zeotap.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | rtr.innovid.com | udp |
| US | 8.8.8.8:53 | d.turn.com | udp |
| GB | 18.171.66.197:443 | rtr.innovid.com | tcp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 142.250.200.59:443 | storage.googleapis.com | tcp |
| GB | 142.250.200.59:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| NL | 81.17.55.123:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | s-static.innovid.com | udp |
| IE | 52.48.239.33:443 | rtb.gumgum.com | tcp |
| NL | 23.53.113.13:443 | s-static.innovid.com | tcp |
| US | 8.8.8.8:53 | 122.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.51.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.66.171.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.239.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adxbid.info | udp |
| US | 8.8.8.8:53 | setupad-d.openx.net | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 104.21.48.215:443 | adxbid.info | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | openx2-match.dotomi.com | udp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 52.86.229.235:443 | sync.srv.stackadapt.com | tcp |
| NL | 63.215.202.137:443 | openx2-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | s.innovid.com | udp |
| NL | 23.53.113.13:443 | s-static.innovid.com | tcp |
| US | 8.8.8.8:53 | se.semasio.net | udp |
| DK | 77.243.51.122:443 | se.semasio.net | tcp |
| GB | 13.42.161.9:443 | s.innovid.com | tcp |
| GB | 13.42.161.9:443 | s.innovid.com | tcp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | pixel.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | tpt.dotomi.com | udp |
| US | 8.8.8.8:53 | ag.innovid.com | udp |
| NL | 63.215.202.172:443 | tpt.dotomi.com | tcp |
| IE | 54.217.197.99:443 | pixel.adsafeprotected.com | tcp |
| GB | 35.178.138.61:443 | ag.innovid.com | tcp |
| GB | 35.178.138.61:443 | ag.innovid.com | tcp |
| GB | 35.178.138.61:443 | ag.innovid.com | tcp |
| GB | 35.178.138.61:443 | ag.innovid.com | tcp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | 215.48.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.161.42.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.197.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.138.178.35.in-addr.arpa | udp |
| GB | 52.84.90.96:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | 118.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | equativ-match.dotomi.com | udp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | dsp.nrich.ai | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| FR | 51.255.68.171:443 | dsp.nrich.ai | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| US | 52.0.105.56:443 | dt.adsafeprotected.com | tcp |
| US | 52.0.105.56:443 | dt.adsafeprotected.com | tcp |
| US | 52.0.105.56:443 | dt.adsafeprotected.com | tcp |
| US | 52.0.105.56:443 | dt.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | ads.betweendigital.com | udp |
| IE | 52.19.8.149:443 | ap.lijit.com | tcp |
| NL | 188.42.189.231:443 | ads.betweendigital.com | tcp |
| US | 8.8.8.8:53 | d19mtdoi3rn3ox.cloudfront.net | udp |
| GB | 18.245.158.163:443 | d19mtdoi3rn3ox.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 96.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.68.255.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.105.0.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.8.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.189.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.158.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pb-am.a-mo.net | udp |
| US | 8.8.8.8:53 | as.ck-ie.com | udp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| NL | 147.75.84.158:443 | pb-am.a-mo.net | tcp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| GB | 195.181.164.19:443 | vid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | user-sync.adxpremium.services | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| US | 8.8.8.8:53 | vpaid.vidoomy.com | udp |
| GB | 195.181.164.21:443 | vpaid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | 113.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.201.192.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| NL | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| GB | 216.137.34.91:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | a.vidoomy.com | udp |
| NL | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| ES | 212.36.83.246:443 | a.vidoomy.com | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| GB | 216.137.34.91:443 | d1arl2thrafelv.cloudfront.net | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | sonata-notifications.taptapnetworks.com | udp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| DE | 3.124.241.63:443 | sonata-notifications.taptapnetworks.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 234.112.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.34.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.83.36.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| NL | 89.207.16.137:443 | pubmatic-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | idsync.frontend.weborama.fr | udp |
| US | 34.111.131.239:443 | idsync.frontend.weborama.fr | tcp |
| NL | 46.228.164.11:443 | r.turn.com | tcp |
| US | 8.8.8.8:53 | match.adsby.bidtheatre.com | udp |
| NL | 188.166.17.21:443 | match.adsby.bidtheatre.com | tcp |
| US | 8.8.8.8:53 | 8proof.com | udp |
| US | 52.116.53.150:443 | 8proof.com | tcp |
| US | 8.8.8.8:53 | 63.241.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.131.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.17.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | 150.53.116.52.in-addr.arpa | udp |
| GB | 18.172.153.10:443 | encdn.ldmnq.com | tcp |
| US | 52.86.229.235:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | 10.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| IE | 52.213.253.239:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| NL | 35.214.187.242:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| US | 8.8.8.8:53 | ipac.ctnsnet.com | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | pixel.onaudience.com | udp |
| SE | 213.155.156.168:443 | d5p.de17a.com | tcp |
| FR | 54.38.113.7:443 | pixel.onaudience.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | 6.163.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.156.155.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.113.38.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.187.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| DE | 18.184.216.10:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | 10.216.184.18.in-addr.arpa | udp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 8.8.8.8:53 | c25ee319eae1a37a11d75060cfb3ab33.safeframe.googlesyndication.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | dsp.adkernel.com | udp |
| US | 8.8.8.8:53 | a.rfihub.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 174.137.133.49:443 | dsp.adkernel.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| GB | 108.156.39.126:443 | s.ad.smaato.net | tcp |
| NL | 193.0.160.130:443 | a.rfihub.com | tcp |
| US | 8.8.8.8:53 | partners.tremorhub.com | udp |
| US | 107.22.6.159:443 | partners.tremorhub.com | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| GB | 172.217.16.226:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 1f2e7.v.fwmrm.net | udp |
| NL | 193.0.160.130:443 | a.rfihub.com | tcp |
| GB | 18.134.84.17:443 | 1f2e7.v.fwmrm.net | tcp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | cdn.somplo.com | udp |
| US | 8.8.8.8:53 | video.somplo.com | udp |
| US | 8.8.8.8:53 | adserve.somplo.com | udp |
| GB | 93.123.11.62:443 | adserve.somplo.com | tcp |
| NL | 93.123.17.254:443 | video.somplo.com | tcp |
| GB | 93.123.11.62:443 | adserve.somplo.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.133.137.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.6.22.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.84.134.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.11.123.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.17.123.93.in-addr.arpa | udp |
| GB | 93.123.11.62:443 | adserve.somplo.com | tcp |
| US | 8.8.8.8:53 | pixel.somplo.com | udp |
| US | 8.8.8.8:53 | vast.somplo.com | udp |
| US | 8.8.8.8:53 | serve.somplo.com | udp |
| IE | 52.16.110.70:443 | serve.somplo.com | tcp |
