Analysis Overview
Threat Level: Likely malicious
The file https://www.ldplayer.net/apps/samsung-galaxy-a14-on-pc.html was found to be: Likely malicious.
Malicious Activity Summary
Manipulates Digital Signatures
Possible privilege escalation attempt
Creates new service(s)
Loads dropped DLL
Executes dropped EXE
Event Triggered Execution: Component Object Model Hijacking
Modifies file permissions
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Drops file in System32 directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Launches sc.exe
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Suspicious behavior: LoadsDriver
Modifies registry class
Enumerates system info in registry
Suspicious use of SendNotifyMessage
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
Runs net.exe
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-10 02:48
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-10 02:48
Reported
2024-08-10 02:53
Platform
win11-20240802-en
Max time kernel
271s
Max time network
277s
Command Line
Signatures
Creates new service(s)
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETSIGNEDDATAMSG\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\FuncName = "WVTAsn1SealingSignatureAttributeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2011\FuncName = "WVTAsn1SealingSignatureAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\FuncName = "WVTAsn1SpcSigInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.3\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2012\FuncName = "WVTAsn1SealingTimestampAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\FuncName = "WVTAsn1SpcIndirectDataContentEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006\FuncName = "WVTAsn1SpcStatementTypeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.1.1\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\ldplayer9box\VBoxDD2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-processenvironment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstPDMAsyncCompletionStress.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxStub.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\DbgPlugInDiggers.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libcurl.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ucrtbase.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxPlaygroundDevice.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-private-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\concrt140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBTest.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-console-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-timezone-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-convert-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSVGA3D.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-stdio-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_V2_utils.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetAdp6Uninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxRes.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSampleDriver.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-libraryloader-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\dpinst_86.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstVMREQ.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSharedFolders.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-filesystem-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\bldRTIsoMaker.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ldutils.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\vccorlib140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstVBoxDbg.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetAdp6Install.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstSSLCertDownloads.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-profile-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxEFI32.fd | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\load.cmd | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\dasync.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\msvcp100.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l2-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-datetime-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-debug-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-timezone-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxBalloonCtrl.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\platforms\qminimal.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VirtualBoxVM.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-memory-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-math-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-multibyte-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\padlock.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDTrace.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\6C5DBBC4-B2EE-4E80-88FE-830CB985572D\dismhost.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\LDPlayer9_ens_com.samsung.galaxy.a14.trend_3040_ld.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dism.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LDPlayer9_ens_com.samsung.galaxy.a14.trend_3040_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677319374064069" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4453-4F3E-C9B8-5686939C80B6}\ = "IGuestProcess" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-402E-022E-6180-C3944DE3F9C8} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E9BB-49B3-BFC7-C5171E93EF38}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C9D6-4742-957C-A6FD52E8C4AE}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-73A5-46CC-8227-93FE57D006A6} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4737-457B-99FC-BC52C851A44F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5637-472A-9736-72019EABD7DE}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9641-4397-854A-040439D0114B} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44A0-A470-BA20-27890B96DBA9}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C9D6-4742-957C-A6FD52E8C4AE}\ = "IBandwidthControl" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E72-4F34-B8F6-682785620C57}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A161-41F1-B583-4892F4A9D5D5}\ = "IMediumConfigChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6038-422C-B45E-6D4A0503D9F1}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EBF9-4D5C-7AEA-877BFC4256BA}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5}\ = "IPCIDeviceAttachment" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7E72-4F34-B8F6-682785620C57}\ = "IExtPackFile" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E9BB-49B3-BFC7-C5171E93EF38}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\ = "INetworkAdapter" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CD54-400C-B858-797BCB82570E}\ = "IPerformanceCollector" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4C4-4020-A185-0D2881BCFA8B}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\VersionIndependentProgID | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BF98-47FB-AB2F-B5177533F493}\ = "IStorageController" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E1B7-4339-A549-F0878115596E}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E191-400B-840E-970F3DAD7296}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DAD4-4496-85CF-3F76BCB3B5FA}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-735F-4FDE-8A54-427D49409B5F}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9641-4397-854A-040439D0114B} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-32E7-4F6C-85EE-422304C71B90}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B4A4-44CE-85A8-127AC5EB59DC}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B855-40B8-AB0C-44D3515B4528}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\ = "IMachineEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2E88-4436-83D7-50F3E64D0503}\ = "IMachineDataChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6989-4002-80CF-3607F377D40C}\ = "IUSBProxyBackend" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2FD3-47E2-A5DC-2C2431D833CC}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E9BB-49B3-BFC7-C5171E93EF38}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8690-11E9-B83D-5719E53CF1DE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00A7-4104-0009-49BC00B2DA80}\NumMethods\ = "95" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A161-41F1-B583-4892F4A9D5D5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-26f1-4edb-8dd2-6bddd0912368} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4453-4f3e-c9b8-5686939c80b6} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\LDPlayer9_ens_com.samsung.galaxy.a14.trend_3040_ld.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.samsung.galaxy.a14.trend_3040_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.ldplayer.net/apps/samsung-galaxy-a14-on-pc.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb269ccc40,0x7ffb269ccc4c,0x7ffb269ccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1844 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1968,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2408 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3124 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3668,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4832,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4508,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5056,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5044,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5396,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5552,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5860,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5884,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6188,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6180,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6324 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6228,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6472 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6496,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6592,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6900,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6896 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6620,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7048 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6612,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7196 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=7320,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7312 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x0000000000000490
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7184,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7484,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7628 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7612,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7772 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7988,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8076 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=8008,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8000 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=8016,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8428 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=8024,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8564 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=8032,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8692 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8040,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8820 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8048,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8956 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8056,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8064,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9220 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8080,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9256 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8088,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9492 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=9620,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9352 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5232,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5504,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6652 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6800,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7212 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6504,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6580,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9488 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=6556,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=4868,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6524,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8148 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4496,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6588,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8180 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=4252,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=5000,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6472 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=5880,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=6312,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=6200,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8548 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8156,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9100 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=10196,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=8748,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6732 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6716,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6740 /prefetch:8
