Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
03/09/2024, 22:41
240903-2mjg9szhkh 103/09/2024, 22:36
240903-2h7djaygmp 303/09/2024, 19:45
240903-ygjdjawerd 303/09/2024, 19:41
240903-yd6dwsweld 503/09/2024, 17:36
240903-v6kfcasbpq 511/08/2024, 17:42
240811-v988wazdrj 511/08/2024, 17:24
240811-vytn2stdrc 528/07/2024, 18:08
240728-wrcbvszhqh 8Analysis
-
max time kernel
1080s -
max time network
1086s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
28/07/2024, 18:08
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.bluestacks.com/es/index.html
Resource
win10v2004-20240709-en
General
-
Target
https://www.bluestacks.com/es/index.html
Malware Config
Signatures
-
Creates new service(s) 2 TTPs
-
Downloads MZ/PE file
-
Manipulates Digital Signatures 1 TTPs 64 IoCs
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadSignature" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\FuncName = "WVTAsn1SpcLinkEncode" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.3\DefaultId = "{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.3\DefaultId = "{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCheckCert" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCheckCert" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2011\FuncName = "WVTAsn1SealingSignatureAttributeEncode" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2012\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoDecode" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeDecode" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.15\Dll = "WINTRUST.DLL" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoDecode" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2004\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009\FuncName = "WVTAsn1SpcLinkEncode" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2012\FuncName = "WVTAsn1SealingTimestampAttributeEncode" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubAuthenticode" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataEncode" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2223\FuncName = "WVTAsn1CatMemberInfo2Encode" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverInitializePolicy" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.1.1\FuncName = "DecodeAttrSequence" regsvr32.exe -
Possible privilege escalation attempt 6 IoCs
pid Process 5064 icacls.exe 6484 takeown.exe 3836 icacls.exe 5068 takeown.exe 1876 icacls.exe 1572 takeown.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 23 IoCs
pid Process 4140 LDPlayer9_ens_10080_ld.exe 436 LDPlayer.exe 5304 dnrepairer.exe 5932 dismhost.exe 6436 Ld9BoxSVC.exe 3732 driverconfig.exe 3084 dnplayer.exe 2104 Ld9BoxSVC.exe 3628 vbox-img.exe 3400 vbox-img.exe 448 vbox-img.exe 6348 Ld9BoxHeadless.exe 7024 Ld9BoxHeadless.exe 6288 Ld9BoxHeadless.exe 1016 Ld9BoxHeadless.exe 1368 Ld9BoxHeadless.exe 4340 dnplayer.exe 5212 Ld9BoxSVC.exe 6468 Ld9BoxHeadless.exe 5784 Ld9BoxHeadless.exe 5532 Ld9BoxHeadless.exe 2000 Ld9BoxHeadless.exe 776 Ld9BoxHeadless.exe -
Loads dropped DLL 64 IoCs
pid Process 4140 LDPlayer9_ens_10080_ld.exe 4140 LDPlayer9_ens_10080_ld.exe 4140 LDPlayer9_ens_10080_ld.exe 5304 dnrepairer.exe 5304 dnrepairer.exe 5304 dnrepairer.exe 5304 dnrepairer.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 5932 dismhost.exe 6436 Ld9BoxSVC.exe 6436 Ld9BoxSVC.exe 6436 Ld9BoxSVC.exe 6436 Ld9BoxSVC.exe 6436 Ld9BoxSVC.exe 6436 Ld9BoxSVC.exe 6436 Ld9BoxSVC.exe 6436 Ld9BoxSVC.exe 6436 Ld9BoxSVC.exe 6436 Ld9BoxSVC.exe 6312 regsvr32.exe 6312 regsvr32.exe 6312 regsvr32.exe 6312 regsvr32.exe 6312 regsvr32.exe 6312 regsvr32.exe 6312 regsvr32.exe 6312 regsvr32.exe 6312 regsvr32.exe 6312 regsvr32.exe 748 regsvr32.exe 748 regsvr32.exe 748 regsvr32.exe 748 regsvr32.exe 748 regsvr32.exe 748 regsvr32.exe 748 regsvr32.exe 748 regsvr32.exe 748 regsvr32.exe 6172 regsvr32.exe 6172 regsvr32.exe 6172 regsvr32.exe 6172 regsvr32.exe 6172 regsvr32.exe 6172 regsvr32.exe 6172 regsvr32.exe 6172 regsvr32.exe 3220 regsvr32.exe -
Modifies file permissions 1 TTPs 6 IoCs
pid Process 6484 takeown.exe 3836 icacls.exe 5068 takeown.exe 1876 icacls.exe 1572 takeown.exe 5064 icacls.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 655 discord.com 658 discord.com -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\ldplayer9box\VBoxStub.exe dnrepairer.exe File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.inf dnrepairer.exe File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.inf dnrepairer.exe File created C:\Program Files\ldplayer9box\loadall.cmd dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxGuestPropSvc.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxNetDHCP.exe dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxRT.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxSDL.exe dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\api-ms-win-crt-runtime-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf.inf dnrepairer.exe File created C:\Program Files\ldplayer9box\Qt5OpenGL.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\regsvr32_x64.exe dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l2-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-utility-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\tstAnimate.exe dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-errorhandling-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\dasync.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\msvcr120.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\vccorlib140.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\api-ms-win-core-handle-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxVMM.dll dnrepairer.exe File opened for modification C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\GLES_V2_utils2.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-string-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\api-ms-win-crt-environment-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxDbg.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\concrt140.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxAuth.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxAutostartSvc.exe dnrepairer.exe File created C:\Program Files\ldplayer9box\api-ms-win-core-errorhandling-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\api-ms-win-core-heap-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\api-ms-win-crt-multibyte-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\vccorlib140.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\libeay32.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\NetLwfInstall.exe dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\vcruntime140.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\Ld9BoxDDR0.r0 dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxAuthSimple.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxSupLib.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\Qt5WinExtras.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-string-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\api-ms-win-core-string-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\VirtualBoxVM.exe dnrepairer.exe File created C:\Program Files\ldplayer9box\api-ms-win-core-processenvironment-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\GLES_CM.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\ucrtbase.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\Ld9VMMR0.r0 dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxEFI32.fd dnrepairer.exe File created C:\Program Files\ldplayer9box\dasync.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\msvcr100.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxDTrace.exe dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxInstallHelper.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-debug-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\api-ms-win-core-datetime-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.cat dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\VBoxNetNAT.exe dnrepairer.exe File created C:\Program Files\ldplayer9box\api-ms-win-crt-utility-l1-1-0.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\platforms\qminimal.dll dnrepairer.exe File created C:\Program Files\ldplayer9box\regsvr32_x86.exe dnrepairer.exe File created C:\Program Files\ldplayer9box\USBInstall.exe dnrepairer.exe File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-interlocked-l1-1-0.dll dnrepairer.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\Logs\DISM\dism.log dism.exe File opened for modification C:\Windows\Logs\DISM\dism.log dismhost.exe -
Launches sc.exe 11 IoCs
Sc.exe is a Windows utlilty to control services on the system.