| US | 8.8.8.8:53 | 70.110.16.52.in-addr.arpa | udp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 228.98.240.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 146.48.219.8.in-addr.arpa | udp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | d8fd0f706d83eb155b824b9a90b950c0.safeframe.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| US | 52.86.229.235:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| IE | 54.216.115.77:443 | pm.w55c.net | tcp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| IE | 34.252.172.206:443 | ads.yieldmo.com | tcp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| GB | 93.123.11.62:443 | vast.somplo.com | tcp |
| GB | 93.123.11.62:443 | vast.somplo.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.172.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.115.216.54.in-addr.arpa | udp |
| GB | 93.123.11.62:443 | vast.somplo.com | tcp |
| GB | 93.123.11.62:443 | vast.somplo.com | tcp |
| US | 104.21.26.58:443 | delta-executor.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | generat-script.digislots.in | udp |
| US | 154.62.106.236:443 | generat-script.digislots.in | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 236.106.62.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fcaf29bcbd08d8d6eea903d2f8be22f7.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 6ed952c187e1a5b77d3acc9026917562.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | dclk-match.dotomi.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.cdnsynd.com | udp |
| IE | 34.247.37.212:443 | s.cdnsynd.com | tcp |
| US | 8.8.8.8:53 | ads.travelaudience.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 35.190.0.66:443 | ads.travelaudience.com | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| NL | 89.207.16.140:443 | dclk-match.dotomi.com | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| US | 8.8.8.8:53 | 212.37.247.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | admd.ink | udp |
| US | 104.22.10.122:443 | admd.ink | tcp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 8.8.8.8:53 | tag.spxl.ink | udp |
| US | 172.67.68.122:443 | tag.spxl.ink | tcp |
| US | 172.67.68.122:443 | tag.spxl.ink | tcp |
| US | 8.8.8.8:53 | 66.0.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.10.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.68.67.172.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | magictag.digislots.in | udp |
| NL | 154.41.249.147:443 | magictag.digislots.in | udp |
| US | 8.8.8.8:53 | 147.249.41.154.in-addr.arpa | udp |
| US | 154.62.106.236:443 | generat-script.digislots.in | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | c960afb9bad24d1111f9df2b7a1d1793.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| DE | 216.58.206.35:443 | csi.gstatic.com | tcp |
| DE | 216.58.206.35:443 | csi.gstatic.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| DE | 216.58.206.35:443 | csi.gstatic.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 35.206.58.216.in-addr.arpa | udp |
| US | 104.18.24.173:443 | s.tribalfusion.com | udp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| GB | 172.217.16.226:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 86076d3273be5edf2dc253b4a22bebf9.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c64.gcp.gvt2.com | udp |
| US | 34.162.18.59:443 | e2c64.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 59.18.162.34.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | ad72a1cdef968e195cd120faccb3db38.safeframe.googlesyndication.com | udp |
| GB | 172.217.16.226:443 | ade.googlesyndication.com | udp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| NL | 89.149.193.117:443 | ssbsync.smartadserver.com | tcp |
| NL | 154.41.249.147:443 | magictag.digislots.in | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | generat-script.digislots.in | udp |
| SG | 77.37.48.80:443 | generat-script.digislots.in | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | f7757aaff868c70263b0aba6787cd0bb.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 117.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.48.37.77.in-addr.arpa | udp |
| SG | 77.37.48.80:443 | generat-script.digislots.in | udp |
| SG | 77.37.48.80:443 | generat-script.digislots.in | tcp |
| SG | 77.37.48.80:443 | generat-script.digislots.in | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | fcd53e2fd0e81e5683ac5d4e5fadc9c5.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cb40332054437160ca650e234c657c6f.safeframe.googlesyndication.com | udp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | cdn.somplo.com | udp |
| US | 8.8.8.8:53 | video.somplo.com | udp |
| US | 8.8.8.8:53 | adserve.somplo.com | udp |
| NL | 93.123.17.254:443 | adserve.somplo.com | tcp |
| NL | 93.123.17.254:443 | adserve.somplo.com | tcp |
| NL | 93.123.17.254:443 | adserve.somplo.com | tcp |
| NL | 93.123.17.254:443 | adserve.somplo.com | tcp |
| US | 8.8.8.8:53 | pcapp.store | udp |
| US | 167.99.235.203:443 | pcapp.store | tcp |
| US | 167.99.235.203:443 | pcapp.store | tcp |
| US | 8.8.8.8:53 | repository.pcapp.store | udp |
| GB | 195.181.164.20:443 | repository.pcapp.store | tcp |
| GB | 195.181.164.20:443 | repository.pcapp.store | tcp |
| GB | 195.181.164.20:443 | repository.pcapp.store | tcp |
| GB | 195.181.164.20:443 | repository.pcapp.store | tcp |
| GB | 195.181.164.20:443 | repository.pcapp.store | tcp |
| GB | 195.181.164.20:443 | repository.pcapp.store | tcp |
| US | 8.8.8.8:53 | 203.235.99.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.164.181.195.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 6ec24631fe5ebafc2cac6853d11e7956.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ebb833d8998a0c6cbbf047ab6c3957b0.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 20849579p.rfihub.com | udp |
| NL | 193.0.160.130:443 | 20849579p.rfihub.com | tcp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 216.58.213.3:443 | beacons.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | rr5---sn-aigl6nsd.googlevideo.com | udp |
| GB | 74.125.105.42:443 | rr5---sn-aigl6nsd.googlevideo.com | tcp |
| GB | 74.125.105.42:443 | rr5---sn-aigl6nsd.googlevideo.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| GB | 74.125.105.42:443 | rr5---sn-aigl6nsd.googlevideo.com | udp |
| US | 8.8.8.8:53 | 42.105.125.74.in-addr.arpa | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 104.21.26.58:443 | delta-executor.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 3028b0fc0ce4e2cb4ba42ce9c7d25ce1.safeframe.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| FR | 52.222.161.177:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 177.161.222.52.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 216.239.34.178:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 216.58.213.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.16.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 246.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | magictag.digislots.in | udp |
| US | 104.21.26.58:443 | delta-executor.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 191.96.144.129:443 | magictag.digislots.in | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 129.144.96.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | generat-script.digislots.in | udp |
| NL | 154.62.105.152:443 | generat-script.digislots.in | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 90911d5e45b478dd44afde1c7d5db6ba.safeframe.googlesyndication.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 152.105.62.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | f07cbf2c7f756aabd31a8aa2883486b1.safeframe.googlesyndication.com | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | udp |
| GB | 172.217.16.226:443 | ade.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | 20.3.157.37.in-addr.arpa | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | dclk-match.dotomi.com | udp |
| US | 104.18.24.173:443 | s.tribalfusion.com | udp |
| NL | 63.215.202.169:443 | dclk-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | 169.202.215.63.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| DE | 216.58.206.35:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| NL | 89.149.193.101:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | r1---sn-aigl6nsr.gvt1.com | udp |
| GB | 74.125.105.134:443 | r1---sn-aigl6nsr.gvt1.com | udp |
| US | 8.8.8.8:53 | r3---sn-5hnekn7s.gvt1.com | udp |
| NL | 74.125.100.40:443 | r3---sn-5hnekn7s.gvt1.com | udp |
| US | 8.8.8.8:53 | 101.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.105.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | 2.224.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dn720309.ca.archive.org | udp |
| US | 64.71.129.166:443 | dn720309.ca.archive.org | tcp |