C:\Users\Admin\Downloads\LDPlayer9_ens_com.samsung.galaxy.a14.trend_3040_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_com.samsung.galaxy.a14.trend_3040_ld.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=936,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7508 /prefetch:8
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=3040 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=524922
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\6C5DBBC4-B2EE-4E80-88FE-830CB985572D\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\6C5DBBC4-B2EE-4E80-88FE-830CB985572D\dismhost.exe {7E157141-AFA3-4093-B2C5-39890BEE4AE6}
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb11ed3cb8,0x7ffb11ed3cc8,0x7ffb11ed3cd8
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.samsung.galaxy.a14.trend|package=com.samsung.galaxy.a14.trend
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7100,i,12084168176617932036,18191568579660363237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7044 /prefetch:8
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb11ed3cb8,0x7ffb11ed3cc8,0x7ffb11ed3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8485373871245027991,17739753260269019827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| GB | 163.181.57.236:443 | www.ldplayer.net | tcp |
| GB | 163.181.57.236:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| NL | 142.251.36.54:443 | play-lh.googleusercontent.com | tcp |
| BE | 18.239.208.87:443 | cdn.ldplayer.net | tcp |
| BE | 18.239.208.87:443 | cdn.ldplayer.net | tcp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| NL | 142.251.36.54:443 | play-lh.googleusercontent.com | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| BE | 18.239.208.87:443 | cdn.ldplayer.net | udp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | tcp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | tcp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | tcp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| US | 172.240.108.68:443 | lavatoryyourself.com | tcp |
| US | 172.240.108.68:443 | lavatoryyourself.com | tcp |
| US | 172.240.108.68:443 | lavatoryyourself.com | tcp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| NL | 142.251.36.14:443 | apis.google.com | tcp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | tcp |
| NL | 142.251.36.2:443 | www.googletagservices.com | tcp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| NL | 142.251.36.14:443 | apis.google.com | udp |
| BE | 18.239.208.58:443 | apien.ldplayer.net | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 226.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| BE | 18.239.208.117:443 | tagan.adlightning.com | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| BE | 18.239.208.58:443 | apien.ldplayer.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| BE | 18.239.208.17:443 | config.aps.amazon-adsystem.com | tcp |
| BE | 18.239.207.196:443 | aax.amazon-adsystem.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| BE | 18.239.208.2:443 | tags.crwdcntrl.net | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| IE | 54.77.158.234:443 | bcp.crwdcntrl.net | tcp |
| NL | 63.215.202.146:443 | proc.ad.cpe.dotomi.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.64.8.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.158.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.202.215.63.in-addr.arpa | udp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| DK | 37.157.4.29:443 | adx.adform.net | tcp |
| NL | 147.75.34.177:443 | prebid.a-mo.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| FR | 91.134.110.129:443 | prg.smartadserver.com | tcp |
| US | 104.18.11.176:443 | mp.4dex.io | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| FR | 91.134.110.133:443 | ssbsync-global.smartadserver.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.163:443 | p4-ffpq4amzuv7ku-epsw3yawtjcivbge-if-v6exp3-v4.metric.gstatic.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| BE | 18.239.208.63:443 | cdn.mediago.io | tcp |
| US | 34.111.60.239:443 | images.mediago.io | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.193:443 | 298a06feb9b1b15c5a1cd89a20e34061.safeframe.googlesyndication.com | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.134.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.131.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.168.214.35.in-addr.arpa | udp |
| NL | 185.89.210.90:443 | ib.adnxs.com | tcp |
| FR | 51.178.195.212:443 | ssbsync-global.smartadserver.com | tcp |
| DK | 37.157.2.228:443 | c1.adform.net | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| BE | 18.239.208.63:443 | cdn.mediago.io | tcp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| NL | 89.207.16.201:443 | equativ-match.dotomi.com | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 104.26.9.178:443 | prebid-stag.setupad.net | tcp |
| US | 8.8.8.8:53 | 223.25.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| IE | 52.95.125.22:443 | aax-eu.amazon-adsystem.com | tcp |
| DK | 37.157.2.230:443 | c1.adform.net | tcp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| NL | 172.217.23.194:443 | cm.g.doubleclick.net | tcp |
| NL | 172.217.23.194:443 | cm.g.doubleclick.net | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| IE | 52.49.132.11:443 | ice.360yield.com | tcp |
| NL | 142.250.179.163:443 | p4-ffpq4amzuv7ku-epsw3yawtjcivbge-if-v6exp3-v4.metric.gstatic.com | udp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| IE | 52.212.48.12:443 | ce.lijit.com | tcp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| IE | 18.200.164.220:443 | rtb.gumgum.com | tcp |
| GB | 184.26.56.245:443 | ads.pubmatic.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| NL | 185.89.210.90:443 | ib.adnxs.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 142.251.36.6:443 | s0.2mdn.net | tcp |
| NL | 172.217.23.202:443 | imasdk.googleapis.com | tcp |
| NL | 172.217.23.202:443 | imasdk.googleapis.com | tcp |
| NL | 172.217.23.194:443 | cm.g.doubleclick.net | udp |
| IE | 108.129.52.249:443 | fw.adsafeprotected.com | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| NL | 142.250.179.193:443 | f00aff6633c0a56f300a4c5064233488.safeframe.googlesyndication.com | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| NL | 142.251.36.6:443 | s0.2mdn.net | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| IN | 142.250.182.99:443 | csi.gstatic.com | tcp |
| IN | 142.250.182.99:443 | csi.gstatic.com | tcp |
| IN | 142.250.182.99:443 | csi.gstatic.com | tcp |
| IN | 142.250.182.99:443 | csi.gstatic.com | tcp |
| IN | 142.250.182.99:443 | csi.gstatic.com | tcp |
| IN | 142.250.182.99:443 | csi.gstatic.com | tcp |
| NL | 142.250.27.156:443 | bid.g.doubleclick.net | tcp |
| NL | 142.250.27.156:443 | bid.g.doubleclick.net | tcp |
| NL | 142.250.27.156:443 | bid.g.doubleclick.net | tcp |
| US | 54.208.116.21:443 | dt.adsafeprotected.com | tcp |
| US | 54.208.116.21:443 | dt.adsafeprotected.com | tcp |
| US | 54.208.116.21:443 | dt.adsafeprotected.com | tcp |
| BE | 18.239.208.69:443 | static.adsafeprotected.com | tcp |