pid Process 6076 sc.exe 4572 sc.exe 3244 sc.exe 5688 sc.exe 5852 sc.exe 1352 sc.exe 6448 sc.exe 1072 sc.exe 7092 sc.exe 1248 sc.exe 3604 sc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 42 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language takeown.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language icacls.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language driverconfig.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dnrepairer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dism.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language LDPlayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language takeown.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dnplayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language icacls.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language icacls.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language takeown.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dnplayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language LDPlayer9_ens_10080_ld.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 dnplayer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString dnplayer.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 dnplayer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString dnplayer.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Kills process with taskkill 4 IoCs
pid Process 6096 taskkill.exe 6396 taskkill.exe 6728 taskkill.exe 6312 taskkill.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" dnplayer.exe Set value (int) \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" dnplayer.exe Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION dnplayer.exe Set value (int) \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" dnplayer.exe Set value (int) \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" dnplayer.exe Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION dnplayer.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133666639967595692" chrome.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0002-4B81-0077-1DCB004571BA}\ = "IDHCPConfig" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DAD4-4496-85CF-3F76BCB3B5FA}\ = "ISnapshot" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00C2-4484-0077-C057003D9C90}\ = "IInternalMachineControl" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3 Ld9BoxSVC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\ = "IFile" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-394D-44D3-9EDB-AF2C4472C40A}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\ = "IFile" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.ldbk\Shell\Open LDPlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\TypeLib Ld9BoxSVC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\NumMethods Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2E88-4436-83D7-50F3E64D0503} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1}\ = "INATNetworkStartStopEvent" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED}\ = "IConsole" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7193-426C-A41F-522E8F537FA0}\ProxyStubClsid32 Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-b4a4-44ce-85a8-127ac5eb59dc} Ld9BoxSVC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\ = "IDnDTarget" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FD1C-411A-95C5-E9BB1414E632}\NumMethods\ = "23" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7997-4595-A731-3A509DB604E5}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00A7-4104-0009-49BC00B2DA80}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\ProxyStubClsid32 Ld9BoxSVC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-f1f8-4590-941a-cdb66075c5bf} Ld9BoxSVC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0547-448E-BC7C-94E9E173BF57}\TypeLib\Version = "1.3" Ld9BoxSVC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D612-47D3-89D4-DB3992533948}\TypeLib\Version = "1.3" Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\TypeLib Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3CF5-4C0A-BC90-9B8D4CC94D89}\ProxyStubClsid32 Ld9BoxSVC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}\TypeLib\Version = "1.3" Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6}\ProxyStubClsid32 Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}\ProxyStubClsid32 Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\ProxyStubClsid32 Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\NumMethods Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\ = "IGuestFile" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8}\TypeLib Ld9BoxSVC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7193-426C-A41F-522E8F537FA0}\TypeLib\Version = "1.3" Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5}\NumMethods Ld9BoxSVC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\NumMethods\ = "16" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4430-499F-92C8-8BED814A567A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}\NumMethods Ld9BoxSVC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-762E-4120-871C-A2014234A607}\ = "ICloudProviderManager" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573}\ = "IVirtualBoxClient" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-762E-4120-871C-A2014234A607}\NumMethods Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6e0b-492a-a8d0-968472a94dc7} Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\VersionIndependentProgID Ld9BoxSVC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3618-4EBC-B038-833BA829B4B2}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CD54-400C-B858-797BCB82570E} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2354-4267-883F-2F417D216519}\ = "IVetoEvent" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-486F-40DB-9150-DEEE3FD24189}\NumMethods regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5}\NumMethods\ = "26" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\TypeLib Ld9BoxSVC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}\TypeLib\Version = "1.3" Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-34B8-42D3-ACFB-7E96DAF77C22}\NumMethods Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-808E-11E9-B773-133D9330F849}\ProxyStubClsid32 Ld9BoxSVC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FD1C-411A-95C5-E9BB1414E632} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2354-4267-883F-2F417D216519}\NumMethods\ = "18" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-486F-40DB-9150-DEEE3FD24189}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\ProxyStubClsid32 regsvr32.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 929600.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 95415.crdownload:SmartScreen msedge.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 56 IoCs
pid Process 1380 msedge.exe 1380 msedge.exe 3740 msedge.exe 3740 msedge.exe 4128 chrome.exe 4128 chrome.exe 4856 identity_helper.exe 4856 identity_helper.exe 6856 msedge.exe 6856 msedge.exe 6540 msedge.exe 6540 msedge.exe 5164 msedge.exe 5164 msedge.exe 4140 LDPlayer9_ens_10080_ld.exe 4140 LDPlayer9_ens_10080_ld.exe 4140 LDPlayer9_ens_10080_ld.exe 4140 LDPlayer9_ens_10080_ld.exe 4140 LDPlayer9_ens_10080_ld.exe 4140 LDPlayer9_ens_10080_ld.exe 5560 msedge.exe 5560 msedge.exe 5560 msedge.exe 5560 msedge.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 436 LDPlayer.exe 436 LDPlayer.exe 436 LDPlayer.exe 436 LDPlayer.exe 436 LDPlayer.exe 436 LDPlayer.exe 436 LDPlayer.exe 436 LDPlayer.exe 5304 dnrepairer.exe 5304 dnrepairer.exe 5916 powershell.exe 5916 powershell.exe 5916 powershell.exe 2984 powershell.exe 2984 powershell.exe 2984 powershell.exe 6108 powershell.exe 6108 powershell.exe 6108 powershell.exe 436 LDPlayer.exe 436 LDPlayer.exe 4140 LDPlayer9_ens_10080_ld.exe 4140 LDPlayer9_ens_10080_ld.exe 3084 dnplayer.exe 3084 dnplayer.exe 3084 dnplayer.exe 3084 dnplayer.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 3084 dnplayer.exe 4340 dnplayer.exe -