| US | 216.239.34.178:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 166.129.71.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 49.4.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 79.133.176.222:443 | en.ldplayer.net | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.176.133.79.in-addr.arpa | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | advertise.ldplayer.net | udp |
| GB | 163.181.154.182:443 | advertise.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 182.154.181.163.in-addr.arpa | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| FR | 13.249.9.21:443 | encdn.ldmnq.com | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 21.9.249.13.in-addr.arpa | udp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.182:443 | advertise.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| FR | 13.249.9.21:443 | encdn.ldmnq.com | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| FR | 3.162.38.96:80 | apien.ldmnq.com | tcp |
| FR | 3.162.38.96:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 96.38.162.3.in-addr.arpa | udp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| FR | 3.162.38.96:443 | apien.ldmnq.com | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
Files
\??\pipe\crashpad_3320_CPUCURRNQGDQTBNQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | 1721006aa7e52dafddd68998f1ca9ac0 |
| SHA1 | 884e3081a1227cd1ed4ec63fb0a98bec572165ba |
| SHA256 | c16e012546b3d1ef206a1ecbbb7bf8b5dfd0c13cfeb3bdc8af8c11eaa9da8b84 |
| SHA512 | ff7bfd489dc8c5001eea8f823e5ec7abf134e8ad52ee9544a8f4c20800cb67a724ec157ca8f4c434a94262a8e07c3452b6ad994510b2b9118c78e2f53d75a493 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | bb30ea3b46964f49ba85f475efd1fb6f |
| SHA1 | 1bb4aae7781af8b933e1dd4dee56879a3ef92d38 |
| SHA256 | 7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6 |
| SHA512 | bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2355a614575c9467ed0801b5e5773631 |
| SHA1 | bf5ccbca08f1f98932bf2a7290cbf2861aff83dc |
| SHA256 | f07d39c2be38fe07bfec9aad84b298bfcd3f31bc28b639a82e106fc035da2cf8 |
| SHA512 | 30e873dad9df165eb25d1241288cc47d4d07e4b6ba16d9cc2e343ee1bad70d4fd053f577c22865e3b20ed8944e1dc4bff2b734151f3858e4774f4bb08e09b8f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\412fe55f-4ba2-484b-b506-b54ee900d1f7.tmp
| MD5 | 53ec14a492412851cbf8873954a1bfb1 |
| SHA1 | f43e5b25e2f1a91c9e24328c4605ff2240f16087 |
| SHA256 | d8568702c0fced3f47e7006f999dcb5d61ce616a41f9eb18bcdf4ec4692e6fbd |
| SHA512 | 485f14d8d7f3e09005eeeaa13e9e9485aed1c8105b39dc869699991822ae42fdfedb28d09aa4122d61e14b21cf3ac31d2403a162ca56317e1b1d580ca916c54a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c4ff5b085a72f07911ae8e273ad88f1e |
| SHA1 | bbb8a28148c1359c116942984b690735f7e9a07c |
| SHA256 | 76a03661afe006b565c1d2f5554a2a50f5e116971e17ad23fcbead86d848f33a |
| SHA512 | 68c8b67e4d61e22df8f248f4a698e3afa52ccc27948ade8cb3537d0f998d078fb9f9ca977c5e2702c68170951026382d814e5bcafea0e6316bd42ffe44fc20e3 |
C:\Users\Admin\Downloads\Unconfirmed 687141.crdownload
| MD5 | 86fca06e090f8017dd323ccc516a7ed9 |
| SHA1 | 720fd4f4d0ac09308d19d229c8fbfde71313ce7d |
| SHA256 | 5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874 |
| SHA512 | 05f6ea47c48a2da3304a2d14a741403200ccf47e1f1b7155a2eba3fe694e4f42b8a327010fbc20b720ba06e4f84ee96b39d885989ae7cd20cc459261cd02b34b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 911aa29349176814c000b843daed6014 |
| SHA1 | ef0bac871364652d7d35ed7aee6fbf904f003fde |
| SHA256 | 42bd93c02e547d6e07c3b4d580929268f5d56dd314bb9e8c01b75122956f3926 |
| SHA512 | 7025779e045fe6d46f7bfccd1cf6a1e5578ede63c2f46ba98972cf1500aaf8fe31e905e75aba3698c074a6deb9c91c56669cecc205ad23cd8c30c0d1755e3308 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2c924fe5f93631262fe9aa754c2096d2 |
| SHA1 | 36db4d525424065b2f449cd7a5cf25942db77a1e |
| SHA256 | c96f80675ab425700eec5051c05681d594421151401eda72d8e67b9f9a6dd9a6 |
| SHA512 | de688fc745e7c065ef47ddda8af6193a5516cc7360eb110f704a8dea04078b6352ae71880f559473c8cb5d5f83f2cbf57b593c7b643c45696af76a5ae79373f3 |
\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | d9cb0b4a66458d85470ccf9b3575c0e7 |
| SHA1 | 1572092be5489725cffbabe2f59eba094ee1d8a1 |
| SHA256 | 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05 |
| SHA512 | 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6 |
memory/5632-634-0x0000000072880000-0x0000000072896000-memory.dmp
memory/5632-639-0x0000000007F60000-0x0000000007FF2000-memory.dmp
memory/5632-638-0x0000000008360000-0x000000000885E000-memory.dmp
memory/5632-633-0x0000000005A10000-0x0000000005A26000-memory.dmp
memory/5632-637-0x00000000720AE000-0x00000000720AF000-memory.dmp
memory/5632-636-0x0000000005560000-0x0000000005570000-memory.dmp
memory/5632-656-0x0000000009340000-0x0000000009384000-memory.dmp
memory/5632-657-0x0000000009420000-0x00000000094BC000-memory.dmp
memory/5632-658-0x00000000094C0000-0x0000000009526000-memory.dmp
memory/5632-659-0x0000000009A60000-0x0000000009F8C000-memory.dmp
memory/5632-667-0x0000000009F90000-0x0000000009F9A000-memory.dmp
memory/5632-668-0x00000000720A0000-0x000000007278E000-memory.dmp
memory/5632-669-0x00000000720A0000-0x000000007278E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 832f4bc3f3d7cca09122e4597a49835f |
| SHA1 | 43375f63f2659af5ca01694d2b1dacea239d2087 |
| SHA256 | b8e476e691c31099834c8feeb0cfd79fef7920e62d799abe90c1c12076daa294 |
| SHA512 | 6432a178e4b0bd141b9395d0bfa4fe2ea50771b5e1af42af48c47f2c59768c1074fc7bb2aedba6187e5d85be3c0651dd0742e347ac551ad9e9eee83de724f38f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1438c8384a54038729d736d7f39213d2 |
| SHA1 | 2e83c5f2327c170c71501cc1f7ec526379721aa0 |
| SHA256 | 28b48f400e04d15015ed7540d4195fda14b83d0324e37f6d038f28e1fecdf5c6 |
| SHA512 | 3d23affb080fcc0738236dd6704f4f788966e1b20cde74bd795b4a95636ab78ada477a3b29ffa6fa3e73be576d50ea93f7f0e97a142a6828f256240084416b4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | dbb40b2c965f03fa87873608eb87b1c3 |
| SHA1 | 7345f95484abd6ffd48f197feb0813a3d5282492 |
| SHA256 | 0e8326d2fcc20ae1c5266ee3b970168b378ea9b1023c0ae608a38b4bdeed3838 |
| SHA512 | aa17505e2cc7a8f8cd659485f48d8b338e06a86a06a3bca177fc4a60af0f5405fb31cb9e1be3d26acd1c12cfbd0cf90a1ab118fcba0f48ccd344f47a0aa9e248 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e84d.TMP
| MD5 | 9d4f33a2a95cab5daa5cb1d24f6dc1af |
| SHA1 | a0a5d5696c5abde55a5633e29514fafeb58fb592 |
| SHA256 | e5b5e66a0572b8a26df3e453320487c28c7aac9e1fbc3c5424a01f885981ce76 |
| SHA512 | 6b722901aa7d8476b9b4fa2049a9be8f4781d8ca6b142405c9ef9a393228efd0c3c449a54410350def5ae382b3603e671b072dc76e996e1af1d7b445bb167ed5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | 5bb495aae622eb3a61a964ea58321cb7 |
| SHA1 | ceac178b3f78d3b98e0a7ccadb4cecf8a20b18c6 |
| SHA256 | 2c9a2e7e1a599d23aa2ee540c8a27fed7a82e4e09666017534ad50b4782d17be |
| SHA512 | 4f9c64863874d2f7880953c530133104e64bc08e54d9226db486fe082ab6549fb7a9e35bd970a94b810f75f0c5d1dcd7b7480d976f3177611e9942cda5e4839f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 27e0b0d117c9b50b2dd782e77926c41a |
| SHA1 | f6b69d3570bca5026ce8fd3670224d4f10a5d833 |
| SHA256 | f7fa3985fcc91607f1afd125a17333779a8c3e2fbae3a243b1238bba4c63548d |
| SHA512 | 632371a460db88e640f90e543bc83b3163ca3d23c474b5ebd6ede20949869886727129538d213a33549d70cafec5ff64256c743f7f87bb140ccc19da03eec002 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 7c305bc6e39eb705f700ffb370acfc79 |
| SHA1 | 2831142bcf8f869da859a896e2bcc0e2225efc72 |
| SHA256 | 879e862bd44f2364abde0b7b832b98fc4e24ac3f1e10f66eeaa26ae1b22cd7df |
| SHA512 | c582a07adaace283059938f61b3e888b436747a0174371f0df90a67e8af5b23f8fe09a48e43eb22dea65017a2b169af6f9e3e3a1f974a8fd6dfb0c10a2c0d977 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | bb1c6e28ed64c69d6cf907f0608bbf5d |
| SHA1 | bebe174c89628c769605e1369f0e88bdb67176c3 |
| SHA256 | a91341fbc17deff024cef4aa1d952adbd4a636dbcaac722dcb8077f06b7b8af5 |
| SHA512 | 1b61fc33cc40f656bf93f7d3295a1732784e1b2dd457de359ecc3940f05305420e85680b71c28b8072b45032578c0a8c64b68c4f34bfee9a1276daa3a2202009 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 3d11d0edfb0949c48b5e9a907bca7460 |
| SHA1 | 658fb44f9f6a90c06693b394f294fc3d71516bd0 |
| SHA256 | 445b7fb90df96c83ab007223d7069c8b26f5b058b030a6ef393875501072d0b3 |
| SHA512 | 0ecd028da0f7cbdbf164d5efcedf1033320eabb49a15ac49f8a8df29cd9ee0358f879738d4b63482023e7dd35629ac0be2b48714635387fe0f0d427c45b61d41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 28ea3db64ea9cd33c14140ccccd8001a |
| SHA1 | fd0688137786e9d6951b3e9ad896df75b6fb5f0b |
| SHA256 | 188fb0e06afbdcdb39bddac5a1aeb197162933b28e89c5cba99de4c2a7141a73 |