| US | 54.208.116.21:443 | dt.adsafeprotected.com | tcp |
| BE | 18.239.208.69:443 | static.adsafeprotected.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| GB | 23.53.175.107:443 | servedby.flashtalking.com | tcp |
| GB | 23.53.175.107:443 | servedby.flashtalking.com | tcp |
| US | 52.54.28.112:443 | sync.srv.stackadapt.com | tcp |
| GB | 23.53.175.107:443 | servedby.flashtalking.com | tcp |
| NL | 35.214.154.183:443 | csync.loopme.me | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| GB | 23.46.72.51:443 | cdn.flashtalking.com | tcp |
| GB | 23.46.72.51:443 | cdn.flashtalking.com | tcp |
| NL | 142.251.36.2:443 | www.googletagservices.com | tcp |
| NL | 142.251.36.2:443 | www.googletagservices.com | tcp |
| NL | 142.251.36.2:443 | www.googletagservices.com | tcp |
| NL | 142.251.36.2:443 | www.googletagservices.com | tcp |
| IE | 34.251.153.53:443 | dpm.demdex.net | tcp |
| NL | 142.251.36.2:443 | www.googletagservices.com | tcp |
| GB | 23.46.72.51:443 | cdn.flashtalking.com | tcp |
| NL | 142.251.36.2:443 | www.googletagservices.com | tcp |
| GB | 23.46.72.51:443 | cdn.flashtalking.com | tcp |
| IN | 142.250.182.99:443 | csi.gstatic.com | udp |
| FR | 54.36.150.182:443 | cookie-matching.mediarithmics.com | tcp |
| US | 34.98.64.218:443 | eu-u.openx.net | udp |
| NL | 147.75.34.177:443 | prebid.a-mo.net | tcp |
| US | 172.67.138.13:443 | adxbid.info | tcp |
| IN | 142.250.182.99:443 | csi.gstatic.com | udp |
| NL | 172.217.23.194:443 | cm.g.doubleclick.net | tcp |
| US | 34.98.64.218:443 | eu-u.openx.net | tcp |
| IE | 34.242.107.139:443 | ms-cookie-sync.presage.io | tcp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| IE | 52.30.90.44:443 | match.prod.bidr.io | tcp |
| NL | 188.42.63.48:443 | dsp-ap.eskimi.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| SE | 13.50.192.155:443 | d5p.de17a.com | tcp |
| DE | 80.82.210.217:443 | cookie.active-agent.com | tcp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| IE | 52.30.90.44:443 | match.prod.bidr.io | tcp |
| NL | 188.42.63.48:443 | dsp-ap.eskimi.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| SE | 13.50.192.155:443 | d5p.de17a.com | tcp |
| DE | 80.82.210.217:443 | cookie.active-agent.com | tcp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 172.67.40.173:443 | mwzeom.zeotap.com | tcp |
| IE | 52.48.186.154:443 | sync.crwdcntrl.net | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| IE | 52.51.80.79:443 | pr-bh.ybp.yahoo.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 64.158.223.140:443 | pubmatic-match.dotomi.com | tcp |
| NL | 142.250.179.194:443 | ade.googlesyndication.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 154.186.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.155.215.52.in-addr.arpa | udp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| IN | 142.250.182.99:443 | csi.gstatic.com | udp |
| GB | 23.53.175.107:443 | servedby.flashtalking.com | tcp |
| NL | 142.250.179.194:443 | ade.googlesyndication.com | udp |
| GB | 13.42.124.218:443 | ad-events.flashtalking.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 52.54.28.112:443 | sync.srv.stackadapt.com | tcp |
| NL | 142.250.179.130:443 | googleads4.g.doubleclick.net | tcp |
| NL | 63.215.202.140:443 | openx2-match.dotomi.com | tcp |
| NL | 64.227.64.62:443 | match.adsby.bidtheatre.com | tcp |
| GB | 185.64.190.81:443 | image4.pubmatic.com | tcp |
| IE | 99.80.57.14:443 | d9.flashtalking.com | tcp |
| NL | 185.89.210.90:443 | ib.adnxs.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 34.111.131.239:443 | idsync.frontend.weborama.fr | tcp |
| US | 47.253.61.56:443 | gw-iad-bid.ymmobi.com | tcp |
| BE | 18.239.208.87:443 | cdn.ldplayer.net | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| FR | 91.134.110.129:443 | prg.smartadserver.com | tcp |
| BE | 18.239.208.58:443 | apien.ldplayer.net | udp |
| NL | 142.251.36.54:443 | play-lh.googleusercontent.com | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| US | 34.160.236.64:443 | odr.mookie1.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 34.111.60.239:443 | images.mediago.io | udp |
| FR | 178.250.7.12:443 | rtb.fr3.eu.criteo.com | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| IE | 52.30.90.44:443 | match.prod.bidr.io | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 142.250.179.193:443 | f00aff6633c0a56f300a4c5064233488.safeframe.googlesyndication.com | tcp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| BE | 18.239.208.117:443 | tagan.adlightning.com | tcp |
| BE | 18.239.208.117:443 | tagan.adlightning.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 172.67.138.13:443 | adxbid.info | udp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| FR | 51.178.195.212:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 185.89.210.90:443 | ib.adnxs.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| US | 52.72.127.219:443 | sync.ipredictive.com | tcp |
| US | 104.18.25.173:443 | a.tribalfusion.com | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 52.54.28.112:443 | sync.srv.stackadapt.com | tcp |
| US | 52.54.28.112:443 | sync.srv.stackadapt.com | tcp |
| US | 52.54.28.112:443 | sync.srv.stackadapt.com | tcp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| DK | 37.157.2.228:443 | c1.adform.net | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 104.18.25.173:443 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| IE | 54.72.143.83:443 | ap.lijit.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| NL | 188.42.196.115:443 | ads.betweendigital.com | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| NL | 147.75.84.127:443 | prebid.a-mo.net | tcp |
| NL | 147.75.84.127:443 | prebid.a-mo.net | tcp |
| NL | 147.75.84.158:443 | pb-am.a-mo.net | tcp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.196.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| GB | 84.17.50.9:443 | vid.vidoomy.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| GB | 89.187.167.39:443 | vid.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | a.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | a.vidoomy.com | tcp |
| BE | 35.206.140.87:443 | pool.admedo.com | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| BE | 35.206.140.87:443 | pool.admedo.com | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| BE | 18.239.208.87:443 | cdn.ldplayer.net | tcp |
| BE | 18.239.190.198:443 | d19mtdoi3rn3ox.cloudfront.net | tcp |
| GB | 216.137.34.195:443 | d1arl2thrafelv.cloudfront.net | tcp |
| GB | 216.137.34.195:443 | d1arl2thrafelv.cloudfront.net | tcp |
| FR | 217.182.178.234:443 | rtb-csync.smartadserver.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| BE | 18.239.208.107:443 | encdn.ldmnq.com | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| CL | 34.0.63.29:443 | e2c70.gcp.gvt2.com | tcp |
| CL | 34.0.63.29:443 | e2c70.gcp.gvt2.com | tcp |
| US | 35.206.35.210:443 | e2c48.gcp.gvt2.com | tcp |
| US | 142.250.68.227:443 | beacons.gvt2.com | tcp |
| US | 142.250.68.227:443 | beacons.gvt2.com | tcp |