Suspicious behavior: LoadsDriver 11 IoCs
pid Process 660 Process not Found 660 Process not Found 660 Process not Found 660 Process not Found 660 Process not Found 660 Process not Found 660 Process not Found 660 Process not Found 660 Process not Found 660 Process not Found 660 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs
pid Process 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 4128 chrome.exe 4128 chrome.exe 3740 msedge.exe 3740 msedge.exe 4128 chrome.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe -
Suspicious use of SendNotifyMessage 51 IoCs
pid Process 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 3084 dnplayer.exe 3084 dnplayer.exe 4340 dnplayer.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 4140 LDPlayer9_ens_10080_ld.exe 436 LDPlayer.exe 5304 dnrepairer.exe 6436 Ld9BoxSVC.exe 3732 driverconfig.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3740 wrote to memory of 4404 3740 msedge.exe 85 PID 3740 wrote to memory of 4404 3740 msedge.exe 85 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 348 3740 msedge.exe 87 PID 3740 wrote to memory of 1380 3740 msedge.exe 88 PID 3740 wrote to memory of 1380 3740 msedge.exe 88 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89 PID 3740 wrote to memory of 1696 3740 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bluestacks.com/es/index.html1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3740 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd1f746f8,0x7ffdd1f74708,0x7ffdd1f747182⤵PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:2664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:12⤵PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:12⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:12⤵PID:5400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 /prefetch:82⤵PID:5560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵PID:5360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:5284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:12⤵PID:6100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:12⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:12⤵PID:1984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6528 /prefetch:82⤵PID:5720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:12⤵PID:5188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:12⤵PID:5160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7256 /prefetch:82⤵PID:6348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:12⤵PID:6460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:12⤵PID:6744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:12⤵PID:6824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:12⤵PID:6832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7744 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:12⤵PID:5776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7616 /prefetch:82⤵PID:5384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7592 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:12⤵PID:6864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:12⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:12⤵PID:7120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:12⤵PID:6328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:12⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6568 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5164
-
-
C:\Users\Admin\Downloads\LDPlayer9_ens_10080_ld.exe"C:\Users\Admin\Downloads\LDPlayer9_ens_10080_ld.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4140 -
C:\Windows\SysWOW64\taskkill.exe"taskkill" /F /IM dnplayer.exe /T3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:6096
-
-
C:\Windows\SysWOW64\taskkill.exe"taskkill" /F /IM dnmultiplayer.exe /T3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:6396
-
-
C:\Windows\SysWOW64\taskkill.exe"taskkill" /F /IM dnmultiplayerex.exe /T3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:6728
-
-
C:\Windows\SysWOW64\taskkill.exe"taskkill" /F /IM bugreport.exe /T3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:6312
-
-
C:\LDPlayer\LDPlayer9\LDPlayer.exe"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=10080 -language=en -path="C:\LDPlayer\LDPlayer9\"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:436 -
C:\LDPlayer\LDPlayer9\dnrepairer.exe"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=4594304⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5304 -
C:\Windows\SysWOW64\net.exe"net" start cryptsvc5⤵
- System Location Discovery: System Language Discovery
PID:916 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 start cryptsvc6⤵
- System Location Discovery: System Language Discovery
PID:1972
-
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" Softpub.dll /s5⤵
- Manipulates Digital Signatures
- System Location Discovery: System Language Discovery
PID:4988
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" Wintrust.dll /s5⤵
- Manipulates Digital Signatures
- System Location Discovery: System Language Discovery
PID:5864
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" Initpki.dll /s5⤵
- System Location Discovery: System Language Discovery
PID:2624
-
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32" Initpki.dll /s5⤵
- System Location Discovery: System Language Discovery
PID:3220
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" dssenh.dll /s5⤵
- System Location Discovery: System Language Discovery
PID:3828
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" rsaenh.dll /s5⤵
- System Location Discovery: System Language Discovery
PID:3088
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" cryptdlg.dll /s5⤵
- Manipulates Digital Signatures
- System Location Discovery: System Language Discovery
PID:6324
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y5⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:5068
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t5⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:1876
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"5⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:1572
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t5⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:5064
-
-
C:\Windows\SysWOW64\dism.exeC:\Windows\system32\dism.exe /Online /English /Get-Features5⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5564 -
C:\Users\Admin\AppData\Local\Temp\FE5D6A1C-76FD-4BB7-88E1-E0A8BBAB2D55\dismhost.exeC:\Users\Admin\AppData\Local\Temp\FE5D6A1C-76FD-4BB7-88E1-E0A8BBAB2D55\dismhost.exe {17032388-2568-42F6-9091-9DA4B7BACD10}6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:5932
-
-
-
C:\Windows\SysWOW64\sc.exesc query HvHost5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:7092
-
-
C:\Windows\SysWOW64\sc.exesc query vmms5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:5852
-
-
C:\Windows\SysWOW64\sc.exesc query vmcompute5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:1352
-
-
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:6436
-
-
C:\Windows\SYSTEM32\regsvr32.exe"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s5⤵
- Loads dropped DLL
PID:6312
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s5⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:748
-
-
C:\Windows\SYSTEM32\regsvr32.exe"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s5⤵
- Loads dropped DLL
- Modifies registry class
PID:6172
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s5⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3220
-
-
C:\Windows\SysWOW64\sc.exe"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:6448
