Malware Analysis Report

2024-11-16 12:49

Sample ID 240810-vyvw4szarq
Target https://www.ldplayer.net/apps/roblox-mod-menu-on-pc.html
Tags
discovery execution exploit persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://www.ldplayer.net/apps/roblox-mod-menu-on-pc.html was found to be: Likely malicious.

Malicious Activity Summary

discovery execution exploit persistence privilege_escalation

Creates new service(s)

Possible privilege escalation attempt

Downloads MZ/PE file

Manipulates Digital Signatures

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Executes dropped EXE

Modifies file permissions

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Drops file in System32 directory

Launches sc.exe

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

NTFS ADS

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Runs net.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: LoadsDriver

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-10 17:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-10 17:24

Reported

2024-08-10 17:29

Platform

win10v2004-20240802-en

Max time kernel

329s

Max time network

330s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/apps/roblox-mod-menu-on-pc.html

Signatures

Creates new service(s)

persistence execution

Downloads MZ/PE file

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\2.5.29.32\FuncName = "FormatVerisignExtension" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2011\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4\FuncName = "WVTAsn1SpcIndirectDataContentEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETCAPS\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\FuncName = "EncodeAttrSequence" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\winmgmts:{impersonationLevel=Impersonate}!\root\cimv2 C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\ldplayer9box\Ld9VMMR0.r0 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-util-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-datetime-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf-PreW10.cat C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\libcrypto-1_1-x64.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxAuthSimple.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-conio-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxSVC.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSDL.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\load.cmd C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\regsvr32_x86.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\libssl-1_1.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSampleDevice.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\dpinst_64.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcp100.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxRT.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-environment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcp140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\libcurl.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-errorhandling-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\GLES_CM.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\USBUninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-convert-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-runtime-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-heap-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\capi.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5Gui.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\vbox-img.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-localization-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-locale-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxSup.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDDU.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-profile-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-file-l2-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\capi.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-runtime-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxManage.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-sysinfo-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-conio-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\ossltest.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5WinExtras.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\tstVBoxDbg.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\USBTest.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9VMMR0.r0 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf.cat C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDragAndDropSvc.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\msvcp120.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxSup.inf C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\NetAdp6Install.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxStub.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-errorhandling-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\dism.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\NumMethods\ = "14" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7}\ = "IBIOSSettings" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C380-4510-BC7C-19314A7352F1} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7e67-4144-bf34-41c38e8b4cc7} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-b7f1-4a5a-a4ef-a11dd9c2a458} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-800A-40F8-87A6-170D02249A55}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2354-4267-883F-2F417D216519}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\ = "IEventSourceChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A161-41F1-B583-4892F4A9D5D5}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\ = "INetworkAdapter" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E64A-4908-804E-371CAD23A756}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8F30-401B-A8CD-FE31DBE839C0} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\ = "IDnDTarget" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A2-41AF-A05F-D7C661ABAEBE}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1a29-4a19-92cf-02285773f3b5} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42da-c94b-8aec-21968e08355d} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1F04-4191-AA2F-1FAC9646AE4C}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5409-414B-BD16-77DF7BA3451E} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4C4-4020-A185-0D2881BCFA8B}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E64A-4908-804E-371CAD23A756}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B855-40B8-AB0C-44D3515B4528}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-800a-40f8-87a6-170d02249a55} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox\CurVer C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2E88-4436-83D7-50F3E64D0503}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\ = "IGuestMonitorChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-394D-44D3-9EDB-AF2C4472C40A}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\NumMethods\ = "21" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-659C-488B-835C-4ECA7AE71C6C}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-b7db-4616-aac6-cfb94d89ba78} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057D-4391-B928-F14B06B710C5}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E72-4F34-B8F6-682785620C57}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 860659.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2016 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2016 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/apps/roblox-mod-menu-on-pc.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7468 /prefetch:8

C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayerex.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM bugreport.exe /T

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=3040 -language=en -path="C:\LDPlayer\LDPlayer9\"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 /prefetch:2

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=262632

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe {8DF141D0-912F-4799-AA56-8410B26F05B6}

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\LDPlayer\LDPlayer9\driverconfig.exe

"C:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=ff.roblos|package=ff.roblos

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4d8 0x4e4

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8388 /prefetch:8

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9000 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10076 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe"

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\dnplayer.exe"