| US | 142.250.68.227:443 | beacons.gvt2.com | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 142.250.68.227:443 | beacons.gvt2.com | udp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| US | 142.250.68.227:443 | beacons.gvt2.com | tcp |
| GB | 13.224.132.98:443 | apien.ldmnq.com | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.245.218.124:443 | ad.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 163.181.57.232:443 | en.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | advertise.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 232.57.181.163.in-addr.arpa | udp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 162.159.128.233:443 | discord.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | udp |
| BE | 18.239.208.58:443 | encdn.ldmnq.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| IT | 34.17.18.17:443 | e2c61.gcp.gvt2.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 18.245.218.124:443 | ad.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| BE | 18.239.208.58:443 | encdn.ldmnq.com | tcp |
| NL | 142.251.36.54:443 | i.ytimg.com | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 13.224.132.98:80 | apien.ldmnq.com | tcp |
| GB | 13.224.132.98:443 | apien.ldmnq.com | tcp |
| GB | 163.181.57.236:443 | www.ldplayer.net | tcp |
| GB | 163.181.57.236:443 | www.ldplayer.net | tcp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| NL | 142.250.179.174:443 | www.youtube.com | tcp |
| NL | 142.250.179.174:443 | www.youtube.com | tcp |
| GB | 18.245.218.124:443 | ad.ldplayer.net | tcp |
| NL | 142.250.179.142:443 | www.youtube.com | udp |
| NL | 142.250.179.150:443 | i.ytimg.com | tcp |
| BE | 18.239.208.107:443 | encdn.ldmnq.com | tcp |
| BE | 18.239.208.107:443 | encdn.ldmnq.com | tcp |
| BE | 18.239.208.107:443 | encdn.ldmnq.com | tcp |
| BE | 18.239.208.107:443 | encdn.ldmnq.com | tcp |
| BE | 18.239.208.107:443 | encdn.ldmnq.com | tcp |
| BE | 18.239.208.107:443 | encdn.ldmnq.com | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| GB | 92.123.143.201:80 | apps.identrust.com | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| NL | 142.250.179.174:443 | www.youtube.com | udp |
| NL | 142.251.36.14:443 | www.youtube.com | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| GB | 52.84.90.3:443 | apien.ldplayer.net | tcp |
| NL | 142.251.36.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.90.84.52.in-addr.arpa | udp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| NL | 142.251.36.2:443 | www.googletagservices.com | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 172.217.168.234:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| GB | 13.224.132.98:443 | apien.ldmnq.com | tcp |
| NL | 172.217.168.234:443 | jnn-pa.googleapis.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| BE | 18.239.212.129:443 | c.amazon-adsystem.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| GB | 216.137.44.59:443 | tagan.adlightning.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.212.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.44.137.216.in-addr.arpa | udp |
| GB | 52.84.90.40:443 | config.aps.amazon-adsystem.com | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| BE | 18.239.208.102:443 | tags.crwdcntrl.net | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| IE | 54.194.254.146:443 | bcp.crwdcntrl.net | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| GB | 18.245.218.124:443 | ad.ldplayer.net | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| NL | 172.217.168.195:443 | beacons3.gvt2.com | tcp |
| NL | 172.217.168.195:443 | beacons3.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | udp |
| ID | 35.219.111.231:443 | e2c37.gcp.gvt2.com | tcp |
| ID | 35.219.111.231:443 | e2c37.gcp.gvt2.com | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 142.250.68.227:443 | beacons.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_4732_UWMMDXYMDHERWSUP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e
| MD5 | 67e59a06ec50dcd4aebe11bb4a7e99a5 |
| SHA1 | 5d073dbe75e1a8b4ff9c3120df0084f373768dae |
| SHA256 | 14be8f816315d26d4bc7f78088d502eff79dee045f9e6b239493a707758107fe |
| SHA512 | 6364515e92ed455f837dcc021cc5d7bbab8eac2a61140de17ff6a67dfdbbd8fbdded5ce739d001a0ba555b6693dafdb6af83424d6643ff6efddc46d391b21d95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
| MD5 | 631c4ff7d6e4024e5bdf8eb9fc2a2bcb |
| SHA1 | c59d67b2bb027b438d05bd7c3ad9214393ef51c6 |
| SHA256 | 27ccc7fad443790d6f9dc6fbb217fc2bc6e12f6a88e010e76d58cc33e1e99c82 |
| SHA512 | 12517b3522fcc96cfafc031903de605609f91232a965d92473be5c1e7fc9ad4b1a46fa38c554e0613f0b1cfb02fd0a14122eaf77a0bbf3a06bd5868d31d0160e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 86a718ba079854a355491f30ea121ff6 |
| SHA1 | 8bfc17aeee4a13b043cdfb427d322a9ea01b6a30 |
| SHA256 | 836418ae32ea83f15d3e85601550b824cc848b12f1e6ee44945a4da1549012e6 |
| SHA512 | 1710fcc114c93b099626dd2d8b63c770506ab147c3af067dbf6d77d18fea104e54c3cfa8ac5507d582bd44bca44396ad7b043d719534a0fba761d1a7bc08db1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6ec495d1fdd79d5d3d8494b7dd53e0b9 |
| SHA1 | e940089f89617fcd904117805da5c63919ee7deb |
| SHA256 | ad4ef8376f7da9965233be86fca60a77edb07281a1965d8051b7f7cea05d7129 |
| SHA512 | 76f5b82edac5e9a27b8e004e998287d2074c0ab37c064156e9a5eee446f500c825956c46980e867553bc266f16393747f358ab833984bf9084c7c077483fa1db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d96bd3b61b9f2877_0
| MD5 | 9e46df72e43d1e4c7cf8014e4640ca07 |
| SHA1 | ef38aacdc7413475c106aa4ddda517b6997cfcba |
| SHA256 | 85f06a0687bd3fe45b204f622e3edb326ef40b7d98adb8519c9862510bebcd3c |
| SHA512 | 937af1a5029863a3cffc70b922ed5b8d7f4012129127e97d476d53df5a67263924ed4d191f5a56f2a2cb113bca6d46d1be328f318c0e0f931ee859d616ee9c75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\65e337d7-394a-44c4-b3e2-e77be3ac4c5b.tmp
| MD5 | 8a1bb0a90a21659619b2134700dd653e |
| SHA1 | c32e8b44ee71aa31bdf6ec4147bce9943cd88b29 |
| SHA256 | b775e3645515126b8025259d9f868787fc6016ac019b25e3a6a6938497dbe1af |
| SHA512 | 912d53cead8bae4d16904a6836055f480195d4fe651e4460f062c602f01dbb4613ffb547e830948aa9575cbf3b7efdb37c13cac0c5a39741e01f299d86bc99d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b74905d4f8de606bb3e923412398f828 |
| SHA1 | 5dc688fb41dd6f2cbc1ba2b2c4d77865070ab392 |
| SHA256 | 99efcad7a7bc9a82ca0d81488f3347db80d560176b71929e74c448357484c23c |
| SHA512 | c91e11c1b64f93214ec20930b4f17c9677405eb2629895b6e3a2bdd173f5a3743686c8e743081ba25e07bc3f864649d021b6a846febab7ab8e3ccfea6d797c1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 329f4f657ed48c0f7898a3be9c615ec1 |
| SHA1 | 527770ad27b46979f41ab7909a785bc7b767871c |
| SHA256 | 7b03cd4d4d1c088f9196cad6d4efee61167fe9fbbfda4498417290ef0f211c23 |
| SHA512 | 1c42d4c7d47d156e282e1d6c577e1955e8037105a534b5a17289e42d86e89f5321cbec23c832ae62789a819e96e3223d50f01417deaa36d1611e0dc1c4b637a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 46e6043b3a70e5986f0b72a748d9e3e2 |
| SHA1 | 5d3ac460401a49fb84286e0f8b9edf6167530fa6 |
| SHA256 | 171b12a8c0900d5f0d9e700eb668c02f167ad6f7adce4b9c36201ee10aeae005 |