| SHA512 | f954e1e02838d5b1d018ee4c724c00cedf262dfdb68dfc4c90e80d09fc629525a187b1dab8b5f1d7d03e04e999a7018e77aeccb70b790b38a5024217c05afa00 |
memory/5632-865-0x00000000720AE000-0x00000000720AF000-memory.dmp
memory/5632-864-0x0000000005560000-0x0000000005570000-memory.dmp
memory/5632-866-0x00000000720A0000-0x000000007278E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e177c9ff6a1e5a153b8ba7d281e331dc |
| SHA1 | 0125003a1c9c76ea16386986ea9b17cc022f962e |
| SHA256 | b5d74a85cbc388fe23c11960aaed0f69f7336ae1a725462fa0db4d56ba0314ff |
| SHA512 | 90adf0ae7285ece2d47114a6a930b43fddc5d5a10c4add453fdac87e3e85be4a9640261a273403a0ed7720fad5b0813c41a3f3653674ebc5a25061450a3392db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fa77ffffcd0a0ea74a4b2be244ecdea0 |
| SHA1 | 6aae9ce38e97f0480f04f965f72f1c1b0a627ed5 |
| SHA256 | 46f55dd8c397142bcf9b3991692804447a2e517f276d64297cf923d4f893ba0a |
| SHA512 | fa0c3dedd0f0c6cf78c6ee8e141174c0933a3cec106a5a94f8dd217e234583449652b05e3ce74fb63bccd0c89301fb272633ef7d46e561f2355d71f9605914a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8db349456573ae7bf1f3596d8bc7d7d7 |
| SHA1 | 37b98abadbe7e4412be3bbe94e514dd738d146a7 |
| SHA256 | b14f2afa6079220669434d19d51f7bded74e2e83f16b2bc999580f287144dee3 |
| SHA512 | fefd4ee243af4db77a93f458735b8ceee9cb19068d08612a8334f9f1beedf02c468a199ace28d94c4b5e87f68612e67e539f9d48c18d26e9cb3f1cd30c33cce4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bfcb8198fa26d51f325ec60f336b0e6d |
| SHA1 | f9b10e8aac7da7ddf4337142ee355a73bdf03e5e |
| SHA256 | 9217cd24fdbe62f5ea957d89d6b1adb22503f94e7f85f0188b1b05ee7ac40e7d |
| SHA512 | eebf3354806162eaa6f271a58ba2bc4945c7f0db8a8ed002f8e6f335d6c31a38baf7ada2e2ad2e3650d34bf200800deeaf503155e00ede505dd3f65a173ffb58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\afab2740afd73bda_0
| MD5 | f724bd43c214a966a6a1fb93597185ec |
| SHA1 | 9d786b2f00ca1a804a6174ded25c6026fcf77690 |
| SHA256 | 5dcb6fca258026922c6145627c8b7e4f2e0a2bee5167517fc4127fdd82790acd |
| SHA512 | b3c88b71dd4fa223a3b03c15b97ef84bcd9ea72f9fa57ad6697f256cfb4f206c0123c86f5982744bc2b8ef388e123b27472c111a83df4e136b50ee5287928648 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | 7d9917bcfe436c914f2f90a58a4a4882 |
| SHA1 | 5cbaacf5ab9a093015a63e428f24be393a50e98b |
| SHA256 | 49d3e6e11f63b3e68aa41c62bd535defe8145116a5519e724676ff382f059711 |
| SHA512 | 450e3a4cea66f877c8608ab2e634b18fce4703303783cbbe2aaa1bd120924ae963fb51f6cacb6432b842eec57d85f7e88a75b955c6c1b878225e25841422514d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | 22e5f5a768660f951ebd108224b62a38 |
| SHA1 | ab0401ee012a08337bf75d01787cfb3653769b1e |
| SHA256 | 4d22aec763bd6279eb18ac0908baf41bc581bf30c4626872808e7c29c86d83c8 |
| SHA512 | 8c59eff94956fd412293f705708ae41e7b5d88aa9476652188078435893b19a776e934ba569a755f568bdd4270c0245f332f75bb47d4bf23e59be125a2cdcbd9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 435dc57cbe9ac4187a1c0aaa7a1a9ac5 |
| SHA1 | 266786f1e746fd6895f3262649ce04bbaa434ac4 |
| SHA256 | a7ca49e1ac7c9755d7b18b4d667e8be0db5e3a3ff19649371618bd0206be4af7 |
| SHA512 | 115d5aa530e0eba5b09bd2614971249688e9d879a42f3fe7565d6b30b5678f850791e6fb88b7f894607c07d0c5e10f89d99e6154fea6d4297eca29e30da78363 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 94275bde03760c160b707ba8806ef545 |
| SHA1 | aad8d87b0796de7baca00ab000b2b12a26427859 |
| SHA256 | c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968 |
| SHA512 | 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587edf.TMP
| MD5 | 3c253414626732429b0cb206e5accded |
| SHA1 | 85170ffd935fb52a1cda03226b239915c2878acc |
| SHA256 | abe463b578926c7454aed0c3416dd193980a453a2817b13dc538560096e48757 |
| SHA512 | 091f695ec226c1335ae1e8054c288846b8c03e4a9cfc67a009c38343358f4ebbfb0b7d85504bb99decd93e91f3c362aa078dc6788ce87af89de07623123098e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\482e8abbef9c0889_0
| MD5 | 74c0fc1517a4a64b8f00cdeef5c208f0 |
| SHA1 | 6015293176cba62ce871f2143a87767302b83c0f |
| SHA256 | 8fcc0979f8607989d230b4760b387039d0f8e2d00cc8d8ea393b4acc8ac8e8a5 |
| SHA512 | 7d52b21f1613eb087f86c6943e2eb409b568a1da4e099172a01e7128c0cc3851d1380f473bdde9212a69d45650cc4fcb80a39896b0b387750cd803df38622e88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b731ae91b722455747da173e56ba267 |
| SHA1 | 9fcc1fee1db43b0f463cb3f8ada86c8baf3682fd |
| SHA256 | fd4c571f9c758d70e702c086617e9a28f2bc92ab912da9c0ecf7109b8df48784 |
| SHA512 | 85ea3ae8c8cc1b837a275d87b9cc9d36a7278e64b0b0c9c4a3add20cce524707fb304e9fca93331f1b149c4882bc228f341441dd0b8c408441067141554ebc43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aeccfd5c22212863115ba1672679e2db |
| SHA1 | 52ffe17c1c6528e8feffa8b471a88d92901969ea |
| SHA256 | c253529124399549e354985b5d0332dc5d0268cc7fe4904abb9e23d856295d44 |
| SHA512 | 0eb4e23dcff38f00dbda0263e3b1331d7dae680fea0e7bff8c117b9aaf44a63f0b0cf19920a8751b711d589dd87115bcbf711fed62519e985c9df29c6d983bf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 93837f292e75d5043b67880bb0d0520d |
| SHA1 | 57fa82cf6d83ba9e46907d6c291a1b34ccce83ec |
| SHA256 | 8fcd91281f2d798bc9a34481d6330b76d7337293a93a20701baa93cf01d9e368 |
| SHA512 | 726bb15dc0f5cc7e6dbf38a730f32689a4b8cbaca1ffcfeb58044d6591fa6e8d0ca2c7ff0c4ee77cdd2223fbbf1d11c93b252a452fc696918c6a829f70ae6e0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | e61dc28d8ce493ee69dc269c4a176608 |
| SHA1 | 4a0d7c73109d3475afba526a57c06e8459e39972 |
| SHA256 | b726a168d917d17a4507e271d0f9f870cde5f6495b6f5df19f2af89d18eaaaf0 |
| SHA512 | eebec02796f1cdbb90de1ede3e0e9e2f849d12783b0549dc54ef750660255abb98606869f040e48138129c2931632df198fb26d356f03dc28cf492f98244258b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | fbfd93d3820d147a13f7c06f0db6a67a |
| SHA1 | bced66174ffa05392deef759f0175e85df12daa7 |
| SHA256 | 5fd7367c3f9a1a78800805273d1007ec94135fa4e7316a97ab1fbbcf8d22efec |
| SHA512 | 98553c92e7e59865be6e4fc2ea4ac0a37c93087f600f89998f7892558a17a2d9d132b6cc85a6c9a66a0293f6ce730127a0403f64105de9e35b740a8e757b94b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\21270d15685de938_0
| MD5 | b0f2859bfd640431dbb0d67206100f15 |
| SHA1 | 936dfff17d4f1c948d850a441f86b08022518de3 |
| SHA256 | 8944f8df08b8377a0b785910cc5c61402f08b6fea15fe4cd76addcc585c0fbef |
| SHA512 | fa85e47754ea6007702b57023558178fc3a643662b26ee030041833684c9aad6e50628959427287ae116c9e2c4b1ea3d0d6749cf87c1b0434bd72deec8b6e363 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\938fc9690feb385a_0
| MD5 | 60c49b6b78a8ec3f753615749a3a9806 |
| SHA1 | 8afb0324a75097abf273fcd0c71f9d94fdbfc182 |
| SHA256 | 37b2a19c371d828ff7f5ac7e6e0eda8f455bf6a8a6fde2716bb57f52156b13a4 |
| SHA512 | 22e9851a56c6eb248908864eb0b6fd0a2da0be7a991b4d1c7bb7c1b086aa8d51fbe8995964fe0fab10e05dffc422323356e1274da14acff6535fce33f7c08bcb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 2988e019dcef0dcdf6281361f7d34f5f |
| SHA1 | ec69291ab59e756a4ed4665846e7b0bfbba40783 |
| SHA256 | 171e43808d2d390ecac7c188a21fa3bb52d80207be9dfbb7f25798817c8017ad |
| SHA512 | 603a548726eb9065b1df9ccf7e996039a4d37f9cb6b4a6909909518c0e23ca71af17de68298fc7f4100f7005c815874c234ea43c84b5b111cd90861ada9daabe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 4c28cca064e3932026d2a5754a5cd9dd |
| SHA1 | bb7a246bca26668eec956fbd01fe39b7a16170d0 |
| SHA256 | 825265ea317e1925a870cdb4e1a5da7d9d3f0185e60d49dd2a66a2d4869fd16a |
| SHA512 | e9056ae7a5d5757c2540413b2a426208336cf0cc294edef0429fbe47ae1cd510513462b3d5793d4a90097bfe228ea41bb9c4404594cc7f3b92e53414b011f097 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 8baf7b05bb08b2b0a18fbaf6348a7613 |
| SHA1 | d55c631c88d8ac143867d6eea2357bf41aa5ab0b |
| SHA256 | 5fabea6622f0ba05402c07831fe73a9c91eb361b5a8b6f56a19eae9438b3dfae |
| SHA512 | 44653278eff75a0e87b3c01abc556c4ad8fdd211fe30c24d1aa7333a6396764f075c9413e6d8806dc8e5d6d6d6a010f63fff0b20d9be747d5ba68e9342adfa24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | eb42584633f1c945908d87bfc7eb0d7d |
| SHA1 | ff5677f6a5a117c1bcda20d42a347aeb2f58e9af |
| SHA256 | 12fdaa36d3a645b6e12018936d11e9ff45062cb96672dcc53f172d5072c6a2c8 |
| SHA512 | 4803996abe2167c6376f20331e3040c4f67c881a56e5701aff7de7b1af6e851721a1b66d0cdf3ac64ea73c3df35bed28864863ce425346340c6c62ecce53e8a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 20bbb007d337b1a1c805cad28f7cc69f |
| SHA1 | 01eb8d2c1ba72af4dcd63932f082fc1a3cedc5ce |
| SHA256 | 42e860cf18f6017ce606c5936ac04ff5381e980cc5d5ae37a1826ebcbaec87b5 |
| SHA512 | 48691ed0ef4d56cc1574c04c2ab55c86bd35cfa818e216fe877d54e429e16fda3a5c081436b8c5161b93940aaca757cfdc2d2df0443c5b57000e366a42b0aed5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4909926fd5227d22_0