-
-
C:\Windows\SysWOW64\sc.exe"C:\Windows\system32\sc" start Ld9BoxSup5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:1072 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵PID:2624
-
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow5⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5916
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow5⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2984
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow5⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:6108
-
-
-
C:\LDPlayer\LDPlayer9\driverconfig.exe"C:\LDPlayer\LDPlayer9\driverconfig.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3732
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:6484
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:3836
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d3⤵PID:6708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdd1f746f8,0x7ffdd1f74708,0x7ffdd1f747184⤵PID:6080
-
-
-
C:\LDPlayer\LDPlayer9\dnplayer.exe"C:\LDPlayer\LDPlayer9\\dnplayer.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:3084 -
C:\Windows\SysWOW64\sc.exesc query HvHost4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:1248
-
-
C:\Windows\SysWOW64\sc.exesc query vmms4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:6076
-
-
C:\Windows\SysWOW64\sc.exesc query vmcompute4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:4572
-
-
C:\Program Files\ldplayer9box\vbox-img.exe"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb000000004⤵
- Executes dropped EXE
PID:3628
-
-
C:\Program Files\ldplayer9box\vbox-img.exe"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-0000000000004⤵
- Executes dropped EXE
PID:3400
-
-
C:\Program Files\ldplayer9box\vbox-img.exe"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-0000000000004⤵
- Executes dropped EXE
PID:448
-
-
C:\LDPlayer\LDPlayer9\dnplayer.exe"C:\LDPlayer\LDPlayer9\dnplayer.exe" index=0|4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:4340 -
C:\Windows\SysWOW64\sc.exesc query HvHost5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:3604
-
-
C:\Windows\SysWOW64\sc.exesc query vmms5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:3244
-
-
C:\Windows\SysWOW64\sc.exesc query vmcompute5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:5688
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4656 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:12⤵PID:4196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:12⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9152 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:12⤵PID:5132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:12⤵PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9212 /prefetch:12⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵PID:6912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:6164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:12⤵PID:6404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15127428520550676074,13644732997919724536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵PID:1488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4128 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffdc0abcc40,0x7ffdc0abcc4c,0x7ffdc0abcc582⤵PID:1444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,810369034402793990,1691521091929468214,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1764 /prefetch:22⤵PID:4156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,810369034402793990,1691521091929468214,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2196 /prefetch:32⤵PID:3580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,810369034402793990,1691521091929468214,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2548 /prefetch:82⤵PID:3720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,810369034402793990,1691521091929468214,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:4320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,810369034402793990,1691521091929468214,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:4364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3488,i,810369034402793990,1691521091929468214,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3820 /prefetch:12⤵PID:5340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4896,i,810369034402793990,1691521091929468214,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4908 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:4572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5048,i,810369034402793990,1691521091929468214,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5116 /prefetch:82⤵PID:3972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,810369034402793990,1691521091929468214,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5104 /prefetch:82⤵PID:3808
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:872
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3976
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:2932
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:5508
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2c8 0x3a01⤵PID:3092
-
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding1⤵
- Executes dropped EXE
- Modifies registry class
PID:2104 -
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config2⤵
- Executes dropped EXE
PID:6348
-
-
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config2⤵
- Executes dropped EXE
PID:7024
-
-
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config2⤵
- Executes dropped EXE
PID:6288
-
-
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config2⤵
- Executes dropped EXE
PID:1016
-
-
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config2⤵
- Executes dropped EXE
PID:1368
-
-
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding1⤵
- Executes dropped EXE
- Modifies registry class
PID:5212 -
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config2⤵
- Executes dropped EXE
PID:6468
-
-
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config2⤵
- Executes dropped EXE
PID:5784
-
-
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config2⤵
- Executes dropped EXE
PID:5532
-
-
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config2⤵
- Executes dropped EXE
PID:2000
-
-
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config2⤵
- Executes dropped EXE
PID:776
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD550260b0f19aaa7e37c4082fecef8ff41
SHA1ce672489b29baa7119881497ed5044b21ad8fe30
SHA256891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA5126f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d
-
Filesize
947KB
MD550097ec217ce0ebb9b4caa09cd2cd73a
SHA18cd3018c4170072464fbcd7cba563df1fc2b884c
SHA2562a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058
-
Filesize
91B
MD594d32acb6b099c7a87c8aba12546a59b
SHA118c98b6ca1f9b4dba44e859e088abace95303ee0
SHA25629695f4af54d611adb6e12f41c8a23398cbcdfcbdb02d19df40213886ac5b8fb
SHA51228955fe59441755879f8f98df386947d5eec5bd1b64113d2e1fd04ae6628900b1155d35f810df576d4de6a030b9b1f9bb7a6b1e94a6c5a9f699173bbd3f9af6d
-
Filesize
1.2MB
MD56ca6b280f663ae36cba09380da45732a
SHA1ba8a8236248405e079b70e586268187f75f67191
SHA256acb586bb385c35ae37ce1727d0f032d54a472e521e9947197bd7c0bf023fc394
SHA512aeda05f386920b897a03f8429727a7cdd02817e4ab6c6de51b0b25b01a1c0e62cd772e40f4c957c3cfd1ba06c499217c398e5b8ca35e076d8e739ee60678d37c
-
Filesize
3.6MB
MD522ecb3a1881e87d1aac0b5eebc344e3b
SHA1d3838c6afde16a5142886814d1c257f5b6f32372
SHA256d538fce490ee03ab69d3f7362172282a311d6bf7037f2fa156fa37a5dbfe3185
SHA512355b55f3aebc40a4ca0ba4bb7492aeae2ab9e8838e2b4d7212d6f11c0db5db3240244a8fa434791a37b8d6c130df7986f3e265441fac29628a56f962950f4f37
-
Filesize
41.9MB
MD5e7e90b0a5ca7e0c80d7baa3f18e3e9f0
SHA1167a7f8a8028ffdc38aa5e2da68244c774426403