| SHA512 | c0f875ed0d9e05a7439ac9d160edf59ed3b1b384b87dca5b75de3ba11a47a94d543f108ee60aaf421c965c0635408003535795e0f6601afdef4010d982724385 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | 89a574ff00e6b0ec61d995d059ce6e65 |
| SHA1 | aea09e96808ab77165ffa712eaa58b8f056d0bb6 |
| SHA256 | e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44 |
| SHA512 | 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | cfa2ab4f9278c82c01d2320d480258fe |
| SHA1 | ba1468b2006b74fe48be560d3e87f181e8d8ba77 |
| SHA256 | d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e |
| SHA512 | 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | c55dbb2a5e2048f8ac7b88cafbe13ab6 |
| SHA1 | 6629572a0fd059184b4e5c57687fa414fa7283d3 |
| SHA256 | a82abfaf7dd683f673153324de1295a2a952e5b40fbbc581b5fc39603883f5cb |
| SHA512 | 61336d53f5f14636ad0552e92bafec6ab262faea08d28143dbe6f631bd6be86ed1b6b2dd5a2127cde53a1405ee4bc8384c3327521571917dc22c7fd553f108aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062
| MD5 | 9f9bbd12ae5894046810e6736ec4d892 |
| SHA1 | 9e81b764a40ec39f6667c54b8d40da0b97cb5a7f |
| SHA256 | 8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4 |
| SHA512 | 57d5b59de422394856e15b2d65c1f2a9e85a1b012c954ecad98682a84c7f90ff00be91819c8ae9cd123270e2cf446d69bfb248bde471a29846d57bf401417eaa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 658126ab612e59a6c24b528d4ae8b5d6 |
| SHA1 | d2246adbb6e2442e9d426c662ef41c8b3f9e2408 |
| SHA256 | 3b474c18199c614aad4ecf7572df3387614705b105a39cd4a3e69e8da689badf |
| SHA512 | a7e0c15234ac4ed364ecc5c66a02e5d40da0a209c6bd6b0081a1f4bea4974d3ad4f0ce3081e30ddccab05a4191ecb227bcf48281dd47eb4c0ec3c7bf5de2ec86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 813e58b8e21d0b1748f74a8d662756e2 |
| SHA1 | 47b10130867d1c5494612e027a67e05e18c96de8 |
| SHA256 | 82423b427fdff54d1ad5de41e2771e9887756dd19a6fff0d62b82540df60e03a |
| SHA512 | 4b35cc85343c5bc9eb6a568a5ee977649b4a6ba76c127dbedf3c33dbc4adf953ee26b27049b575093c55357617e1747b25b7ef7ffca7766fe6473a9531652a09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d328ea932e26bebe4d0a45aa4ba9077e |
| SHA1 | 87b42d694509c3b349af7c77eae9d7648533bfae |
| SHA256 | 72dde9bd579b0baccc69f6b564f3745ddf5dd34974c0020bd8e33f93fdf8f4d3 |
| SHA512 | 089610c83aed2d7c5e99bdb20ac58e2fae48e67c92d88839131795635d0f6b680b47781538ae75dd9177c08480e524d5c20dffddc42d649ef7c222028114a26d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 502385e4091681d53a0bd41e8a574156 |
| SHA1 | bd1a53175130fa974cded45146eb6fa9210bf3c0 |
| SHA256 | 06f89a42f77fa9ef33f4cae248cdae7a25afacd258a6db0104eca61d01851075 |
| SHA512 | b6492365ea647b45ccc530828f3a5a49d07d98c0fe9e05d38a744d274acf3139e0c9d91403708cba563fd47e12e653a6e33eedf7d1c3f5c368214b12d226bb9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\997ec6074dcf01fc_0
| MD5 | 5bce8f67b0d5202c01c456fd5e34f317 |
| SHA1 | ac874f14d36641b98fa09c3fe79ee83d460049a5 |
| SHA256 | 4ae4fb10d1f151b8946f04c2be38ed3dfa6d45acd9b9c6fb77b4560fdcb42aa5 |
| SHA512 | 87525523aa1e78f40348edc00f16d78bbae99794cf2b773bd4cc30c19b6568a2598c2f464088c0cc5d79b78305b3f7cc825ca87d66d179cef09367dcce2fac8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
| MD5 | 6fb26b39d8dcf2f09ef8aebb8a5ffe23 |
| SHA1 | 578cac24c947a6d24bc05a6aa305756dd70e9ac3 |
| SHA256 | 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059 |
| SHA512 | c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f
| MD5 | 05e9679509b61424a07cc4d4efb7247f |
| SHA1 | db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81 |
| SHA256 | 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b |
| SHA512 | 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000071
| MD5 | 9d20eb804997d4975bc6dbbeae685370 |
| SHA1 | 9d865e910aa409ee4b3b502ef91669d0972d911a |
| SHA256 | 406b88ec04620adfbc69711d62555ff821f3e8d3441ae6fb1ff0682cc7b36439 |
| SHA512 | 9ca848c27c244f0300a96e6d90dd1ebc354642e13c5716d195400729cdd375a15ed9cdb8b5997369d20a989c4f97360e0568b1c201518628818bed9c535fe7fd |
C:\Users\Admin\Downloads\LDPlayer9_ens_com.samsung.galaxy.a14.trend_3040_ld.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fcb34b783bca583026a079cd20dc1054 |
| SHA1 | b0d99429bcee854c2cea6a5b7ff5d5e242d9fafc |
| SHA256 | 74eef1b902beb41f22c42d379f8716b582e02c6a2c85cf6f7205f54a1b8da71b |
| SHA512 | b70c425d89581c9a8612686ecf925d310fa06fc9834661c67425c7d98864ba236c3bcc2855b66b660144b7aef83a00d7e5581a5333f112e72ef2d9178f0abdbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 420cd4ad0c745ab07802e2271e1f933a |
| SHA1 | 33bff2d1ae7674b830d336df7a3098658a4be04d |
| SHA256 | 49b41a42db165bd928e69ee9ccd9596c97e832bf83156fd792e6b3cb0d4782c0 |
| SHA512 | e7d66ec512c9f2983ff58b039d807434bf03e93579c9183d43998613c321a718e483a8bcd363a5cbc2d21ed7373aa9d74868dd5fd3262b68f120f226368b361d |
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | d9cb0b4a66458d85470ccf9b3575c0e7 |
| SHA1 | 1572092be5489725cffbabe2f59eba094ee1d8a1 |
| SHA256 | 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05 |
| SHA512 | 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6 |
memory/424-1058-0x0000000006350000-0x0000000006360000-memory.dmp
memory/424-1059-0x00000000727AE000-0x00000000727AF000-memory.dmp
memory/424-1063-0x0000000006670000-0x0000000006686000-memory.dmp
memory/424-1064-0x0000000073060000-0x0000000073076000-memory.dmp
memory/424-1066-0x0000000008D80000-0x0000000009326000-memory.dmp
memory/424-1067-0x00000000088C0000-0x0000000008952000-memory.dmp
memory/424-1077-0x0000000002DF0000-0x0000000002E34000-memory.dmp
memory/424-1078-0x0000000009880000-0x000000000991C000-memory.dmp
memory/424-1079-0x0000000003500000-0x0000000003566000-memory.dmp
memory/424-1080-0x000000000A2C0000-0x000000000A7EC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0211c28f5af7544f8014696f003311d7 |
| SHA1 | 1f2db9ff3ace44864e1fa7b650a9cd047841fb68 |
| SHA256 | 4b940f4ec93938af254ac7634e140338a760feb6211766d4888cc2982bc30696 |
| SHA512 | 54b13dd5dd39b1377175f40dbedc704c43c690f778bde43b8fbe1952e3a8bef597ffd4dc27ffceac8e74ab320b290387c815db053679837f56eb7400646709c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5ca9e25ab2aaea753d278380d8cb04f5 |
| SHA1 | ff9f38cf4f98116faf140c3464100c41931738a9 |
| SHA256 | 798261b876525c3b1a51bc883269bff818621e7a468fde7f0f340fecb8e1bac3 |
| SHA512 | 45a41d1390f257756bc03b2bc5b22631030f5ee2195b8ab42dd83ce0e100f5c6e22580e9e219d48fbd75c7033bf8101fab2a38f8cb12908ef65643ee4ea018c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a923aa9f1c01cdffadcc045d3280e58b |
| SHA1 | bda4e89434c59ff11c50ec95a6e12a78921eaa90 |
| SHA256 | bccb37cb64e871f5d5fdc1d25237a744433fcf7425a0812be9c8b78101a0b749 |
| SHA512 | 79e912d10232e06e2abe7220dc81f34c716d960789fe0e17c9c9faea5bb7e0a4a33538b2a41b3fd03ce47865b20e7434813743c0d67ec71aef75fe00c027bf6a |
memory/424-1103-0x000000000A1B0000-0x000000000A1BA000-memory.dmp
memory/424-1104-0x000000000B180000-0x000000000B1D0000-memory.dmp
memory/424-1105-0x000000000B390000-0x000000000B442000-memory.dmp
memory/424-1106-0x000000000B330000-0x000000000B34A000-memory.dmp
memory/424-1107-0x000000000B4A0000-0x000000000B4B2000-memory.dmp
memory/424-1108-0x000000000B510000-0x000000000B530000-memory.dmp