| MD5 | 188450da5db74f7e44f67dd082386cd6 |
| SHA1 | a83471f14b1dd3e1e5584e1a9f9acce5e24e0a2c |
| SHA256 | be11a00aad0b172a0d104bb54680bff6d148e417e5d9b5bdcd01e867d4e837aa |
| SHA512 | 9a6f435baf923b23d168684b8ecb9af231f721243277eae4f0e0c8df4407cfcfe7b28a1bfd31f6ec26747d03c9de89a152ed350bad89ef423e16fc3adf0c8aaa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3e6d7af67786e233_0
| MD5 | 8cfb780b3ca61282efe49779086647fb |
| SHA1 | d4d94b4b39a3bb1753e9ffbeb59dbb36e5e4d4c1 |
| SHA256 | 812ca33ad3538085f83983df5c0c57792b79820fe00fdddb3a9ad3ff7027064a |
| SHA512 | 543a461cdd21cf59966e38e6de29bf582ce1d64fb4e575f433dbc349714a3cadbc5570f22e7da3f737c514bf1a81a16ee50d73dd8ef3a6a75f23d5b367d29ead |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\68e5a804a620d989_0
| MD5 | 7ef693ec9c8e9376950531524e06664f |
| SHA1 | 235a5a1b4feefc0d8c4caec421330a20c77d8458 |
| SHA256 | 097c4101e72341bc0b9e369cde774277d6ac821498693c94d0a8b8741fc5ea26 |
| SHA512 | 88ace1c926f31adafd6847bc367c4f51f0af5b7dd9f0d95481bc2632135c6eb3215bff840054299d4f86f2da25b651ecda0c7ca8cf8162996b1b437fa2dd831c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c81998b7d443fe20_0
| MD5 | df0394c09ede4a532afb2574414fde15 |
| SHA1 | a832e9c12ecafb1e872cc1deebde290e20e05deb |
| SHA256 | 07b4f4ef2fe421fe51a807e61357a519b5b305c4cff16702256e8cededa4fd2d |
| SHA512 | 29c688e9394cd139eb3c70674aa84eb6cd9a1377ffd8f78f7a912bd67f5a81e09e7e9864a81b5c21c31c5249feeb48dc0ceb8744873efd5c4bb92cc13dd4aa55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009c
| MD5 | 741df343b4e154bab67b7297aa9e614f |
| SHA1 | 04617eeec1bc3154039c97a0862821b4c1099336 |
| SHA256 | 4e8763c282cc3907d0d00e97d7db60f9cd7a52c763670cce707d3c91ee8e05d7 |
| SHA512 | 44d0baf07f941df7024049c4f9f4b7a8e405aba38852d0536f8ccd87df9c17f2dacda1a241e4c11ec60ba83ce4b493142a67514953458c2a7dd44026eacaa706 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000092
| MD5 | 7706a7090b4e8b6cbb91368f2864ef2d |
| SHA1 | 7b023865feba74bd032cb7d5e24010379e608c51 |
| SHA256 | ba97d2bfa8697214238ba745bdc5467bfad46780c342b8d0fe7921f6fb03a29e |
| SHA512 | 02e08ac7593ca3bc0d936cbc94619ecb8b5f7778952c5fb3b45e5b0a51473f5a69c03ed37d69f155f1fb6e07c5cb1a6fcfbe4263bb4dd689895a14a2c1441905 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\716ccf142b35f832_0
| MD5 | 20018034316b39d33fc1e364eb9fd486 |
| SHA1 | 5a43c2e5357a6c1dd3f9315f9f6aa63f22d62df8 |
| SHA256 | faac7e8b10f56a6919ecebf4e2b5a00201ddddd8783f84da517470ac5e6d011f |
| SHA512 | c1e4aa05e51db71f6b277b72bc6767716e8ee95d5da310af2b96da8dddb8b6aa031be7845c9d2a517a0565cd9eae46ae1627529fcc41546c503f06a8dbc08edd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0
| MD5 | 10bb74b1f71f8f0a36f433a2420e7da6 |
| SHA1 | 1a78d2293ffbc55f2b6e4be6bb088d378ea95a68 |
| SHA256 | fb4c954b2afe7cdaad5593603eddc3edccebf3c04c5589fc694e8e692feceea6 |
| SHA512 | 40358057c44b45ca1bab35ad4eeee3f76e75a5b48f403cdc7da6fdbbaf1e17a6255818b932ce24ab265c07615fc576626b96b6e8b68524b89383187851e49899 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a4c8915b2528e862_0
| MD5 | 87a02d892b8d37860087735bf42ce97c |
| SHA1 | f57fc597d7ab941afcd468ff5c31856765f9db14 |
| SHA256 | aac46d7500d9f38da4db6c670dad161e7ae1960fd8ba886ca8ad680e48406756 |
| SHA512 | ea78e0919fa4bf97fe6ebd6b7030b1ef1e0085c1ce552767e5ea84f9c7adcf1aa02228175c0f77ca8ce0bd96f356d9f724cefe2ebcd99c3855545dbf92b4f3c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\becc814af7cb4127_0
| MD5 | 45746747b645a0b73ecbc180788c019c |
| SHA1 | 9f9bf79caf8cfbc181fbcd7627319254fa4f40ea |
| SHA256 | 00d35a121b9bb44d6cbac9948f1f68f650e91898a1eed8c51b96495da96f6035 |
| SHA512 | 534ebd8394edc067179c92fe94091ff6b046d7be05c513d7078765db45fb20d2f8ca553cdcd4ee487f9004c1da24c360bdb2c8c264ef9aefb08ac88ba4041091 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\344ec6eade6d52a2_0
| MD5 | 775837b015380cf19515ce90020047f6 |
| SHA1 | af63575659edfffc1a7acd2553b9e8514122d899 |
| SHA256 | a9733b343c3763665d13bd7efe98efd1e3bcdc4eb08608e16e970211912d3ebf |
| SHA512 | bd997b0cc346b95d0a5f44fcb6af7a7c07713bf84173072c3495376df32be9d7b707e1097ce884c0956ced9ce6dad40737f1d120ac9ed1ca5a253c27992bbd71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f7f0cc4049628916_0
| MD5 | 528b1d0bf3e08f150e930f33ad17a85e |
| SHA1 | 9dc1d6531a0f6e1266a87ac97e91dce89fc32bed |
| SHA256 | 157142ccdcd268a7af2c7d78eb30ee61c8f34573b1048935d2ee7a730d8e24e0 |
| SHA512 | 6a2076c6b5531b4cacd6ee3be4ba893d6cd75fcb30330e7f9b2a27ef11e6d10594346b6aab0f73ae43ee704b45417661ffbca8cb701116b7187ba3c2411e53b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\30faba46f8cd4481_0
| MD5 | d767539d7f7753c96e9eeeb298150a75 |
| SHA1 | dc8c65aecd234aa5b8ba03672e5437abe2167f26 |
| SHA256 | 01531c70ab8356a73abfb792c75cd0e635928d3c8908caa56d8e5b4ed2da97b7 |
| SHA512 | 7ef08aa58c5a10bd8c42943b237b11f3b53163bc66dde9506bcf95bcf53759fbfc0b999a56b52b42fc048bcc9e54277aa0401ca0fbfdd505d630e00f8dd887c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f915a2489a2618cc_0
| MD5 | ab7e75f2bd5decda8b5320226a0943f4 |
| SHA1 | b27026ca9740c4ddb7faec70ee2c3cf35b421ec3 |
| SHA256 | 4b30fc408a847b7f16454c6bb3a3b68e81c253a1a70aee284e18c46a93951e95 |
| SHA512 | 7f4757ceae77b60abf340740b4d3aad7cb25db4aba9acc0d76aedf241ad5616e1e5870739597905bcea0777c550dfacb6c449957e0f9f1ab0e28a6788589acbd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\69dec7d3e12c6b08_0
| MD5 | 0a4c84248d80fe4ebb23c39741aa5a31 |
| SHA1 | 3c7429a89b72f24c861d97be5072ed27247b8a7a |
| SHA256 | c48f2af44eac0e6c03154a97589a9dd2e398c77e43b03ebb53ec121054a9b0dd |
| SHA512 | 0b65f8104f99622ca0f7cdbfff2fb3946ce970ca8275af17cf4ce551ce3bcd550dea729ff8635e4085b8fc818a21fb7a8408ccb7ea1651582eb7d97e9dc0503e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fb525b7d3b4b6592_0
| MD5 | f8a4d6555f333ca08aa9ad1b2d4fffb2 |
| SHA1 | 8e9cd48526039e89f42d22c96192ea21a602a049 |
| SHA256 | 19dcbdfd90519024ba189b7f13bd5cddef74a73110def93a4979d97c028ab3ca |
| SHA512 | 2dff8a0774fcaf60c94bde31a35f6792ed1cc3cbcef26e468f0eee7f59f520ea81c1bb23996e914441328199585ca2b6f6235d36ef51d176a242d9e36e6f6e0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | de85c2ba1fdf8bcdfef42e3d12dd3e6f |
| SHA1 | c0c7c9670a0c7eca91e3f6f17907cbec35dccc3e |
| SHA256 | 44440c93a41999e2d7d98deb0c942670aa4741ca425deb78fcc76837f53ca09e |
| SHA512 | be0eae156f35f67ef58e22f1ac786a294d0d4ebbd76a613daefbbe42a5c27fb15c9fc098ec97db56a00acedc95d11c26ede5d33d3140e0251922e7a7d5b2e796 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 45f6443185500ddc92c98837deb54cd7 |
| SHA1 | 53976ff4450be49f5c5a341a2032d5defe2d1c3e |
| SHA256 | fd5a3310307dafd6e17019a6c8a2e519c052b3f249a3631f84d384b3e6f05f12 |
| SHA512 | 2cb184e0b018cd2196270d7cf12ed246d89c7349f647556e9445bcb9e204aafd34b381e758fbb73ebf1a3076baf11f61049e124ef22e55a9fbf5e5abed0cfa74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f6dac6256db4a4087a135e7c39e1279b |
| SHA1 | 3bb92a457a2d396a4e210250a83a25fd180a5317 |
| SHA256 | fb2cf230b28332965f54bd94c575c8fcda1721f663feba91180d02a0367e9d0e |
| SHA512 | 94e037a1076584c647591d57f4876d76bc88b2112ec8734304c962971ddf18d49e6d8bd6e5e667b4d57c9e10faeef8af7ad975efe8ee75d3a8f581e9be63fd86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ada9ecb16e535eb8660a4d3be81fc693 |
| SHA1 | b6503b6a9303d666eba751db9b4c368c82809b2b |
| SHA256 | b162244b6e627eabd9af08001ea46c9ca66139853622fc3c09410730a2a38a62 |
| SHA512 | 2b6d47f3a3083bc4b3b83bf1a37e6e3173855993273408b71b976e528e7c0f3e5060553fefb166c425d87487054fa0978eb9e7cc07bedcfeeb4901164abaaf26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 18b9f97617e8ea46cfcec0a15a3f9f58 |
| SHA1 | cfc0a817838b651259e732cc458ebfac2fc10297 |
| SHA256 | 53c6d3091f58187660e0705a02d44d4e4a60a90d406d041bfc46fc4d04e4cd0c |
| SHA512 | 110f489640e03a1d008b94b1257732d8c7437d5b0fcfd3504d4636cbd81c36f3f5dd24ed4de9d27b9fb6d98f7bdf4f1c1c5422dc50e918c8cdd7d3d67e3745cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bd1d6dd27d18a8c9_0
| MD5 | b48da35ef45619e71abdd3faacceb109 |
| SHA1 | 4396196831618830a300f38fc413d243e33776fe |
| SHA256 | 481ea2b51cac35dd352e5f581425ebbb20a331b903aab645ee94a7ea191f0763 |
| SHA512 | 020e4cafda1af1320dd707f57b3e8d3100a9d8d7b283f252f7e8902d1b7890d3cb954db75f532b4da82a6ff0681e1059ea623476941fd0b7c0b547ac9dd81bac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2bfde39962961371_0
| MD5 | 0976e02ac926263403a6779f6f8f4ecd |
| SHA1 | c408b7637458f6bfa7bfaf1a04b88e2371c05100 |
| SHA256 | 5d58f796ec2abb389440933b1065961c88a9d82c90f0d4770687f0d057e15efc |