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe

"C:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.ldplayer.net udp
GB 163.181.57.238:443 www.ldplayer.net tcp
GB 163.181.57.238:443 www.ldplayer.net tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 238.57.181.163.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
US 104.26.4.6:443 cmp.setupcmp.com tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 30.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 6.4.26.104.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
NL 172.217.168.246:443 play-lh.googleusercontent.com tcp
NL 172.217.168.246:443 play-lh.googleusercontent.com tcp
US 8.8.8.8:53 lavatoryyourself.com udp
US 8.8.8.8:53 stpd.cloud udp
US 104.18.30.49:443 stpd.cloud tcp
NL 172.217.168.246:443 play-lh.googleusercontent.com tcp
US 192.243.59.12:443 lavatoryyourself.com tcp
US 192.243.59.12:443 lavatoryyourself.com tcp
US 192.243.59.12:443 lavatoryyourself.com tcp
US 192.243.59.12:443 lavatoryyourself.com tcp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 49.30.18.104.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
GB 88.221.135.104:80 apps.identrust.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.251.36.14:443 apis.google.com tcp
NL 172.217.168.246:443 play-lh.googleusercontent.com tcp
NL 172.217.168.246:443 play-lh.googleusercontent.com tcp
NL 172.217.168.246:443 play-lh.googleusercontent.com tcp
US 8.8.8.8:53 apien.ldplayer.net udp
US 8.8.8.8:53 usersdk.ldmnq.com udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 142.251.36.14:443 apis.google.com udp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
GB 99.86.114.16:443 apien.ldplayer.net tcp
NL 142.251.36.2:443 www.googletagservices.com tcp
NL 172.217.168.246:443 play-lh.googleusercontent.com udp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 216.58.214.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 16.114.86.99.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 tagan.adlightning.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
GB 216.137.44.72:443 tagan.adlightning.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 12.59.243.192.in-addr.arpa udp
US 8.8.8.8:53 2.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 72.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 66.223.219.8.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 id.hadron.ad.gt udp
IE 63.32.135.176:443 bcp.crwdcntrl.net tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
NL 216.58.214.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.116:443 id5-sync.com tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 8.8.8.8:53 adx.adform.net udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 rtb.adxpremium.services udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
DK 37.157.4.29:443 adx.adform.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
NL 145.40.97.77:443 prebid.a-mo.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
US 104.18.10.176:443 mp.4dex.io tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
NL 63.215.202.178:443 proc.ad.cpe.dotomi.com tcp
US 172.67.75.241:443 script.4dex.io tcp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 232.154.172.18.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 153.161.49.23.in-addr.arpa udp
US 8.8.8.8:53 58.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 176.135.32.63.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 178.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 176.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 77.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 18.140.106.185.in-addr.arpa udp
US 8.8.8.8:53 241.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 178.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 224.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 29.4.157.37.in-addr.arpa udp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 cm.adform.net udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
DK 37.157.6.243:443 cm.adform.net tcp
US 172.67.75.241:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.18.22.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 dnacdn.net udp
NL 178.250.1.11:443 dnacdn.net tcp
GB 52.84.90.86:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 u.openx.net udp
US 35.244.159.8:443 u.openx.net tcp
NL 142.250.102.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ca6c977afd07f28f862dfa7fe95e832b.safeframe.googlesyndication.com udp
US 35.244.159.8:443 u.openx.net udp
NL 142.250.179.193:443 ca6c977afd07f28f862dfa7fe95e832b.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fw.adsafeprotected.com udp
US 8.8.8.8:53 s0.2mdn.net udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.251.36.6:443 s0.2mdn.net tcp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 243.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 86.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 193.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 node.setupad.com udp
US 8.8.8.8:53 ads.us.e-planning.net udp
FR 149.202.238.101:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
DE 159.89.25.223:443 node.setupad.com tcp
NL 193.3.178.4:443 ads.us.e-planning.net tcp
NL 142.250.102.84:443 accounts.google.com udp
NL 81.17.55.109:443 ssbsync-global.smartadserver.com tcp
NL 142.251.36.6:443 s0.2mdn.net udp
IE 54.194.21.197:443 fw.adsafeprotected.com tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 101.238.202.149.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 223.25.89.159.in-addr.arpa udp
US 8.8.8.8:53 109.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