memory/424-1109-0x000000000B570000-0x000000000B5A2000-memory.dmp
memory/424-1110-0x000000000B620000-0x000000000B686000-memory.dmp
memory/424-1111-0x000000000B5D0000-0x000000000B5EE000-memory.dmp
memory/424-1112-0x000000000B5F0000-0x000000000B60A000-memory.dmp
memory/424-1113-0x00000000727A0000-0x0000000072F51000-memory.dmp
memory/424-1114-0x0000000006350000-0x0000000006360000-memory.dmp
memory/424-1115-0x00000000727A0000-0x0000000072F51000-memory.dmp
memory/424-1119-0x00000000727AE000-0x00000000727AF000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0d3a2952efe8756f004ff5dd818a0640 |
| SHA1 | db896007961776ff81eaf21300d949024cc994dd |
| SHA256 | 3a8825e0c33ac285716ef58f54c5fafb8117de236b71ee69bad4982498ddf27f |
| SHA512 | 2704b699e0604805e041664fd9ce35dbce47eef59862927c1e0b73dfc546b321efdd63ab06efd04e580b5c0e6bead31a092fa089262c002191f8ee20287e315f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c842dece33d56128d145f8773b937f09 |
| SHA1 | 7905ec78a8dffc26410fdedbb3ca2763128941fc |
| SHA256 | 81ad318d6743d30b741e36cbd8ebbd9cc63898ef22804ace90d5b1b47c37e3cf |
| SHA512 | 8356bd1f688869864c79d0048280e8369ae7d6c264576c9078476b368ed4c6481f5879bf1c8099cb085329e49ba56e5ce6e845a1cfb7f0bd186d7a4ac8a34fa3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6bc178d68df37997d702f3b14c67b813 |
| SHA1 | 2984a57e3e96e7f6a668a6fbe01affa104ddc592 |
| SHA256 | 40ab53b975af29d541dbc9c51887ebb23a44db0b43fb5964e1f8adbb74f15b69 |
| SHA512 | edd03a3b4e15ec6433c13f442fd03937c23637cc89f9bfdf4a7b434f4c403c19f8e10c58ebef37fb4bf0bee63434b9e8f53a02919855ac5f189cbed55a40b8c4 |
memory/424-1156-0x00000000727A0000-0x0000000072F51000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ddbf1d6c86a66fcf15625900671317a4 |
| SHA1 | bc08e0c24663515723bee9ffd7d5b81448446933 |
| SHA256 | 31f30588e14a7fe566bdb810f79b3590e8a6d04117e10ab31c278deabcdef343 |
| SHA512 | fdccee2179c6f60338f3b33254781ab5274b10484449d475f622917f6617247614cc2c16e7b72b0c6f20300b1c39b812e33c3dd0d4baa48628027218ff8852ad |
memory/424-1182-0x00000000727A0000-0x0000000072F51000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 031f979e7804c12be42953b75ee24298 |
| SHA1 | b6c484320ad505e6417d3d50c14acb89addd48e3 |
| SHA256 | a6ba4896ca31da28ea74fa828c8d46aeb4b47249c0292844c3b592f38f05c6b3 |
| SHA512 | a1491760d244482947168835b2fbfe17967c130acae1ed27859c56faed52bef3e355501fae8d1b37ac70e7d291b3892f5f2c89feda7359b92ac8340e5498e90a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 5be810db8d9326f2071871e506bc347e |
| SHA1 | ace9e86b2c7cd0be79a2108c54a461c59f57ee97 |
| SHA256 | 52522dfe4341de8d2fa6243445be0dab23344b9d10b39af7ff7b7c862fa391de |
| SHA512 | 5c63ef7ac02fd8c27fe022915e40563596b4c6102b7a8ee20fa72d91f944107ec6574b0a7ea89e749fce9962f2d781ee86380d987d0885f18a2807eb1884a10a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 84c0530f335f7017bdf7b44c74c096a4 |
| SHA1 | 59039ef74c70d6fc20321f0589b898e1c13afd77 |
| SHA256 | 9c2400d88991ec94437e75f715c2fde15cdf9cdf38c78744636c67091c11969b |
| SHA512 | 60d3b87c83bce06503410c0ae0f00755d3f3048896ae70ef371e81f4b890bfae24a7e8a18f8aba5e759f0bd2ff85dbdd000e145107109c3871fd50373b1b5681 |
C:\Windows\Logs\DISM\dism.log
| MD5 | dbfb2348e18a5eef81bf3b73148c2d65 |
| SHA1 | 6ab7aff84353763da77f8652de095e70181f3d3b |
| SHA256 | 69e873ca05dd088ddb5e382634bd55f4d01b4e33f3874508276085dc7082aea3 |
| SHA512 | c8455b2176f558449606898696acdef997fcb82c52286b35c083a37ab2fa6ed18110333ae49dd7a1aecce996df8ffe52a3d8164934e0fd2eb6b06ea23ebfcd8e |
memory/4476-1763-0x0000000002A90000-0x0000000002AC6000-memory.dmp
memory/4476-1764-0x00000000055B0000-0x0000000005BDA000-memory.dmp
memory/4476-1765-0x0000000005C10000-0x0000000005C32000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1ecpg512.v1m.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4476-1774-0x0000000005D90000-0x00000000060E7000-memory.dmp
memory/4476-1775-0x0000000006290000-0x00000000062AE000-memory.dmp
memory/4476-1776-0x00000000067E0000-0x000000000682C000-memory.dmp
memory/4476-1777-0x0000000007470000-0x00000000074A4000-memory.dmp
memory/4476-1778-0x000000006E170000-0x000000006E1BC000-memory.dmp
memory/4476-1787-0x0000000006890000-0x00000000068AE000-memory.dmp
memory/4476-1788-0x00000000074B0000-0x0000000007554000-memory.dmp
memory/4476-1789-0x0000000007C20000-0x000000000829A000-memory.dmp
memory/4476-1790-0x0000000007650000-0x000000000765A000-memory.dmp
memory/4476-1791-0x0000000007860000-0x00000000078F6000-memory.dmp
memory/4476-1792-0x00000000077E0000-0x00000000077F1000-memory.dmp
memory/4476-1793-0x0000000007820000-0x000000000782E000-memory.dmp
memory/4476-1794-0x0000000007900000-0x000000000791A000-memory.dmp
memory/2104-1805-0x000000006E170000-0x000000006E1BC000-memory.dmp
memory/5224-1823-0x00000000064F0000-0x0000000006847000-memory.dmp
memory/5224-1824-0x000000006E170000-0x000000006E1BC000-memory.dmp
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | 6fe5ee1daf303963482ffc414b1f4aed |
| SHA1 | 076ebaeeb02853d96e20085fbedaf7e61f3a60d3 |
| SHA256 | 2685e5c1aa3cdead02024f21abadb413c6dc130946f7b44ca01b0cea64bdd2ae |
| SHA512 | 8bc6758c95a53ebcd6b6fd27bdd3165f91bcd8f370d677afb7d599865b57ecad274eb21502235eeb64ad2624046cafa9f14576221b1503e333815df5a6dfe134 |
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 77138e2662cdeffd61cf6210ae3fb8ca |
| SHA1 | a085b99630efc74cedd0be9a0eeb57eff7b3850f |
| SHA256 | 68c83685da55573ae966db3113ee513dd76ba489024373968e527bd44d814724 |
| SHA512 | a4621910aa3ae4b5dfa558e69d0270717341467cf067d9397e2bbf118f789c87eef8750ecb25ffd9c60f51f35ceb40b211ce9a738116c4dfc06e543ac90d1bcc |
memory/5172-1915-0x00000000010C0000-0x00000000010D6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b0177afa818e013394b36a04cb111278 |
| SHA1 | dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5 |
| SHA256 | ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d |
| SHA512 | d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db |
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | b2e3ba2084f827f2e46a917983363f0b |
| SHA1 | 41fd27f8688b7a755abc0acc72a2a6a0e1045c78 |
| SHA256 | 7daa3d35584a7e87c3e8e3afeb436d088209966471d6c766328087823f1f3e73 |
| SHA512 | 4aea989bda6efc91836264f04f23fb3760764e3ef7809f618ad949c2e64b5a167fe5d054607535ec22fea4942d9ddc5ea7f70a1f529ee23633c1cd275d90e508 |
memory/5172-1934-0x0000000036D20000-0x0000000036D30000-memory.dmp
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
memory/424-1967-0x00000000727A0000-0x0000000072F51000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9af507866fb23dace6259791c377531f |
| SHA1 | 5a5914fc48341ac112bfcd71b946fc0b2619f933 |
| SHA256 | 5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f |
| SHA512 | c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41f2f6b7b067ec9b07ec5ef31e655420 |
| SHA1 | 76bb02d14bb7d468c3b0306dd3b4c4f0211bcd6b |
| SHA256 | 8bdb570410e9de2a901ed6c41fb51cb22200e26e5e99f532cd5f3fde43692a61 |
| SHA512 | 5b8017af0ddd9066b1181e77cb182bd53a340c49b8634619ee2832002b8108b683aa4be199e27f1839c83c9223682126ec137e6d59ef41fe84d36f38b8608978 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | cb462333eaf1d2da0640076fd8517544 |