SHA2568df63a6dcdb991f40dccdf1dcd0008b35a33ba4bf67a108dca016610543d730f
SHA5121eb0a3409337c5460046d3138155e6924dc3fa7abff6f05d9e976ce43d7c66928026f814d19c3eca68f89c040e9bf73f70df4cfa7186716d55607421a5f817ff
-
Filesize
17.4MB
MD593b877811441a5ae311762a7cb6fb1e1
SHA1339e033fd4fbb131c2d9b964354c68cd2cf18bd1
SHA256b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b
SHA5127f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4
-
Filesize
103KB
MD54acd5f0e312730f1d8b8805f3699c184
SHA167c957e102bf2b2a86c5708257bc32f91c006739
SHA25672336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA5129982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837
-
Filesize
652KB
MD5ad9d7cbdb4b19fb65960d69126e3ff68
SHA1dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7
-
Filesize
1.5MB
MD566df6f7b7a98ff750aade522c22d239a
SHA1f69464fe18ed03de597bb46482ae899f43c94617
SHA25691e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA51248d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e
-
Filesize
5.0MB
MD585e3c7e40ab9e6c388340e47f7929bd0
SHA16f182153ede12b5886293d9cf44f2fe2646598a1
SHA256fcc47f1584ba87e2cf2c689072c27d03a901e171c01843cc9451a977b1a1805b
SHA51295898b4014cbddbf38a9edc2971c6df8d252bb8b51ec62282a8f6819cc0b69b5a19fd27a0123e1360e15a006fefda8fb49600c84b97e1b9f480a753e4562c498
-
Filesize
2.0MB
MD501c4246df55a5fff93d086bb56110d2b
SHA1e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA51239524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196
-
Filesize
442KB
MD52d40f6c6a4f88c8c2685ee25b53ec00d
SHA1faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA2561d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA5124e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779
-
Filesize
1.2MB
MD5ba46e6e1c5861617b4d97de00149b905
SHA14affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA2562eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6
-
Filesize
192KB
MD552c43baddd43be63fbfb398722f3b01d
SHA1be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA2568c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA51204cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28
-
Filesize
511KB
MD5e8fd6da54f056363b284608c3f6a832e
SHA132e88b82fd398568517ab03b33e9765b59c4946d
SHA256b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA5124f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b
-
Filesize
522KB
MD53e29914113ec4b968ba5eb1f6d194a0a
SHA1557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA51275078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43
-
Filesize
854KB
MD54ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA152693d4b5e0b55a929099b680348c3932f2c3c62
SHA256b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA51282e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6
-
Filesize
283KB
MD50054560df6c69d2067689433172088ef
SHA1a30042b77ebd7c704be0e986349030bcdb82857d
SHA25672553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0
-
Filesize
35.1MB
MD54d592fd525e977bf3d832cdb1482faa0
SHA1131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77
-
Filesize
35.1MB
MD5954a44aec064119124582f8c746bb9d1
SHA1f1dfe52a9c640292fa8faa59c5f8c20a49403ea7
SHA256fe5dbee0f1176ba7c25030a38f701fefd57e7c34c05ad3736105a316bf342d57
SHA5127b279748fbe9f36ade4f34baa988310c2bf88afb5b61d3ce79102db2b06c909285fb9e76c4fda052bdb9f620faabda251105b0d430862bafd9f9f19d0d68a798
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
Filesize1KB
MD5723387a3b324d35a5b14f44ec676af09
SHA19cdfbd5d014f87142489a852188fbac95e79e2e6
SHA256bcb9706d826f113328df22eea2d4fd48a7afc300315a6fb6f790cfdc4fadb43d
SHA512b51edbb33b2ab323a7e766d787d244b2cb21e778e5b73a86604c6a70c52389ae9a674c071d40f776b265c7721c55ade4e467e251f8da6db4a7c0fe604e24656d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize2KB
MD5ccc32fcc29d30e4da7af5767a9996fcf
SHA13cf0614e89cf6dad6f7623bce203b6b966560548
SHA25699f2544123482087527df9102075d8f60e5e9cd77dd9677339b9f5fb45d63bc4
SHA512be30abab00c71bb36bbbcb757e345433a14eb34c745105ca73b2d71e1a5f35bf09ad96d84deda22089aa80a5544fa5ee6f3d4a99d24ccf19c35f5094ee9969e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
Filesize1KB
MD51718475a6da185ce4950c473f57798f1
SHA1f91162896e913a4cc69bb68d447d9ec14bedb9de
SHA2563614ef3d5218a3d939c8fa6af75bcd320760da1cae67d343be2e225a00be1c84
SHA5122aa40d8dd2ec7be953a590057db09f300013093903b2e965da7e55ead596a40464158a4fb1c24fb778cf7d407e3bee3c33130ed8066085b38dae8fcf1418bb3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
Filesize438B
MD52436675252f541387e415cca80fa9ff2
SHA1aa4f18767553bab18c929848063ad583e0f7799e
SHA2569fb55202daf6259a83407644b4f1b8d33912cf001891973bc746ed06bb3cfbaa
SHA512e318a691f313a1b4509117053f7c05c7320d2d7685e46be9422102c5de6288824ef15c5e3d701c4cecaabafbaa96e49ad94dee8c2efac648d1ee24af8cfa2f08
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize458B
MD5a2d473249a42785712e38a473a00217d
SHA1f43aa04893af9c8fe1618f63cc57bfeccdeb8c10
SHA25669f63b9a243f270e11cfd2377d0d4f8539bb3d80ee2e28fdf55d7af1e1dfc364
SHA5120d113873a59c063e518ecfde1c1d83474ca4e0790b9f114ace2343d61960cf659a4a95352a1d3baa3e3ef746049af8f52cae48193d0b99bbce2c2c1b0d33c5d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
Filesize432B
MD51222a02d55e6a191f2f48a116d056618
SHA15dd1fe070d426f6abbf01c5006799c887376a99b
SHA256625d50f4740d5294bbb731fc29aa71c6d8a14a9ac5d8a2557552e7df3bc5105d
SHA512fa7e1fadc54e3ddfb1904cc65fcab6cc65ddd084e27eaa46f128e895a8392222512d30344a2d727a8df589927ead0343d311cd72641c2dec5841562417c14737
-
Filesize
649B
MD5adce816924b623ddf8de01a5bc89c3c1
SHA1a3d0559b3a2be8f25fb5eb0e0911ba20d30e4841
SHA2561647cb0746e9b354b97bdec4ffe0ec3cd945c062af74d0f008d780bfed2d4d77
SHA5120ff806158ad5a58444b0da938b7d993bed385f649ab096b6443e693a19946ee41c5bdbe25251600599891a37955eb2eccb50daea19aa5915f99a17188f2416a9
-
Filesize
1KB
MD5c44699684766aee06d08c18a99564b14
SHA1460c9e869f2a7ba692236562af183236c76480bf
SHA25642ab057690aaf6a921df3754b0b710dc64d9e6e861474a222eaa1e9f849e1d6c
SHA5126b52ea30fd2d73f9d19f1e32092d826450bef0c971a5ae979e0d331198cef0c50ec6d07213dfc95ccec72fc729a68c2868c5ca39458bf348b11fc385430cc770
-
Filesize
1KB
MD5a53a42ebde8c9787b81520cc30752cba
SHA14a6068619bae8bebcdbb532a28f140cebf813f8b
SHA256d0df2270be100de53f2d39f3faa9b135e89b57c5ee7d91bcabec391970106467
SHA512762d9c94577e415f0ea59ac1424158e30e91fbb55d6e036e683cc30dae08a8a7f1054272f7454864b69576c8d54f486e508f483dc96d29539854bd914b24657b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5e1b894b626ecda488a96ec4dfe42baac
SHA12dfa1f3c814156af7cf2f48e091a89348e53c313
SHA2566707bc18f3d6536d0f3d8cc583ed8055e391e2a37a2710be236c1adb7135413d
SHA512095f000a081c023013bfb1ae270eee81328b205e9d827a5730e03d1cee4a2296e5dbba67a3313caefbd28dfb0398f166c2eec4f64e5fba233e73d121ed4b550e
-
Filesize
9KB
MD5d37be2f33125d9c6fb93b39533bd2559
SHA13d9bb3b62b161fa2f9de2e493b90676f6ffad69d
SHA2563bf6dbc9e3b3399cde262d0c92d305a225f000eadac159650e67d3f7a2aae744
SHA5129ac24d64041b6caebcc953bf9c3f0c2fc5a3ebd68c9f7c842e14dbc7b281d5d643dfb95f407e5896cc9b3d289f63e032fcfa4dc242db59a6350de37dc5df5bc9
-
Filesize
9KB
MD5f61e7e6f3e44ff65703b3132fc0d72c7
SHA1e074df0cca6424412c597cce60da878d092b11d5
SHA256c39018025691798515b9891b85093616f35a0c2034b9361d78c3d4c9783b9fa8
SHA512d3d3cd0be8e2cb2e72e78fefd7ff83d8b8aa56203afdd41a55f121375481f3c497971f89eb90baa47fbe08f2fa0aef1b92546c2cae009da79477c0e0f304c34a
-
Filesize
9KB
MD5c39434108de9c76111c0f0024772cb8a
SHA145b43ee70c4f3c3132eefb6747e5d8f7473ba366
SHA256e27d561a72d0113612e878e7e9f28c04dede5edff7196e8c4dab9797aff0a4ac
SHA512cb43e40a34a1e19fea3cd9a099bbab84ca84ef7bc477ae15c8825a43292ea31d4e06182732d066c8506bb36f039c6d5b29b5a2a54a2cf12d6b148b31fb3fb184
-
Filesize
8KB
MD571bab89620b4b8537a9171d6d52e4334
SHA1245b6b78731b334ea4573f207d41e78a96adf2c5
SHA256de744acf27141835de3d0d1d5e36b927e285f1a34e42ba75e9fdbb4413d56775