| SHA512 | d390380937d75a763cedcf10cc07275c18c7071569b87ac7f08a537fa929066ccac1679ced29424a486beb707662e4d550b23a3291cfdfd3993626b26633fb0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f
| MD5 | 13d4f13cd34f37afc507ac239d82ddbd |
| SHA1 | 6d500935a441d438ed052e90de0443bccc8c6d17 |
| SHA256 | 76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01 |
| SHA512 | 152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008d
| MD5 | 01ad880ee50b786f74a5e4fae9ba3d71 |
| SHA1 | 111387dbe885b7f3af44cdbbeea17eeb04bbf803 |
| SHA256 | 9368f2d586a1d2727921605892048bf5201ef8caa044f2e939ef431aa881d83e |
| SHA512 | d8dc47e5d55e6598988281539205936c56b716eb02b4e643fc917a68ba4407ece36a9d4115d5d0e32ac630d44eadb94ad2607330de082629fea82a9bd35fb83c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\caea610f47d83ab6_0
| MD5 | 66fa35fe1e1f587b6680d642e53f9891 |
| SHA1 | cf824894e3e3588e98975426c631802aaa877bd1 |
| SHA256 | ef79ac32d5a91fb78e84296f173001ec0a23dbdfd109970662bae921762c872e |
| SHA512 | 55de54f0eb2bfc305fe6b4af279b6480e3570571725f81586f1176aa12b8bb4511385193d7d86f6116d18a6b5c71131d67952a5a78c47a9fccd7e40b45a38921 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9c0b7cc9fe5e5fcf_0
| MD5 | bbf225ebb7ecf42958aed84f4ddb7215 |
| SHA1 | 8d5062f463c0de453610729d9a93955153ca86e6 |
| SHA256 | 107c4546cd508ed72ff4e129ab05e1c674fb83defe0d0e4fc47765e2d8df2cad |
| SHA512 | cd672e70ca4d016ba90f83d4fb5cf408263824354cd4741eeb22de1f513386e411cebc862a6121505abe930d1ca45b3463ff8e0630023e4c1cc71ec4bfd3c3a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7e02f716e16c1221_0
| MD5 | c5eec670f1b71944810bc8d6bace6cb8 |
| SHA1 | 3c93d86ec0bd9c278896ae709ef7ceb815617446 |
| SHA256 | e3fa2afdb8e9dc77f0b5009ce5ef07ff7e2cf0c02b2e5e5eac8acf70a0be984f |
| SHA512 | 87d8503740640de83faf4f37d3a6270ad546de32c823a625dd9b488bdf737f7b31eacb70167541e09fcd6bd3a1145d1527674c5014dfa5a4fe1fc4f80cfdec9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c8a90f9ec57cc673_0
| MD5 | 140396ad12128069ce9ccbf79abff997 |
| SHA1 | 1a45d257132e528e6e33002412a3c2329bdc5c75 |
| SHA256 | e5374afcffd5dc59270919b1076038602aa10c1fb9b582cbbba564ea9c7386a5 |
| SHA512 | dc383cef2b715fdb3d46776d9e27b82a57ebacf075a537eb179f19d1434dfdd3c600d9fd73e232d2dc2806f6e86e0e21783c7f26c7d7fa540e16f5235e526d85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000087
| MD5 | f9c1521230c4b671abae01ddf739e61c |
| SHA1 | e68ee330b7bc15f773b1fb2c9c0a29318228efb2 |
| SHA256 | 34e837ad6689f8c3a2afec77c185e3bc2a9a62a97ef5bcf075390c29286a6093 |
| SHA512 | 2725e9656ac09c325249efab902733e223089494d0c50b7810bf813fd47923f9d925bcac8a4d5a31e877149fae22c3e0ec3bb94daa1ab711dff3a9083c29a814 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086
| MD5 | ef8bc3dc2c59253e10c6af72aac8f020 |
| SHA1 | b311b75e56c2ab9ab75b2c7e5bfaaaee9270aff6 |
| SHA256 | 768c4ac2ead51910ca155ad257416b14234eaccdc53e2193ec7609b6d499cf69 |
| SHA512 | 1a4f1fefcef71bb19cc21f6993b4e7c1b2249bf4d94a93811c0408a691bfcbc56865d91eff3125af0616e5f80fb5e153943f8b23b3e19d1bb4691ed963b1921d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000084
| MD5 | 1af625b5988f4098155457b42c9e7604 |
| SHA1 | f101a2737ad079176c92bc2684f8961b074ad710 |
| SHA256 | 44d44ea3935d534f44d0e33117954cadb08b712269e12e10093755e3d4885014 |
| SHA512 | b81654c38578ee6acb3ef12ced4fb5edaeb698add94d68a6745db933582494170ac6a048022eeb2dd734372232673f7ed50102fc8fc3094e3804110b20172d39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000085
| MD5 | 06c5056614c487a25e3ed2d626e09e9b |
| SHA1 | 96052d706a61e9208918b3924aba298fe85c79e5 |
| SHA256 | 9aa5bf4b74777ae6381f05aae0fa77a598b914331280efa125120d00b87cac38 |
| SHA512 | 7271c9fbeb9773a201960b76f33b68d3e230bf08141513868f3d731883979f609d239ae3239ca8700dae4f4cc17243039ed7e03ce874e88f643c89b0b02a0555 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000088
| MD5 | 33ad2290cdf2487f6dff9bf512cece28 |
| SHA1 | b56e223cea17569e13c5dd72aff3e34d40f114a9 |
| SHA256 | 2d01340947a8b8ff697bd0176aa1dbcf81e8fef67acedaf3ede3c71c179007c9 |
| SHA512 | df14b0d6217da08012a6571be6bf1eb3ec8ecb35197e610a32bbeca511c23075f7514de79a7963ff0e4be46cd1f3f1440b84219ed37a6d12c22ecaffb6391d7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000089
| MD5 | 0d78964806b61a003056e27b74af4e96 |
| SHA1 | 552a63787619ff3d4ced22750d601de5f551f0b7 |
| SHA256 | af16c22e9d7ef9e378c71fd0fbb435b4ce73454005c8a11482c976ecbcc1ddae |
| SHA512 | 9f7af8dced29f2f8c998f6399e8351d3ca35f81b1d392c59179cda0afc78840278d0a85356cf1709a9be0356a566587058adad8dc228d0ebf62399e2b5696abd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008b
| MD5 | 6be04c153ffdefe7bca6e5731e403400 |
| SHA1 | 82d7eff39c9f5ec9aac4d9de04e6ed16506d931d |
| SHA256 | 8116e67156a24f9fa7ac82d235b6e87f460536fd3d7783425c39dcf1f109af1a |
| SHA512 | 912e4550596b28cd740e9722cd441ab17bac16f4e62e7c6b09cb48e8f2e9eff7a732504bfde9604d3caad0fa5e00b31fad5d7009225f57d68ac94726c1731e75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e4262066c876890b90527bdadb2925f6 |
| SHA1 | c9c6cf7716fb0241d2b61ce8f403386eaf5790a3 |
| SHA256 | 70cd00d1c557c15a94113a2c6779f2025728a1bf45c131fd5393a0697ff8f299 |
| SHA512 | 4ae2a8a47014ac0a7dfa70604c1f83b264e769d4f956b929a93dc66b184ff9e8a7990ecbc0ef8fe39870f0bc9df17a340bac6d985c2973c5915f567b0811d454 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e
| MD5 | 1aca735014a6bb648f468ee476680d5b |
| SHA1 | 6d28e3ae6e42784769199948211e3aa0806fa62c |
| SHA256 | e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a |
| SHA512 | 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074
| MD5 | af2a4a5954cfbc18141004185df9abf3 |
| SHA1 | 912be6ce0f33262de5e72e7b4f23ae3ef136b203 |
| SHA256 | 620b581a43249cc8940e41e160444822fbcc264a24db948b7dfcbb2d218e096b |
| SHA512 | e75a5335c076f2c5b34a051481d9f2f7432fb60882efe16cbabc8268a2090c4bab6ba4d9a86e347beb04117c3d191bbe5a5f075513a504724adb667d2a22ae74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 813c4ff95d5fe69a302b5b0be32ac758 |
| SHA1 | 85714fedb93a6022c91768ab5cef8cd08ce18de0 |
| SHA256 | c1bb567ba09196bb4c6a245de9329c472c3311d86c889336258bb7bb41f6358b |
| SHA512 | c27ebdcc2cbf06d9a8794e9de52801df9f24cd0b0dbb447fcdf5b4a237770f5169c9c74f4fff39cd25672ec1c404331836c4bd40abb2c4df23daeec89bfcb48b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000076
| MD5 | 271aa829d4ee3960b052d1e8e96541ae |
| SHA1 | 3c2f47a58201c0dc0104b11da2fead60054eb7d2 |
| SHA256 | 73b567eccb4e9b2257334d383e9584546f49ac27d893357e2bda2821faa770ac |
| SHA512 | f50b5d261e909e4b3d4cdf99c567843c4b624f0ed9b7dc273167330f84dc544c5ecdf8cc0709db47be7398c70c26deacce5603523e9e6914cd3f66748304723b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b0
| MD5 | d4fd8a996f96be94f34bdc25b50352c3 |
| SHA1 | 557e0c103c15566bf230e6cb637de02d455beb56 |
| SHA256 | b16a96c49a6232304ae1d42e5866f4ca790f9b38fb6fbeda2c3102564f9fc0c1 |
| SHA512 | 5ac78659c141435310ada241f0a567bc451df7f8b55cdb6f77c71e893c5409c1c88978c45de48e9002972593bde31591f59e962d20a084e66b976de9427ab8c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1c5c8bece3f9fdac1007d3bc053a16d4 |
| SHA1 | 9e5aac1e3498051739402d8cb32821473f701773 |
| SHA256 | 29f155254f8b45bd5a1f0e043d8118bee577369f77cbe96148395235cd51a002 |
| SHA512 | 7a29af387ed471c387c44bcfc07178d889471c799a574acda921a0f315d4bba2551d37bad9e33ff6066c330c119067148e749ee8936a69a3aa6b5e41fdf8bb0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 5b62089a92a40f6c858f2d1f2dda523e |
| SHA1 | f8bc7c75d6c82b55de92b93bdecdf10d638ea531 |
| SHA256 | f74d845b75921c58848d8f167a7cbc0197e58d7dac6e2fd9187b0c16d3090895 |
| SHA512 | 7acfceb9fcc1b7911d49acb2048fb371492793cf4427393d0387b4e2ecf94ffc586fa717bf64231a71ba9441d571835735f0e81b3586895b881b7f38c8bb47c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe59ae67.TMP
| MD5 | 52f82c00e5fde27a33b4c8fdd4203263 |
| SHA1 | 187f416983b7ee74bf8c8cd18370e32f8c73c6d1 |
| SHA256 | 78069f5899f5f3fbd6abbc86260be3ffe971732d054adedb944f01a971043eee |
| SHA512 | 94c9723a7b546cbc150b9e57e0c840661d5e2713b19394b436bc59f5e24984d0c13fa93a7df1fc9e822e0f45845aa1f235ab13d294e44b4ab20bba90b8d8e080 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 35945e292d1c5d7ece5dfc88ae716010 |
| SHA1 | 39634b9b4195f493199aeac7e872f97785e23d12 |
| SHA256 | 89947f7ffcd860b5334bc5c1a45f492cca6c1cf43a704af11f67aa554a9d19bc |
| SHA512 | 76fb9c501156754984b3f603f2121a57290eb3b78381263e01d7705f9bafdeb47b5df2360825b16835eb87afaa590a5c05fb98c94ff0c664621051236f5823db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\61d67150ad9c8c3e_0
| MD5 | 4ba71e935705799e78b4e9de0b3ec99d |
| SHA1 | a83e7c2025bcb3cbc40a29f973a2ea826884a93e |
| SHA256 | fc7b92b5ff0294df0986783fb572b3858913e7fcd15e0a8ceb91f292f66c7573 |