| SHA1 | 5b97ac80b31652b6dbd4aeac638e7dd335d77913 |
| SHA256 | cf4798afdc0e95bdfaf9e2aa7c855de30725da4cc6f918e7c4eafd8381f90eee |
| SHA512 | cf910435681280dae640d734b0356b18bce88fa23ca8658f578f86eed3ba5d9b69baee8563ce9dc6fe7185e92e258c1e3c79ef214ce35b361a0253149a3d374c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e6bc92758e151026fac5f3e3b16f5637 |
| SHA1 | 3caeeae7511c0454069e529fad7f0989fe12fc0c |
| SHA256 | 153e4343f6801f6599c502ed356dccc33a8e68fe98676734e9dbaeef2742784a |
| SHA512 | 277c95edd3cd7e4379caea23ea6aae9811eff4040f4e890d63ec8c522c56e6e5fe728b906a731eee94fe2a4485d3e131fb0cc8c4d46e984ab3092e691f04d78b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 5730615dc0f2a7841ccefa2564c0767e |
| SHA1 | 072ad6e1e8b062b4e9fd38568398b3982118319b |
| SHA256 | 1d4f1a8a04ab19cecffe2b2abfc2bca6e58a2223863524a5c4884e234a2f1824 |
| SHA512 | 87ba2f3e3f1bd61dce7f49c09c9153a9abd168f0c49ea5390fc0e16c9c78f5ca5a997354cadfd997fdfa9f53afa7aed3ab3198ca3329c701dfb971fd580be372 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dacc50073b592f9da990d4ccf2d03f94 |
| SHA1 | 1b7ec048427972b5493671c0e0cafa35aeb22c5d |
| SHA256 | c974ffc89a909822720a433359eb795d466346796ac9008e600ee10b9f3e2fe1 |
| SHA512 | 948b69312416997c00f0d5593b2b85ce419e2095dab4008bf42b8a1d8e7498ba48b049137f2a29ec496edc05a266f7d3cd7b3d78200c89d135e74a88f8589844 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | fb27a5afc7d344e6c83f807c6d8892dc |
| SHA1 | 4304f79089a599fa89e5ffec15a93d9ebf042285 |
| SHA256 | ef2f8bb51abc91e0640ee8d2d37b912feacb3c558b4da1b719020557408fa24c |
| SHA512 | 90b8e77c45cc92e44d4f1c43e9b2faa99e4834dd1c3cf28a118c5537580a17d1b10c87ce7b731a9c884866a1812fe59196bbd2eaed60b7edcfb59ce7853628fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 596016ca0cd6c3cca538019f694f03b4 |
| SHA1 | fd88c29039b1f7149bc569e50f5970c5a4452697 |
| SHA256 | 4450ee7f6bbcbf4b33c15db024b058a7c312b10da7baa80b8e6cf62275622c1e |
| SHA512 | d4821ec1c73013e5f5329cf3b1d75442fd58b4f5b53d9e93901484bc334ad6f066641f8249fbababf373768b32c3a20b607e0ad46c48ffad88cf3d579c1239f9 |
memory/5172-2304-0x000000006BB50000-0x000000006BBA9000-memory.dmp
memory/5172-2305-0x000000006BCB0000-0x000000006C256000-memory.dmp
memory/5172-2303-0x000000006BBB0000-0x000000006BC2A000-memory.dmp
memory/5172-2302-0x000000006BC30000-0x000000006BCAE000-memory.dmp
memory/5172-2306-0x000000006C3A0000-0x000000006DD9B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 26a87ec6680ee093355fb52e980fa24a |
| SHA1 | 415b66b4d86914ab043dfca125880c9b24e12436 |
| SHA256 | ba9b8fcd2cbe9fdd19096b48301bec18c72295a29dc2ea7d803e375e31ef32a5 |
| SHA512 | 862b1d422ec6eff878831198ac05762aa9060b38ce2f1d645467b6e551eee6d6f21b0dbd9a963895adbbc575a5291d0adcb84930f0332277b0676734698e0ce0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 72ba3480e1aecb7a48c67e9ca03f646a |
| SHA1 | 12872e46c044abf567c68b965328c088ba1297ad |
| SHA256 | 8a6df58943d92b54faeb6d173cc7e57ffd12d9cbd40f9d02612d1779e4433e25 |
| SHA512 | 29837341a677ee47c010651756bfa753c7a71e915dd108af88f4df83820233048e90cffe1a9b8972ab9a7a8f9086f48917ad8a297822ceea72b731ff8c0e8e3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8578e376993dad28d1f714cc6ec4b3b8 |
| SHA1 | 2329dfda7f12578f22ad75fdbc71a6819f0d849f |
| SHA256 | 1217b68fbabec00e15c5c251e2e32c7848c045c6fef70bfa41a63f917cfd9d6a |
| SHA512 | 3aa1dad04cf84215150dd9025fe27bc708af4c1505bad0c75f3363fd086475289997db954625d5a91262cca89df7a08b8be0d92dd0528942c1a4271fd08919a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 369de3bd685199d14ff6882482af997c |
| SHA1 | 74251279cb60e4a0d4ce192cef9563e0da69b590 |
| SHA256 | 86f13e122a4bf3401c36418a3445229e887b38f96ef96f437eb723be166d61e6 |
| SHA512 | 1b632c1c2916563ec45e81d87986637584579c5120fc60aca442309e2252a4bc12173b31ff09089a50150f612f9987283fe10dbba68165b9744409243fef367f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 122bc474329d1166de9772dfd890ca35 |
| SHA1 | 2765798669b0315c0da9016bf4e5733eb7c10616 |
| SHA256 | ec52df492f7b111317a427ef274fffe711f6022b8cacb5b3e1f83a81688b2b16 |
| SHA512 | 536a629c8fceb36791e2de66badf4f0bd0388c06ad273b3591136ebfeec9fcd8624b7d0bf24ac95440a2b7c222399c6850faf40c8990f350589b948660f58cbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c643e884b82232d798ad60952c5988db |
| SHA1 | 6d0c00fb407974b68dcc8a20c3a0f0342bb96e93 |
| SHA256 | 7ea113654f2dd32c56940893a7539e7cf47de2e7b69142ff2b97e3acd6110c8d |
| SHA512 | d020eb0b3dbffbc18dbf4d63ae37a0fd0bfea190035ace18ad135cc7db52096373ede0452ee436db45999b58f8d2ef42750d231d247243393f4c65900c1bb82a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ad39d.TMP
| MD5 | 754db9a1d4e9c5a8a2e824cbcd8ea520 |
| SHA1 | 65c0d9cdd70ad5f49b36a80a7856fc11a8d26f94 |
| SHA256 | 5f152db2e4ebe538a18db2fe32f0fdbeba6f92a90f02f0ab1f4990969e761e5c |
| SHA512 | 25a4167d2c2c8ae7a553a0544ec12e6e596f79d1b54a1b8e3fe50f0ffaa9ad9204542b58c952fc46d472f0a78f8ad9c6142e8f43cc8022749b6a6fdf715f276f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 63c5b7b0a5064612c5691213d4e0bc30 |
| SHA1 | 8b2bc07a935b5a41a158bc3db17a6c61adcbfe80 |
| SHA256 | 5d81a5c595045611ca96cc0aa82e3fa5912abd384e6f31a046442b7e72ec4fe0 |
| SHA512 | bf8cc83b7563faa6d04f0a000cad9d23ff90f262efaa08ab6d7decfed9fadab057013b839141307306581d209dcd8dc819f37b17f4fb5aed4684c398cfc4867e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 04fb756d787b0782e9b4942a67ae3fdd |
| SHA1 | ab5ac56ee43222afb20d060edb47d7e5d7115af9 |
| SHA256 | fcab9440b848198c3d589830b9b9f801d59efff52c4d80004335d55c21078154 |
| SHA512 | a6b8fe82467c8bf9a149c25787b6f0055267c72fff4f4b2333450060ace81f88e4d54331c9182879c77f6cb0bae534ee47b9a2b9f962a9ed8d59bb4e2517f8ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43cda4eeb87fa49c19eb141217c85643 |
| SHA1 | dbced252a04de08ddf53b4b2c20804f7f3a6469c |
| SHA256 | 433ee4000f57452ddb23a886553f760da289e3b9dba4d3700e008159020c6692 |
| SHA512 | 3de4d260bfc2c63d9ba5d73d35ff88503a988fbc49780ee6ed73a44998a9045c0f920912f76db8f7b07efae0151d93a5e10926fb683d12d2d5274a4081eb9370 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ddd32b07580ce3c33757ccc4b19ef212 |
| SHA1 | 93820feb36fab5ded021d2ee1cb9d01cb7caf950 |
| SHA256 | da56e026139acc14491183288404c6aae126a7fbb5c570c76d1217beb7e3767e |
| SHA512 | 110ea68b6fc090b5462f5c8b5d405a986c128d4c826ca1c09c4e32dcfff8317eb801b1f9a6de2f6ea17bf102b0064493606d1448f41423eea9651875367988b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dab366a147359a379742746d1777cf9e |
| SHA1 | d9cb73b099df14f0549a1d4d5a62833155980945 |
| SHA256 | cba229d43a325ea8180a81019d4da26dde423b8aa361613fa253806268563cc5 |
| SHA512 | 402b48f6b622ff5a9eb0d519c37b8260fc2c6491349f2e3dbba9e4c4f324897b7eb1c5f5e6c612e4f7c6f674ad9d00d2763bf1973c11242406d4d9845dd0d324 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dc5eb66889465d97c35878d63cab63c2 |
| SHA1 | 7084a8ad7bdeaeacf1b3692caab60008050b41b6 |
| SHA256 | 472caf8d4b699759d9f5d2db8dce86b2738a3afa6c7ce1dc01d5c85bf7b25e4f |
| SHA512 | a06ad680d0fc5bd1f8e3e768ce18455315aa409514dcec4c396c2df3fdfca8e302f3577e84bc8a4bc472b28859a13bd87e09bd07ec021a7343c93de8ac0bc59d |