SHA51255bc4b1cf9c06c031f9df68f9d306bc1508d54657a90be08783402cf8acb09a9f6ad6e83eb135f4110934cf371381b5a35b6df26379cc28e112f1383fce21e6b
-
Filesize
8KB
MD59523dc58daa0b9248f975533efffe01d
SHA1f574189d0f4c61d6386381daf963154d737651c0
SHA2566a22be2dcfb15cc341aa2b16c9668c43f27e9c50b860ad3a099dbcdf9a479c48
SHA51291629778d11446e168dafa86d9dbbfe5227192bcc14ad6d808e5f7403f1ce1bf30afd3aac5c9e35298c4430bba1d91d1f08b470df31e0ee6c796f2b047292a14
-
Filesize
9KB
MD55b0a52dea3d58043025093f7b7d4a19a
SHA10821e6c67b46bdf2ca86b8c9d789066874712bfb
SHA256eab8342ee0d84b9b3caa1b5b6a61e471ab8c9fd747331e17302c0b43848de7eb
SHA5120a8a5db94b4d3778a7cbf6cbdc209fd9d7d57bce2b9c1145e9e0f25b5b6a3d8d382f598a9abe1ece0c186909b3fb96646880d7faa2d951148c350c6cd2c7a30a
-
Filesize
9KB
MD59b56fff60f4a179f22c962f4fd6b7a6c
SHA19b05191e04952ad797aa30463a7fe8a1e2ec9526
SHA2560e970ebe35e325a81194e7070c01bf40b22c61ff833cdefb824d56b81a8f8d9c
SHA51236dd34f1d01916fd965cf607e236139f808abdee036a483bc9b1e4d5441f2c744087a2ab360b359e8a5103708469c65b28041972b8d697d6a21f7c99783e78ef
-
Filesize
9KB
MD53c5d1ec772eac326d8cc06d176839f07
SHA14a370aa485122569f26bd67429bf99a87a0645db
SHA2563b094b77b374aac294b4578ac06439fbe4069f6a52b5582800f3335f1bd7ecd8
SHA512953d198d1a777095a9d0ae2230ae4476564e6e6c1a51b5ad63bf83f919dc8fc812f8a4c957edf6e3df7549239aaee0308b3cfb9b23773865f678c04c40179795
-
Filesize
9KB
MD54996b1335bbb5e47e65d1f046657182e
SHA1b9a9149c8cfa55cd92e174e42dd4f17c2feca95c
SHA256a6386c095f6de53468c2dc4220558587892cd61281e1c2172a7c8002d01b8f06
SHA512ec53e85cc0740301c556c711470f9b256b062df262f0128ab531ffc53d7b96188d8ed523d2625a186fafaac114ccad1bf271300abc0821dc2f4fd3aa3ffef6d2
-
Filesize
9KB
MD57c4c512d14248dce6423a0c2ffa4e938
SHA174f301a847b72ad8a5ccd2baa57481068b22d195
SHA256a16d4b604c037f8744603b1f52b2960acfb0eeafb583909da64d3c6f0029efa2
SHA5129ee19e71dbc4329ea8a9f5381204f804ef814556a967f0f1da454db1d953154a8a09d2b96a7e49bc435cba550bdf262ab705c22003a141338aeecb35b9dc3490
-
Filesize
9KB
MD5ec12a433a390309551c782e3fabda659
SHA1c7b71f82521ef84a06a8a4e6d78e556f78f497ad
SHA256c13787b9833f75bad36126a08473ed97eb192e175919de877583be5f2c1ab82e
SHA5122355012b097a33f0f96c950748022980f2c1d6e4a7ff5225b12970c06fe7823dcec62e1c2c2d4556b9ded3517ca437f72b80e7350304c062b4aae4ac956dcf00
-
Filesize
9KB
MD5f9b3cced3f77914b8a65e226eb3a90c7
SHA1f69a7da1de0dae65b917bdd453c48fca61085f20
SHA25682ad1460faa494f829c2bc2f010aa125e99cd9800dfb8cda42ae41e5a14bff48
SHA512c9bd908cdaec3c985bfbd77d2bde6602b16b9be73037c6cbcebb4dc95fdcaa1d3edad7eec9d3aa890d615cda5e5a75119740dd4ef6ead99bdbac6030b8f33352
-
Filesize
9KB
MD5af92b6fd7e5445c295862553709dde3c
SHA145cbfb866e7cbcf2afe78e6e08681a9aa7e70271
SHA256107ca5d9061f1f0abe256bfc6396c4b4e2514214ed8a31e2d57978befe099028
SHA512996ab9bea5dbaa53f024b3202b35df703800a4a4b4783246cf92777c01c9dafe6c2721869364c3648d2718699aadeb2e71f05059fa360abfa3249fb299826c3c
-
Filesize
9KB
MD554adead52595b30131440bdfcae1cc31
SHA1f7352644b06208d5ca0e111445357a3c4364add6
SHA256b431f22e8cc910d42d8eae12400202edc006bedf91e06f521435ac7a32c019d0
SHA51266758c8cdf6bfbb0d18e45058fa4406b0bb68489ea8e9b1bfbbce63a6c740b7cfbeab72f48f9c0f395253d4eb5a8c1caacd43e515e44aa60dbf29307a48f28e4
-
Filesize
9KB
MD5214d3c719fb2d3f01abba5ab793c86a6
SHA16af92f55348f1c4f8f32244700a2ff0a2f564d85
SHA256cb4c1177b1a9f61377e34545bf781304b0e5a8f75e0aa24019e26a1400e741c3
SHA5126a995b3085b193c8f698169af482ac1fcfe310980e29c847d74f6ab5f4cf0dd31d8925e1d32d436cb5bff97d96d5b8304deba767c712ae392ae7602f647b5694
-
Filesize
9KB
MD5db4971726a9ff72150edf1c15e9fadc9
SHA1f6ebc0fa1b9e931455313fd1f213ef884d824404
SHA25672be491230b0a4d2df18d51b953352b28eebc5b328c1b587ce920ace03f0e6dd
SHA512ebc6b5fc216176e552fc3beb98dfde04f5401fb5add9cdef7d8d3c3053f01d74bb4ba549e625e3f8dd3ff226d852ccc1ba38048a84f07fdd0b9748f2ea29a7de
-
Filesize
9KB
MD513e412fffa2abdec6961c5559f190510
SHA15dfb08f3392d5488621ee97ac7b546266c95c8f6
SHA2569bd29f3d05ad14714b6eac80780416cbf75cecfcad36a3131812222ddd4e3c01
SHA5129a6c9bb2e07f3e7976072445070c2f47a17eee33af85477da8653a98f7c57caa95a5a9f89c0cb480b850b3b1047ac144f87ca8c31a01ad4b8476da86920e724c
-
Filesize
9KB
MD516c1c3becc04e36703193ef101fa636b
SHA14367f731cb1fd5f325654b5324591b02a9c97d85
SHA256fbce7e43e3ce1e8704c75d9e17e95cd33012a57b76ef99d4acc3af3ecf4d609a
SHA5124633a440971dd2cd2135a3de89e4c59d477d10c31e885a8c09afa369224e00eaafd04a515ef71d32881cf442ff840b4fcdb3cb63fedddc4e24a95ca9dfde613c
-
Filesize
9KB
MD55a930b29e82438c6d8f04f860e8f6882
SHA1931717037bc89dcacbfa5051dc2677b90d0c3e50
SHA2563ee945c9a52926987cd63f407781aa68e9181696939f601bf9e558e07e722756
SHA5120e23f1ea93b1d5b7801028f96b4435b90a7ddd12eb12f60638148f392f85c6ba6e4c073cd8d1981d404cb05084724bd8b3406735a3ac5191c256291a5586d6a3
-
Filesize
9KB
MD53bd1ae371dbd2612bf32cb34e5bc3a96
SHA11be04363a16a2a42734821328428e40be62a4d68
SHA256dbbd7488ce97ece446439fd4dced9e083c2138b129d1937b05957975c194e6ed
SHA51220aa34559024b4d1362ebda276c017b4c40a376d7167b7f2669489952ff5c0cd0c33e02f89107d1d7b515680cef6939c3106751db5b6c002071bcf9213992a0e
-
Filesize
9KB
MD535230863efced68878b3b575e2b025e6
SHA13a79e80466811326eafcbd54518dd50a452937ae
SHA25693cfa8f4293408062141bb38878915c3fcb35dd959700af22e22de402efaf849
SHA51213f457feab414a1ab102f00b7a2e7d0a6c2ba36ea262bc230e8e218023c893bdcbccf1409f5c86c7f2586637b9ffa81cb99d0b599003918229a44951f1b58618
-
Filesize
9KB
MD56d59cfe1965542645ec8209c880634af
SHA17629686f5b202060a2aed1e48d474a73f344e72f
SHA25668a3b359438dac0cc99734486e7efdf18c39ba754003e15e556b806d7c535b8f
SHA5129698138d89b6c41bff5d10cab6a0725826a5faaf19361eea3b23960233290678f3dda909cdbadff87b580cbe652a391be4ed9f0a87209ced91742750c8c67f26
-
Filesize
9KB
MD59b1f7b19661793511770cf25ae3ac5cd
SHA119e1db2919c75c53ae9f94dd00009a82fb5ee0a2
SHA25686009c78d588727c2df12c89b196081a1ed6d36f4b4abc0f16a7a02f5d121726
SHA512681e143eb6f59b2a64ec7a10e8e2a8eec0d1f938e24899476adc7106d2320e7f979834394902c886dfcba09b3d6c6af1a81f4efb79972b97837743edf7936a82
-
Filesize
9KB
MD5e0cc5a68fafbabe200b4e4ce20562746
SHA1ffa8de2f13fdb129327a7ea06d74eb8392172576
SHA256d1f64d8a05ea697de41787e41162012877ba8fc0ba1c67f7f4cb2374ec225e6a
SHA512ecf3c7809aca40961bfb72ebf887e23cc821b9a694b1cb07e024ea31e2f450df563f02b3ea9ec35d4983e8fd26d5ae9b1262bddb88e4dab762c054bd1b7d9955
-
Filesize
9KB
MD5162b1564ab01d160058036e7d3a23670
SHA1cc9e70e8f84dc291b81c89c4101bd84eaa69a25f
SHA2567ea0c7c1c381326c42f739aa34fcec3ad091e5601be49067a993671e2ca9d541
SHA5129f8e38d44e7ede8b1a1479c1c4f3cdbc1cc0e10f60a93dd9feb353f6f90aa569f50d1940a5639aa61ecd4a9dd2509a80f340596df0ac5902d1f4165ab9cd6ec9
-
Filesize
9KB
MD52d02edb9d5ba160efbe1cee63f1f9652
SHA1db95fcfc11209d7b4d74f6c26b66be932d246f37
SHA25657574a0b10e5f4f3c539cbc0655f5ee95a7ba826f78ce26c64ccad69a62fa267
SHA512d6f91bbad2ce4db278345b7400091e338ddcd28deed645eee6bf575da073d3d7d0466ecdb677d5f0c39904de8fbbbd5b765e231aed9b325c9bff135a4d1cf254
-
Filesize
9KB
MD5746871855a287164755d82c8e2f45c55
SHA14484206d2147d99b8518471c489fd74b5d574230
SHA2562f383c217c1bf38b4cb57dacd41747871541c0b1c1f81a1dcee53ddc2b32ca21
SHA51230d51adbd4be6b1853f5179a45736e8a2b09905953e3b03f5d98ca6d273fff63afa505b689a38df05f1efdf6c464d5380c168c73aa7c8da33ce1524a0ad5519d
-
Filesize
9KB
MD5275e3d6b12869b768134867374f1d4b2
SHA17345dc69327617a78c5899d102a8631d19558027
SHA25623ae73136fcdd93e5dfb8795105a1cfd49062d33f644ac0ff6152723b7070adf
SHA51239989013e7ff5b3a51e5a53ed8e3ffb061a1df1743137bbb5ba80a4d82d81e213e9256a3dfb2e4f41e4c27e0d0a63a60e1833609ebbf55a4092f486bf6160813
-
Filesize
15KB
MD5bdf7e5fbcf9bc70cc66f14dd299c485d
SHA1b5335b1e0e8d7671cd67c810b2bce7c55c893234
SHA2561ac502dfa3e296f8118686442ba80b5b974ab005a37638adc4a56c72813e5f80
SHA512c0b6ff463ecbb50b6eb9073d2db5ba4f719fff76d7c03b8998868180cd904249503f1c739f10781d3ed6f17defe307b3a3ef11ccf902976797a916f17827a32d
-
Filesize
264KB
MD5544a18c7331cd1a876daa105d8243126
SHA1b03af1d28e135ddd33575c6f2a21cc913cec1cb7