| SHA512 | 3026ed7e83aca40e485bebb732d1d30ff9c67165515025c541fd55ac66995bff54b8f00dffe260086bfa779df30e3573d1fd2024b573917bb63b5ab74bd1333b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\be887b9148e77fef_0
| MD5 | 921505616109a1f0e76594aa8a9d5847 |
| SHA1 | 874d0256db19b7fc519c9bae4a2bcadc190fa84a |
| SHA256 | 72cc810447ae34558d7da35dd37a87c80c7b5cab96b876d89325a83a57c78393 |
| SHA512 | 3eaf9cbdffe95cb4a1b5854ae8bc078e9eb611df23f9295079278c4ac1347aa6cc8af1d96c45b2b1a6f2e4836a71f5a159bcbcc57e11c5dbe6aee078a9f40d26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cab44f13926ddda6_0
| MD5 | 059d3f1f6135b958345cb240ffbe670e |
| SHA1 | 9dd68a7d366d0908feb60d25953c3c49f98990f0 |
| SHA256 | 15e50b7f83dbf76015e5b5428076f5da5869a1328fbff47f37f44675d659ffc2 |
| SHA512 | 7c3227be8e1fb42d08b173bdf5db89e446541e4b2b0aa1e15bb4ee85301253e5117135b6cff77c1e60e13fbd4c5f0266c4e2c3a4883bc708bc63d299cb354f8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\672294a182176222_0
| MD5 | 940f498f09dbb2fe099409ab53ff0f6d |
| SHA1 | 3be32e855c86d6cb91b9e28dfa6abcdb876607cc |
| SHA256 | f2a120db86b37db057cc0fdf6fd78d4d4e3df1496fcdf0eee0febb0803fe3afd |
| SHA512 | d51dcc9921198a03abaf094f70e58ca07f0e6f197f9db4d183d0ead71b29f4a74972fa20da46ed86c273efba1bffeb3329ec8544fa4cac22c8d8ac38b01050d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bcdf42e00b795437_0
| MD5 | cd4bb4c31dc06a356c2d1c89fef2ba71 |
| SHA1 | 504a094dfd90c442b2351d5f24e76c6c2e630e4d |
| SHA256 | 784ee48712ed3ed95e6cf3767f55bf0810fa8b8af3631394f369fc6950a07d98 |
| SHA512 | bb02d9afae8c713825c9c2b6f9cbeb62c2f0fde711958b6f629a7ba1d8a80fbbdaffa1a8d50b893c7524434bd61e5850a0c4b3b1b6578976a42832bcacdd47ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\235917262d9391d4_0
| MD5 | 40db2372d13db4a5f2a46088227a6b88 |
| SHA1 | 407e483f9f6d762e2ba58a12d459555af683bbfe |
| SHA256 | c47ac552084c346450e2fd0bb9a861521e381ea8ed5379c0daefdccd4dbe0fce |
| SHA512 | c0e5150f34f19bc15417c23e3a23ce3ae31534a42989551307c802ec19318b02793c2c5bc261af3432c646f59bbea1d121575dd660a8d510f2713fc257899eba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e0215304bca236eb_0
| MD5 | c42618e4bd9493e50f8e1a304e58ef43 |
| SHA1 | 57b57f0370d0ff410d8c9dbe1b673fdada62d929 |
| SHA256 | daa730e7626008b5ad8d1db192125cd415c394049753a5380a2f37e8401f2388 |
| SHA512 | 2a26ae6e266e19675f064e426d9599dff9059b2b7559acf62bebf3dfca90e1cd6c8822a23f0c5c6938656e250a2745864bb8f57a9a70ad1eba027d673a3d5940 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cc328689e3ddaf6c_0
| MD5 | 8db41ea98df8ab89988862dbfa0ad2c9 |
| SHA1 | 2792d0eecf431688bc0b391a6e93568a461f1bd2 |
| SHA256 | 5dae6a5e6bc32cda781f23ecf1a0f22bad8f0bb93b84a053c00fe77f0dcb5fd4 |
| SHA512 | 621c2bee1699a8c0c777dcef69fb4e06e7c6e7d3b1ee0cf566c8f24ac65ff47ae7cb880315f578ad78f8046ae384ae13f7925f5c41c03bea4d2ccf5fe215f8c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b057518fb31f430e_0
| MD5 | 883be6d57a44a7c4d1dd188a123fbe34 |
| SHA1 | 01c09195deee9e587c5db489b866e779be2a3a7a |
| SHA256 | 28242784b0b5d05e2a9e572c9b73ec41e8b084cc4778f9781fa08de3c8744624 |
| SHA512 | 5af6424bb53504f00015bb71c9c602fe65a32fbe7b3f6f0f665f7b175e643e32fdb6f50cb25b3d5d4cfb7047ea307d7d47b91ff23e62e59a06e498099867ccc2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 564806ae448313025935f61937b500e5 |
| SHA1 | 17b21048a159a4ce86662e32ecabd59934ce2279 |
| SHA256 | ac961875c2bfc882eabe1f09529a8953368fc54f424017302b165c86fd3df39e |
| SHA512 | af291c7f6931e3f87015307ad16f522e7f264c61a42d85471f84ad8b29d5e7a9a664cf5129bd9af6b7ef73e8d3825a1c3a9ff1b3bb113faa27c53234c15c97a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a420eff95d3f14f5206fd18c9f27108 |
| SHA1 | 1370bfc49cf48bafc72a4aa3d1642c70c57da547 |
| SHA256 | e06dbbb8af9e5416d4229adb592b632cac092ddd5795e542aaa76bdf5de61a8b |
| SHA512 | 05fc7ad3c2a018389d7e777cda98398231399f0b5959a20274f9f946d9a7255bdb3d501550ad450933435f1d90626ad559e887d281619e37ffce7948ed946a45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | f93df7a71e5841c633110b66c446510f |
| SHA1 | 7e9853607a083844288c9b1ca14c5318e1a7890c |
| SHA256 | 3249fb15de4f497c9af6fb500fb45d702919a1ce1cb069da3b5127942c995f70 |
| SHA512 | 968153d17f498712427e67edca168ad2b512486d29b8d0d49cf19fb89249d74aa323cfaa830e706e9cbb21eb7e72a88db88e86b2f187f8cd1c1cb6e62f540c84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cfccf0cf607633b2db494c9dc40e9b76 |
| SHA1 | 00bbc20f9686aa68f4c8226503ba01192ca16dd9 |
| SHA256 | 9c1f254b06a36dd52ab2bf1b809f092ccbff64c2739f00caaccac91b73f376c3 |
| SHA512 | 55ea049c6f38c118e70d2e8807effc2032d4bc9bd1f54d061a9b4edd543bf72b5d339989d61c1b269b40d5c5a32bf0a25c4b07bdff958b4388e0ff96719b2251 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 71de364d6f78fcc46b9d86e8f08b316d |
| SHA1 | 932378875ea3dc771d617ae55d5e9cbbb586e4a8 |
| SHA256 | 760289bb9d2d82212188b525a388bc91c48b288218803e2a11b81ea4c559af7c |
| SHA512 | a8898b5652760a4070f0c796b264e9f69fc86ab8a70518157a5c9fe81804653ee905b52ddbbbecf2fb7afb43b0054617f133155cc9e59b8293adf4700204348e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5618b6a66ff61988068e65bc802c2b95 |
| SHA1 | a2ccd6b0c75b876211e6f9d691d4dd91bdef3829 |
| SHA256 | 08bba20e411a26e329963d32cbdba2a2e063cb40fb7edeb1746a364960f92b17 |
| SHA512 | 60938222a885e4f7c60bf1e4749f2ec9bf4d0674591f4634437351bb316273f456b93e6839b7f761d8e758300e496b69014c5b0a267cdf2ab381a96b7da1e85d |
C:\Windows\Logs\DISM\dism.log
| MD5 | 5f1df1a90bc76af511769a43ac84bdd8 |
| SHA1 | 40ced6cee74b625942a8bff3d577b10867b561c0 |
| SHA256 | 02a12edf529c8557c6f728831f70f515d40461602ce1873d2c94eee78b8d321b |
| SHA512 | a1fde7cdc644bdbdc0148a013189658e745546a3ac648d2bcc55fc89122958ea45a1d3a208d57af27e0d2621327a57f9235cc3f0e2958d356fead880c27d4e76 |
memory/5268-2706-0x00000000049B0000-0x00000000049E6000-memory.dmp
memory/5268-2707-0x0000000007500000-0x0000000007B28000-memory.dmp
memory/5268-2708-0x00000000073F0000-0x0000000007412000-memory.dmp
memory/5268-2709-0x0000000007490000-0x00000000074F6000-memory.dmp
memory/5268-2710-0x0000000007D10000-0x0000000008060000-memory.dmp
memory/5268-2711-0x0000000008080000-0x000000000809C000-memory.dmp
memory/5268-2712-0x00000000086B0000-0x00000000086FB000-memory.dmp
memory/5268-2713-0x0000000008490000-0x0000000008506000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4un4m3uw.rxt.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/5268-2730-0x0000000009590000-0x00000000095C3000-memory.dmp
memory/5268-2731-0x000000006D550000-0x000000006D59B000-memory.dmp
memory/5268-2737-0x00000000096C0000-0x0000000009765000-memory.dmp
memory/5268-2732-0x0000000009550000-0x000000000956E000-memory.dmp
memory/5268-2738-0x0000000009890000-0x0000000009924000-memory.dmp
memory/5268-2815-0x0000000009840000-0x000000000984E000-memory.dmp
memory/5240-2919-0x000000006D550000-0x000000006D59B000-memory.dmp
memory/4964-3116-0x000000006D550000-0x000000006D59B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f35462d9f8052275_0
| MD5 | 8cf14de81ac650177391a79e47f7aa49 |
| SHA1 | bf5b6fa8ec933b1fd3cbb86a0f9643e73aaac3e8 |
| SHA256 | 9e194764826b04c5432194da2dff83410f19cb42d677bbe75879c7879b953f9c |
| SHA512 | fc8a797e6582215dcb28d3d83d24bba1ff18c47dc959ca6871cf4838bb24dd10e45379578743ea5ff6a433d7286647db4685a0ac5ae91039fd6bf52fe21ef0b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\17470877b9578ed3_0
| MD5 | 9f4fee7d9f6b7da8dd371842cce16727 |
| SHA1 | 2fff8dc0b0dd035cb28729918ce1b124b9f16019 |
| SHA256 | 83d907b1c053b24a565922e2ad59d7ad04b7bfda9367a81e8027933a4a2c80dc |
| SHA512 | a7873d255175bb3cb95aced7622c304b193b1e987e9d2d286ba5e9273fa7965cd8a5e2fafeef4ac134e939e66379c5a7c4200b2dec0b1ae40e9386877e05d500 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70febe26d1b0f15c_0
| MD5 | 141de72c3246481cfa8cd799cee7b029 |
| SHA1 | 76ce388095333cbbf9cdbd40ba977c23766a8e73 |
| SHA256 | 1023ea63b9d234452aceefce97e4f03bf2deaa126e7cb8320679f152f8877fb9 |
| SHA512 | 27169c02713adebfc8c57fb0061f3aed9e3b7bff037063280644f7c19154f55213367d62844fc6afd3fa46ac81c3a37532f87e6f59c8171fa038f974edeb54ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fa10717700138e44_0
| MD5 | c0f1f81970b0ffaf569516a10d5c4563 |
| SHA1 | 8804c607ccd81b062d93b44728b9356e60bee1fc |
| SHA256 | 13938f2fd76f93d7c86f5ac1d0a9ea75db8e3db6df97c1b9f0dd6349862c6c42 |
| SHA512 | 1b96c879c297f097caf4b2571eb3038ce3f060366096d46d1766d55008443bd8833012fd8137f5aa197d135f6961cd1e8d8f67d0ce3aefe7cbfdb7044735bc78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1b1055dd4df6f5f6_0
| MD5 | 525bf1b23ff15e8aa9acd8a93219db6e |
| SHA1 | aa1fa72a06a4caef5a45a4715cdc754e583a05e6 |