SHA256891b3b62876d4e6e3de9705a46a22c312b36a8553ada2ab92f4631a9127613f8
SHA5124356261c51fb4153308bbca63842e5d524ceb3660f1e438f81408947f18c298c4f06a5a04a7bcd9ca2dc6b55e19ec1fb03eeca74d6b56f2562edb18638128bd6
-
Filesize
189KB
MD5c259c275faa4347945f744d560763987
SHA10add1e0c7825c04a68ecaeea2eda99f0cc50c618
SHA256e5b539a6e6e6b97846afe0cdaa8c826f0ea86fb83d8a86132f6c0b97a16c2ea5
SHA5120f1402599cb88ec477835e202de1dbab5a776a0d275670d720dc9e1b49562de1fe198fe50e081d28ebe69cee9ef62dc0a9ac544fc718d2b6966701d0fcfc1652
-
Filesize
92KB
MD5d12bd28df5a1961ff4e73bc28c3d6e43
SHA1c3d74433f237f4608e9692a2bca7a25ec1114b99
SHA256cdf1001b3c74a3d1535e233a93e74795676d4402a7270555a9c4d65fceba55ba
SHA5127edfb99fbc0d06663b551c7e4e095e8d7f79462b0bd31205a6f64a425c75d0feff2b4e6a21a9aeccb2ab4e7d94fc8ef154a35e1113f4be958fedc684542a9e7f
-
Filesize
92KB
MD5e72d7066285653b1e91d2dbbac13130a
SHA1ee0286d7d206a91bb1744194a6ce0a16c0e0a2d5
SHA2569d2648dec7a5cdc3e5595fee06390af34b97518437b64cfb07e020979e7ff21f
SHA512f1a9e71b645673662bfccfe08f16299da2b33e9851e01cf42434deca98db4d2511a07fbf44e96ac3bfcf2b588432d0c42de9cd1c59edc817aa2a2f913c5490a9
-
Filesize
189KB
MD52af20b63829ad677ece57584356174c3
SHA12ffdcac7d16399d0e5c0a496044ae7cb4284bebf
SHA256fa3738bae1fc3f00f27baf8fce7b8271972b4804642093bd8eb73dbffd05a451
SHA512f81a778d8de668ce0dbd930e2e0247d4cea000d54e22a9bd210510017063376b513ce0e9758513d5e0c8a5d83a9c8225b52a5bfd3d40160f1361010e5eacfcc6
-
Filesize
152B
MD504b60a51907d399f3685e03094b603cb
SHA1228d18888782f4e66ca207c1a073560e0a4cc6e7
SHA25687a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3
SHA5122a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91
-
Filesize
152B
MD59622e603d436ca747f3a4407a6ca952e
SHA1297d9aed5337a8a7290ea436b61458c372b1d497
SHA256ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261
SHA512f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a
-
Filesize
30KB
MD56fb26b39d8dcf2f09ef8aebb8a5ffe23
SHA1578cac24c947a6d24bc05a6aa305756dd70e9ac3
SHA256774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059
SHA512c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd
-
Filesize
20KB
MD59aff2c561d38013551686036582d6468
SHA1f88c6657b2e1fcd9185a7da18f26aa06268851b3
SHA256d8b15daf1c17ee510b7c0d83ac412ad1b20a044536764cd16d22b78a8c29e827
SHA51289f4dca622efcc60f4cb3f9744b7c8fd0684916066f912c69a0d5cc669574cb0b4c0e5fc1e358033f4d518a70e1b80eefdf1e0c5c191c9adbcfdde6cca25414e
-
Filesize
25KB
MD505e9679509b61424a07cc4d4efb7247f
SHA1db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81
SHA25631798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b
SHA5121cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208
-
Filesize
48KB
MD5da948371d63bac0deecf54376b1f7380
SHA1afcdf9eaa74cad071d44bceedcaed24789ba37b2
SHA2565fb1f20319ce41d31b6c502def24be697877cdf34646e45cfb7631ab2c783e73
SHA51294202e9aeab53c0c5707df70f96619d55ca010da94551760673adbd2cd70a3680cd4c0d605fb8c71f842bcfbde6bca45d84b798c332849204104dada363b2d24
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5cd747d2c685dd75f1f328348f1bf1e35
SHA1b04608633b5f6a174e41896834bcb3b3ea98cb8f
SHA256e00037bd8e0b6a08c39f4e55fa94fdcc164d43583124d16c94022f074a75c70e
SHA51233355671e68699b1ed78bd4a97cc4815071ebc0bef80085e6f90147c3d6ea569433b3b107650fc922360001a0d60ee04d5975bf5356584d51067b12ddb7be6c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5d7cc1fa33dd43bcd18250089aa7ce0ed
SHA1f3e13365bcc6a37887729c2328eb574bcd59317f
SHA2563347b7d86353066c63e9563c454c5c61874b35455a0ea145a2094cd6312e76d4
SHA512e3a0d9cba320317741b3896cfc0d650677884829df26e268155d86e4c58eb03d85ba6c87dd083561c38f811af75835545b9d0164c5e5743df3c6331ec7146ab5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD59038249b991c156427ff0f97d5c55a47
SHA141fb2ee951625dc89db7e2850de9b6bb686d86df
SHA2562539907b3290126380e9422a67b9e8dfa30b9acce064aa5699f3326a4a1f5a71
SHA512fb9f38529513610c97dcf0eb16df347193562e575f8d4a180279489777d44e1a4168ce52f8d6e72576c80424df6e102abc3c597de0478c1c9cdf3a85b44a2d45
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD55f42e95b03c5790ef8db4e75770c7e08
SHA15f7c45c72ab34ceb19c26249973fa6591bfcb3f4
SHA25611426e10553958e7236ddc9af3388ad504a3a75450e2d40aaa65947adb9f31ab
SHA5128289f5acd761413a7fa3496a3a2cdfabaa647a20b590ab5b2e28e074d13bbaff2c63f0f3d6e6967e7c772979b0f756f1c1371825d842b059a71a8e7ca8a6792b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD57024229cd5fac6faf21ac82e44930474
SHA1bccb33cc0465093c9d588a9ec17f265f88c71245
SHA2560c591fb5ab173f0c73be3eca426c292f813888f258154de982a53089d454a25e
SHA512d7b094cc9c45569feb8cd4fe60c2929243482c3b100ba3e59c9fb08d4b6a9ef5593d8a419d5e24e4f176d46689d471dc26c84270ed1bc83c9a432c5b02f5ee33
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5892713d871a7a09dc2c359a3aac2c00f
SHA1037b973ede4597b2a27868341cf3a5fb83be25bb
SHA256bc243ba9ea9a103d354ec493734376ffdcd31f7d4b15cf038e6765edab70409c
SHA5126b0903b579a1160f9a5cadb4a181759729054f18bea7dcca48812678db2b70922ce7ab9ecff7fbccdb60e41a90d53c1fef6f1009a55d5ccb4f58fa60ee1942eb
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
8KB
MD5be5c035e8bc0e7dfd9ea5d68723d5f4b
SHA1c7d9ab8190dc697fedcb3aaf83bc66fa636065fd
SHA256a4d84c17dc5ab1408ba3cbf8d186b7655b6c8a349b4f803f359f40d91f2049d8
SHA512a0c96ca66107e8883528850c8408545e3bae3c5ed36bb5f02e93647a8cb19bcfeb41dac126d9c181c850f40addd9b75ea479d89b3d38e2f99db7e41e3a3bb6ee
-
Filesize
12KB
MD5e321f640d7c92e25c5f9c826499a2749
SHA1ff5aff2d36547777866699c07166505278e611ca
SHA25679d829faba3fbc3f7240a260fbefb4278b4f9c9d38df459634d183444731fdba
SHA512b5f00bf669d054c1dc1e60e9f4e9f5e7a44f5621177ced6c75aa9fcde34120dfefb701d154e03fec2cbb3202902f0cf7c92fbda7704bbdf028093c96c93f4398
-
Filesize
12KB
MD54eede5d244314c2c1da4e67c0aa34019
SHA1ea273924d0ad6275c4d9143737bfb3b726b84a39
SHA256a74c2e3d1612325876decd646c8d6522436fd9d1d1932b054acc2e22e00ace23
SHA512f11b13ef57d0671921a62300719c3aae9e90d31a099fb2f4a07f8673c992dafd06fcc7d323fce90b7544c6692b4aca1e47f71dd7e144fcf408943b2c1578f0b5
-
Filesize
12KB
MD587185bf3499a92dd50d2ca7b61e043da
SHA14e448967d238e297f4b7fcba58984fca6c7a6369
SHA256b3b094fc5d4b5baf65b34e4e1f3cb0f87b7cbd0dc818f58b98ba45b8db14ad26
SHA51204a6c0d4542cd4a1645d3acc88ae9364699981baf484197d36ec214724d0508eab5e02a3026e97f9ea46db3c00f1ae678b7dbfab774a4e248a80df3e04e9145b
-
Filesize
13KB
MD520370a47be439c7bcb7c4ff8292b9ef1
SHA1f031f4e36380cebd9e82affa892a29c420ae8c97
SHA25678c294d91ab761f9ca4fe5c7fc2e4f65cd062218650a31d92ecb7a743d5e15e1
SHA5129894a01bf9e26a40e734a2bd8ef332e2e340c4c220a6eccfbab2683d6c9cda785ec4feff13c476e71d63f07755a63d97fd57d4bf4303f2d0218db9cbd4f024bc
-
Filesize
5KB
MD5e0ff6871cd828b7c95c12230a142991b
SHA1b338d19922a21c074833dc7e26c1bf82887fb45a
SHA25642edebd14392ba986af569cddf96aa47f7ce527083f99e6924cd6467a7105be0
SHA512793146e1891808d4343921bfa249732c05095ef298bf3dfc9a195c36c590250dc64c3c6562b7e1a5c4402891cf493da54958d787fbc4c618ff1ac1b4ed6748e5
-
Filesize
7KB
MD55c6e3fccbb0866ebacedee95e397d783
SHA1f824936c2ba47c4880f722d1ee03273bee8c39b6
SHA256b0187e9740d022f1d90849343930ddc3259f4a8547dd25b1400106dc41904bcd
SHA51262d8a354e18f3e99569c0fc394616ff0e017eabed6a2bcd4a134670cd63efa74dd13b28915808365aa3943c711b0add4e030b3a506b19358b34d6cead0165ee3
-
Filesize
7KB
MD5949efc203809ffead9b214724beeda4b
SHA17045d0cab25f43ec64ef53e084e10fb0569e430a
SHA2560d59536d7fd53fdd30d1fec4d1d68e08b64ae1a978bb1c74c99268a1e006096e
SHA512f721c33ab525b5c74921c2513c76da37e2c80737c37568be884b03eaa91d14746c3a8f0618425b1fe20aae16e87c8d13dc35f70689b2975f250044017ce3bdba
-
Filesize
7KB
MD5593c36368744cfa2abe27ad6390677b1
SHA1a66bf76e0d63a32af8f932e7b25a53a6d9850b45
SHA256d82cadf8b022da5203c6d6a20205264826f070c57fc7c521a3f7839c6db13b3c
SHA512803368524b9f72fbcd614aa20dae726210acf30e62c0e1c2d99adebcf4bdfa93285b71c6b4f2859bd064bcf933f42316a9a637c54320d87855dd0f5195fa60c7
-
Filesize
9KB
MD54762e2255cf0e8f50b4991c0b5d47621
SHA1e24ff466058bb3641fa73eab29ca79c8b7af6a19
SHA25673f9023501db2cdf9ee158135c8147121405ad5256949c72735ec1deb2b89499
SHA51242fa94f14a826deeb804d8731961ba5b3db36d70ad433f1fcdc9a71b0bb1ca8aa4b3760391bfe8e0e2f3b3956295a05c562d106a0923572670f82ef813c49fb1
-
Filesize
14KB
MD509db41a9c7bd15cde96fb8ef88c3f891
SHA1cca6f631d6759777e2fc86f2c92aef2a53bd2773
SHA256e657fc4b7b223c799eebc67838495e91aeb443632a26b77513fd5e27de31a7e9
SHA512f681fbbec723da31ae290f412c49dcc73f02acab1eb32c5c08af39012eee3213aeb92ebf30b881fdae1fd6860faa6ab1f0dd9420e67e5eaf05274755c10e506e
-
Filesize
15KB
MD5ae81e69f57c39a11439c93ab9aaa8a37
SHA16a363f573addbc244cc1875e6069749d3c6f122a
SHA256b8cbb214e7fbe624ed7a3e14bb1d0a9f8a538bdc0092106542d186c5227bdf0e
SHA512c39a90a48f4e8cd35df86ad79b63a5d7524ed2ca13299e069614adef9343ad9bff21e640d39fee6684c20ba889fee53928c41dd92ed32111d462bc43019f2b72
-
Filesize
6KB
MD5dda4ed6a15e4efc65fca4fbd1d93ad7a
SHA150b96f31d589e4363999b83afd4cd7df8491086d
SHA256e353d2214ed4af8d77f2c0b76eaed3a1f6c2e592c133538c12cff1fd1b12f3e0
SHA5127c7cb842a83b84b6ac93865e0c4ffa335392d438b448eaf364703d9aee850e51d1aa45eb79f12dceb586f858a1b3073234468638c824617ed2fd252a2b883269
-
Filesize
697B
MD54d343468ae7ea015ddc8e5deaa55d7f7
SHA11e7ea2e2c9f28cf518a3c07de7e87f1a1f9b7d6e
SHA256cc3880bec7ab6439ff9b657c4c37e47986d87b59f078086f5b23220246734266
SHA51219c6e73785d053b97e1b24c90ee53c15bb6d9727c7767819be08f92b7f535e49df5dcd17a2e4ead0c4a24c3d8e919b7ecf0bc6d819566bd475701e72e6e77323
-
Filesize
864B
MD57d125154ae40c5f25f4756664d82f051
SHA1e393b899d168c3d25e214cad7f99202a1eff8719
SHA2564b6e846e2402eb0fffd92cdadc4c2e9947ded5788244811bd22c76e06a8fa483
SHA512059f4d313c45a24d5d944ef738c9bdb12d8a559061d74007c09ab1afdd9ffe1b3756cadac5368d3fcc82c520b5e37da9e43067889ac9aa33b872195a5df1ea70
-
Filesize
1KB
MD52659df5d564311849272bf52b7489fea
SHA1c424a5659afe63bcd57de51bbbc886c6a3223353
SHA25680c0f91864894eb592d49cac94b3bad9bf352fcd19cac05a9f9ba5dfbf8a7b30
SHA5127e4fa7af3c68b87cdf4334b8daa46193d3a35a8afa108f0d743271db7cd509460370b76c917ea3ff9c22f814ffb1134ccac830f1e4c6e84774f2f75db6d96672
-
Filesize
3KB
MD56bf8677c27399b6a134400636eee0759
SHA1d23f85da4e23f257598e82aef23a30d0598f3931
SHA256ca900a544e8d95e632507b275d40facded4becd29a8d7341784871458c3cce56
SHA5129f11e56819e70f7f072e4334e239d921c8090529d22e343482958fb1f24432e11ae2d788c599d1b064c604e32eaa5a4f991d689f8f808489cab9ea683ab1a278
-
Filesize
3KB
MD5699fd33c2e6a0089ccb8b3dba2adc17a
SHA1387685242d8a3538fcae927efad1e08c063532e9
SHA256d8db295f1bdbce114a29ad2d58d887696667bb8678b789b023a01913030a84cd
SHA5127f4d635d0fd1807a8054f3e62c763f50f5a575176c25a887b0cebc0f2f799c3aa93b2cdefaafb10cbed104bbf278b332524f4dfb197df4638e063029d77e6614
-
Filesize
3KB
MD5fe9c429a2ca21b1e2a57da4049d9017a
SHA165823349df962a988c60875527dc239719ce7a8f
SHA256f313dd81a74600ca446d0106cc016365fab7a49dfda3488a57c9438b23ba8f54
SHA512573db780ba6a67f6980410b33707d535e53b54ec7af5a1ff69e310f252fd10524725799a5ae056ec5f932afca860f7414db453ac63f02c80128a4c184a28925e
-
Filesize
3KB
MD5efe355f7f03ac06ced60362b3f5c2019
SHA1ec49c9e715619cd6560fcf3ec4f68b2fd82b332f
SHA2569d9fc912a9e869aecdd8a461997233d5719130ea50e7862ac4fb74a796c1d22d
SHA512ed9d52765c60b00752242ab0fb38bc53b075db47339ad1417bc9fc3f9859e8213f8cf272e7f66f5a8ab98d8e307cff2f99ca28100b5fb6d1b0ca6f1a66d1995d
-
Filesize
3KB
MD56a95a389836470f825d660769f02afac
SHA1778bf99be916f27c5a77a67473a2b626fa5b972a
SHA256e4176a4482ab89ecf5558afc16218ffd5bc91f6b91e6de9f0f4344078b3d76c1
SHA512a88a571b1e9c72f52e4b9c849d9ad713171f1a35144ff42a97d1a00e6c64384875032c631abc9c2e3a49f1e72d22dde8ed880b16cd535860188775a790852aaf
-
Filesize
3KB
MD5e5af11cb0e4698b0b1fb4cd38701c647
SHA11453ff7c8efc6a6e7f695cccc519a97fb4eaed12
SHA25671ebaadb11f8ad39a549cee31d3bcca4f134d00606a6cc6d06507254ccd9f806
SHA5123f645cd8c9664b35ff96bd49bc226db9ced4ef86b55c2833d3413405c9af89a254d0d899ce0413a909277854e2503eb6cc323e24e53da90c052ac5a8fbabf6fa
-
Filesize
4KB
MD53bb68c9a596bfd8857724395c2fad237
SHA1a83d3b9dcf56dcada8ba9b7958b09befd65e0244
SHA25612f8d7381b8a203877051c4c5b48a043b0344797c606f98b505e4e43aee400fc
SHA51260c00422f2952a5f45866007a7ae75d312aef964d9e0b4a9728700e440749dddbac81174d4f39c8430e3956aeba31a542acf1bd445c543b9f62cfd90dc0297dc
-
Filesize
3KB
MD5cdf433e9236eff15e76d1e58e1d966e6
SHA1a3ad5016ea801c2add0dfab947de2d6440fc205e
SHA256e57572602e7cbef476113e0350518e66cb4e6c8fdefd25a63eff34d89a64be87
SHA512506b0001557232f80fbf245e34e8e78aef5e26855bbffe1bac7f0c6c7d8a3722aa92a3d59e5e4ec920583c901322906bc1b94c5317106553097915efe71cbcf3
-
Filesize
3KB
MD50e2773ce72f1b5cd429bb038abde3d9a
SHA1635d802e7b8cc0c42447885e3a7282a4de49b8b9
SHA2562747b7468f5b267cdb00993140dc971d7775e82d834ef6fbc5f99a2da3dfc3b1
SHA51256b590b49c8ff534edddd5712d286a8f0ff0edf4bdd05ac02a88727aa11ec9fb00f31fc222acbb55b1c0cdb3d05a26cf198cbca1ad75963b8cb0ec63a782ef93
-
Filesize
532B
MD502275ea13265db01a0a3c7c5deadad1b
SHA14cf59c33258c0127dddca0b18075ba573d7ef1da
SHA25687b2dfd11d6602d698545bb3d90a7501ebf2d6141a2c96a97d106da125858b86
SHA512e2852058c185ba1d2434c1408fd45b9cd813cdf1b0e6f5ff92453315dab11a0229690cb59162edcfd393d2518fc5b2ba88599c08331683b9465ae3b59552868f
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
12KB
MD55452e90cc72509069e81c04bbe9e3dc3
SHA1c99144904cc1b04a5cde31e2254d171810fae8b7
SHA256dcc2663f2ab0a5a26b81ed925ae1b5cda89e0c80dd87c9900ccca28f5eb3a367
SHA5127cc8c70ab7d7d005d39923c847fed13f7678cc3f0ab2d3c1368593ddd396804f87079b3baf1e80f2c13973072051c617ea6d368317c6fff1ebbedc9557a70d1a
-
Filesize
10KB
MD5193db4d6ad58e94632762cf81096d27d
SHA197848a0ecf983fb327bc8bbad750de6a4644b75f
SHA256300cae5e30415f9b9e8874db748b011bca395afb3f92385fd56b2f2be48b1964
SHA512c7f1658efefcb5bee090807e97808dc90a72eb30745903b43de6043354c2ea67856abe3c3df844d4b0e87e7932e5779e51a1922ee32f2611398c4ad278a4699a
-
Filesize
10KB
MD57041bd958c96004f4f13f97092bf0b0d
SHA112fe6ff6a23130377beefa42b0161944f95a2f5b
SHA2564dbb7344565c09198ebdeaa942a4c485f2e2872c1805e2d625ab749fd5b08abb
SHA512a9e5de43fc379c53256f17b7b5612e7a75c74061210574eb6917a09edf42e19ece7108e6724df7a4651665e57698ea2e3c0c2d6a1508881d38c3e6520d26a321
-
Filesize
12KB
MD54a08f92aafb71b3357170b3ca2f9e9b1
SHA106a95bfcdf856ac57828f67db3ceea5c137be7c9
SHA25613e2edeb8820b8b2d1eb727270e759514882ba75d92c42176f98a39b96f9710b
SHA512e1872263c841f0475094805f5ccff85145c168fe338213aec3480a92f492b4bac49158589c1c4bf37e6d95bf4119e6fb256aed5def995b831d56a4cf731c2f1d
-
Filesize
12KB
MD553a575e4b6ff89501916315d9a21a0e1
SHA13a4a98dfcd44fedbd725d3b36096e8dd16a23a19
SHA2569461aee758b59fdb5410fd0c0bad5ffc7c1bb7f522d642e626bf8d26e8dc7081
SHA512894d3009b4da8b2f9b035c4d23b3e4ea1615f4f589078fdd9e3fc8c21cb261f997241ab4dc596b34f71d05a8e4d7de37de8bdd1c571497e539f6a6678a98af36
-
Filesize
79KB
MD5d9cb0b4a66458d85470ccf9b3575c0e7
SHA11572092be5489725cffbabe2f59eba094ee1d8a1
SHA2566ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05
SHA51294937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
73KB
MD5b7d668191f946ee108e7e1e71ea71776
SHA19f020d69b2bc828a6bf7cc5f4c7050a254d17464
SHA256085bcc47aef41d67bcef760efd34846c8b39ed0530ea7e83f71fe02f864544c1
SHA512e4090561859426f6fd79e7650db81f20642d9639ab58106a4fe9e36081778af5e444fe4156209695beacdcb09e79b0ee36b0f1bdf699e4711cbc14683295da30
-
Filesize
3.4MB
MD59f9bbd12ae5894046810e6736ec4d892
SHA19e81b764a40ec39f6667c54b8d40da0b97cb5a7f
SHA2568d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4
SHA51257d5b59de422394856e15b2d65c1f2a9e85a1b012c954ecad98682a84c7f90ff00be91819c8ae9cd123270e2cf446d69bfb248bde471a29846d57bf401417eaa
-
Filesize
276KB
MD50d3d9123958c3651d44b4fa85cb8ed53
SHA17a08db20a780eb6690fc4fa958bc1eea20e6d2ae
SHA256f590d07eae0df2ca477073ff660cd9f57d7a24eaa81902003370e06264150739
SHA512e2ee2712e92db8cff0ba5e716fc18f2c743e958a1f5354c1145e02c3de1a89c81f2e9abe54f70a1c3e04e750535eef2e82d0393952c2257e564e0f5817fff249