| SHA256 | 9e9b3acdad850423601696225f1effae9b588456ef10a50a9764c0f258f756a3 |
| SHA512 | 8860e61fe8ae4e67133ec831e0821a600817483a830f6ae728180605a3e2cc62e89133c31698acaa5ee7245fa31b344934dac753af81526a5d5f40a54cb804b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\42cd1f5c126c1a7f_0
| MD5 | 476d29ed175d187583fc4f322a473208 |
| SHA1 | 9cd5b04cce871723b4ffe9143744a98752912926 |
| SHA256 | 0e371c4e98df3be0da8f97473d704f163ad3e5e6a69514ffc5385a0edda4a660 |
| SHA512 | 88a8ee368841338be0b496b684b07df81b10a6db490aed34d3cf32cea2097c037543ed067a4347a48b2eaadb2159a07da607257084fd1f051881e3fa31824d66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\799af28f5b35c24e_0
| MD5 | 7f172d11837bc152417af98122c98b71 |
| SHA1 | 00a6207e78f9d25f2b07dedd5106de82a2b77215 |
| SHA256 | 45f4a95db007a099190c1d29c72f17201ba347890234544b38460b27764c2fdb |
| SHA512 | 3dc334ba03a663992f3322612943513ef077fe29864f372921139ed00baf400e2ecfcabb89f5378ae83053f18e116ac1184632b92932fd43013289863b5bc10b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0b7806ce3d37af63_0
| MD5 | 505c67fab2d71f9f3f3edaf4e41a769d |
| SHA1 | 32160d610aa2c1216754ce280791ef74ed17b359 |
| SHA256 | 00741aae8b80162f1ade5017d7bfc443ebfb89ef4f465b96546d1fd6ca9f1851 |
| SHA512 | c11fd609fdfa3a6e0e58392facc3a145e0e4c1fb79dd2a7b5a6943b8e81837ba123701b4d056d07287794552e6909701b9a5fec127fd96e817073fd3b106a857 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\598814c740e2a69c_0
| MD5 | 4523cda106f191df4ca2d5a0ab78e0ba |
| SHA1 | 67c8bf61a7ce809555325b4b3019c441bcd4993a |
| SHA256 | 66b5ad9f1408d31b8801716807cfda8e302fc11d4da87840617c7685157e967b |
| SHA512 | 41067f9cd2ecbc70305eb4a5f6478cee394a4531028a8d026d7bff8f2b284648f1caa8354f6f20529d08109f01af4caafa897139a05d6e7f40ff5d9409c774c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 46b950a9cc13358fbfb777ef1f542a83 |
| SHA1 | edc78fca00ac52b8b4058433ebd1dd8f9e1d1af2 |
| SHA256 | c914cf0ca5dc669dc89e5a9255d012b23821a7e33008edc472cce1fde4519be1 |
| SHA512 | e65ba057bc418b8f96d5fc1c7dbce9e34463c240d9c63ba7d353dca3ae0072928d853e9a109374b373713622af81453e4770e24a95a803734fef506702a3c5f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\14f8b2b0b724ddc6_0
| MD5 | a408fdf7c3f3c2a142f70a85621d597d |
| SHA1 | a8f19cd55758dd010a583c1b084a0aa108cc392e |
| SHA256 | 13c1bf69fe63aecfd4b82aa68dbae251f9d44f2d2bc4ceee8f4c32ef02f2c083 |
| SHA512 | 8a0815209012845cba7d5e1807e44899caf105b77aeb113da0eb2e4c61feb3797d43d75ef44d23713b662748e30bb05b4730609c5d90b2f2ff1f5294fb7e4cbe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4c455fa5-9609-47e8-9e2b-57f526991cb4\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c74155142693523b_0
| MD5 | e46be4eac692a0f99603773a8b6abea7 |
| SHA1 | 8f72b4fbc4e9e843b9e6e029ed605f6940680744 |
| SHA256 | c35b899dfbbd91fd8d35c1afde49522180652881374c3e93597a50b51bb8e074 |
| SHA512 | 4773c3ff4b08db64ff9dcd9342df1a8fda2b5c9abb2d1c52ec1953271f9f2c1924129d1f88e5bc574d24f3bd5c762e14f3a15a6237a6859eb0f5af4a1e30b055 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7d69a77dec3f285d_0
| MD5 | a8f66eb6d9edeb695654180327e69df1 |
| SHA1 | 15f6fe31d6a330becdb1cc51aa44c98c272cdfa1 |
| SHA256 | 83b77a1a5e63e762c506d2e599e078085d0b3a8efefa83b165932800ee98e9a2 |
| SHA512 | c07ab263664dbd077882f527306d4bec1e57b84f0d895ab9fbeea757ece584741ddda894507cb566b2e07866f9fc66dfc43d153cdce2a26355b9226220491d71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8aa05b2bea09f81e_0
| MD5 | 0b36d18a827ea93f74c4da91b69244f3 |
| SHA1 | 8a1e380cf65c8f0a7beada740a3a641993c8a5aa |
| SHA256 | a6393425512cfe9e7d69375bbb1029b373c8c68e88a820c2a263a0fa33f0da9d |
| SHA512 | 30feeb20f8447fd237e6cd1919b792e1b468d502799a5727ad44992042edabff72226e06245d0b7035a564874e3198aa3e3633defa64bf8445b1153ff15d5d11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | 6608092c979015f7875cf9f92e14924b |
| SHA1 | 9c0ed80c16e02e17738eb1eccc2203f9d6531e1b |
| SHA256 | 05cab22238b127a05d2a6b7972f0bf26f355155e278087adb080e1462b48f8e8 |
| SHA512 | f1772f3d70a08448d15a12fad389b9f28b652d112f187e9183c84b5403ce7fc41e0c6b098a31ed659ae4d2a334b38fa00330ee1febdd6a13c26a6175fa476e4b |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | 2061141f3c490b5b441eff06e816a6c2 |
| SHA1 | d24166db06398c6e897ff662730d3d83391fdaaa |
| SHA256 | 2f1e555c3cb142b77bd72209637f9d5c068d960cad52100506ace6431d5e4bb0 |
| SHA512 | 6b6e791d615a644af9e3d8b31a750c4679e18ef094fea8cd1434473af895b67f8c45a7658bfedfa30cc54377b02f7ee8715e11ee376ed7b95ded9d82ddbd3ccc |
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 330013a714c5dc0c561301adcccd8bc8 |
| SHA1 | 030b1d6ac68e64dec5cbb82a75938c6ce5588466 |
| SHA256 | c22a57cd1b0bdba47652f5457c53a975b2e27daa3955f5ef4e3eaee9cf8d127a |
| SHA512 | 6afb7e55a09c9aac370dff52755b117ad16b4fc6973665fce266ea3a7934edfb65f821f4f27f01f4059adb0cf54cc3a97d5ff4038dc005f51ecee626fd5fadd1 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf
| MD5 | 93b877811441a5ae311762a7cb6fb1e1 |
| SHA1 | 339e033fd4fbb131c2d9b964354c68cd2cf18bd1 |
| SHA256 | b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b |
| SHA512 | 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc
| MD5 | d4d2fd2ce9c5017b32fc054857227592 |
| SHA1 | 7ee3b1127c892118cc98fb67b1d8a01748ca52d5 |
| SHA256 | c4b7144dd50f68ca531568cafb6bb37bf54c5b078fbac6847afa9c3b34b5f185 |
| SHA512 | d2f983dde93099f617dd63b37b8a1039166aaf852819df052a9d82a8407eb299dac22b4ffe8cab48331e695bf01b545eb728bec5d793aeb0045b70ea9ceab918 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d20e479e7d37a68726b4949d091f22f6 |
| SHA1 | 965cbbc805c1f6b62010fcc629c1884f64c42bff |
| SHA256 | 26934f35ee8e12f02a5c39a03236ff8d047877fd2e30b8b94b85e25b4c7f604c |
| SHA512 | 3f48257136dff9efbaf387f91edfc2000dac367e382032e487c1697edbf159ec6d0f769bd465b0b432c2b0f3243bb8398fdf2341feaeaf6db2e56723de903bd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 43b6c8c7bdedf8b8e8fef7cb0cc9bc83 |
| SHA1 | f4189bbfd3cb1113096a2fd574661b3952bfb161 |
| SHA256 | 397f8f87dc058219a445c3e74da358bbf3de47203129dd553ea83dc9a90b39ce |
| SHA512 | 74dd758ac6e338b6fb345df56d5d6ee6156bd9e60f5a9f961a6cc1d1458baf512eb5bd9dca97c2d55f21113ee7e0dfb754aa2bff00e70851c6681ef834f26eb9 |
memory/4820-3670-0x000002457EE20000-0x000002457EE30000-memory.dmp
memory/4820-3654-0x000002457ED20000-0x000002457ED30000-memory.dmp
memory/4820-3689-0x000002457DEA0000-0x000002457DEA2000-memory.dmp
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | b001f88504c8c9973e9a3b4dc03e6d1a |
| SHA1 | a54b3046a70a4f2c792ad6a382b637b599f1dc48 |
| SHA256 | 8ee4cbed114a588e934b5043f95c9c06f40468c2300fa0d1d938d16c1d46a8fd |
| SHA512 | 390e53be657fc35fb2e9f41b76b3b07c161a860d72445a4b1425ca973a6d8c0f32f6de6844719c6e9813e8d949ab65263642dea01c800a00285bd45595bed4d8 |
memory/6852-3712-0x0000000033E50000-0x0000000033E60000-memory.dmp
memory/5220-3718-0x000001FB406C0000-0x000001FB407C0000-memory.dmp
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
memory/5632-3760-0x00000000720A0000-0x000000007278E000-memory.dmp
memory/4316-3775-0x000001D2B42F0000-0x000001D2B42F2000-memory.dmp
memory/4316-3773-0x000001D2B3CD0000-0x000001D2B3CD2000-memory.dmp
memory/4316-3771-0x000001D2B3CB0000-0x000001D2B3CB2000-memory.dmp
memory/4820-3829-0x0000024505800000-0x0000024505801000-memory.dmp
memory/4820-3828-0x00000245057F0000-0x00000245057F1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DO1Z1BGH\favicon[1].ico
| MD5 | ec2c34cadd4b5f4594415127380a85e6 |
| SHA1 | e7e129270da0153510ef04a148d08702b980b679 |
| SHA256 | 128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7 |
| SHA512 | c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2e07dafd5e262c4e231ef2b2acf5d3e7 |
| SHA1 | c4dc822cc75f381f8ffeff660e8b21fab234f42c |
| SHA256 | 8183c4dd08233353d89b9b345fc81b1233b6ab373c9f7ecb8fe4baa4cd2d6e12 |
| SHA512 | 055f3591c14d0cc31f9f6dd9b4ae58ae5820a3a50e458aa1302ac83824c94d311ee275a9ca1b74081592f909abe89ad72a239b92b3c7fa96c736091732505c18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9f3603d76b4b22fbefcd17fa9254609e |
| SHA1 | b192c8b2410121cbf68a5074fc896f0057f13bc7 |
| SHA256 | e7d854b39d958861da08315f41f0408582735d0882683d315c0d0974d65f5486 |
| SHA512 | 41809151203bd267ce9415acff47d6fbe0257fe87a56ea4ef16c9256e8f6281eddad3962602675fc6bdc32862e229c404b453b2bf1947558c1a39349c9755b10 |
memory/6852-3893-0x000000006D680000-0x000000006D6FE000-memory.dmp
memory/6852-3895-0x000000006D5A0000-0x000000006D5F9000-memory.dmp
memory/6852-3894-0x000000006D600000-0x000000006D67A000-memory.dmp
memory/6852-3896-0x000000006CD00000-0x000000006D2A6000-memory.dmp
memory/6852-3897-0x0000000069970000-0x000000006B36B000-memory.dmp