NL 142.250.179.194:443 ade.googlesyndication.com tcp
NL 142.250.179.194:443 ade.googlesyndication.com tcp
US 35.227.252.103:443 rtb.openx.net udp
US 8.8.8.8:53 u.4dex.io udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 34.149.40.38:443 u.4dex.io tcp
DE 3.71.91.116:443 match.sharethrough.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
GB 108.156.39.117:443 s.ad.smaato.net tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 8.8.8.8:53 197.21.194.54.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.40.149.34.in-addr.arpa udp
US 8.8.8.8:53 117.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 116.91.71.3.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 217.182.178.233:443 rtb-csync.smartadserver.com tcp
NL 142.251.39.98:443 googleads4.g.doubleclick.net tcp
NL 142.251.39.98:443 googleads4.g.doubleclick.net tcp
FR 217.182.178.233:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 db8f2dd79f8f8aed6b37957e6404c7fb.safeframe.googlesyndication.com udp
NL 142.250.179.193:443 db8f2dd79f8f8aed6b37957e6404c7fb.safeframe.googlesyndication.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 233.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
US 8.8.8.8:53 static.criteo.net udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 129.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 eu-u.openx.net udp
US 8.8.8.8:53 pxl.iqm.com udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 cms.quantserve.com udp
US 34.193.171.116:443 pxl.iqm.com tcp
NL 147.75.85.97:443 sync.a-mo.net tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
US 104.21.48.215:443 adxbid.info tcp
US 104.21.48.215:443 adxbid.info tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
US 8.8.8.8:53 x2.i.lencr.org udp
NL 147.75.85.97:443 sync.a-mo.net tcp
GB 95.100.245.168:80 x2.i.lencr.org tcp
US 8.8.8.8:53 116.171.193.34.in-addr.arpa udp
US 8.8.8.8:53 215.48.21.104.in-addr.arpa udp
US 8.8.8.8:53 118.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 eb2.3lift.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 as.ck-ie.com udp
US 8.2.110.113:443 as.ck-ie.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 vid.vidoomy.com udp
GB 84.17.50.9:443 vid.vidoomy.com tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 113.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 97.85.75.147.in-addr.arpa udp
US 8.8.8.8:53 9.50.17.84.in-addr.arpa udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ib.adnxs.com udp
DE 37.252.171.85:443 ib.adnxs.com tcp
NL 79.127.227.46:443 id.a-mx.com tcp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 172.64.151.101:443 ssum.casalemedia.com tcp
US 8.8.8.8:53 vpaid.vidoomy.com udp
GB 84.17.50.9:443 vpaid.vidoomy.com tcp
US 8.8.8.8:53 id.rtb.mx udp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 prebid.adnxs.com udp
NL 185.89.208.11:443 prebid.adnxs.com tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
DE 79.127.216.47:443 id.rtb.mx tcp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 84.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 11.208.89.185.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.52:443 ag.gbc.criteo.com tcp
NL 185.235.87.90:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 creativecdn.com udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
FR 185.235.86.52:443 ag.gbc.criteo.com tcp
NL 185.235.87.90:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 180.201.192.209.in-addr.arpa udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 ads.pubmatic.com udp
GB 2.18.108.192:443 ads.pubmatic.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 8.8.8.8:53 d19mtdoi3rn3ox.cloudfront.net udp
US 8.8.8.8:53 ap.lijit.com udp
GB 18.245.158.103:443 d19mtdoi3rn3ox.cloudfront.net tcp
IE 52.209.0.30:443 ap.lijit.com tcp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 12.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 76.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
US 8.8.8.8:53 30.0.209.52.in-addr.arpa udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
GB 216.137.34.105:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
GB 216.137.34.105:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 105.34.137.216.in-addr.arpa udp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 18.172.153.23:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 23.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
NL 185.235.87.102:443 gem.gbc.criteo.com tcp
FR 185.235.86.35:443 ag.gbc.criteo.com tcp
NL 185.235.87.102:443 gem.gbc.criteo.com tcp
FR 185.235.86.35:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 146.48.219.8.in-addr.arpa udp
FR 217.182.178.224:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.227.252.103:443 rtb.openx.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.226.234:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 ssp-sync.criteo.com udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 234.226.220.67.in-addr.arpa udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 142.250.179.196:443 www.google.com udp
DE 159.89.25.223:443 node.setupad.com tcp
NL 216.58.214.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 7.1.250.178.in-addr.arpa udp
NL 185.235.87.87:443 gem.gbc.criteo.com tcp
FR 185.235.86.34:443 ag.gbc.criteo.com tcp
NL 185.235.87.87:443 gem.gbc.criteo.com tcp
FR 185.235.86.34:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 38.58.20.217.in-addr.arpa udp
NL 185.235.87.100:443 gem.gbc.criteo.com tcp
FR 185.235.86.37:443 ag.gbc.criteo.com tcp
FR 185.235.86.37:443 ag.gbc.criteo.com tcp
NL 185.235.87.100:443 gem.gbc.criteo.com tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
DE 159.89.25.223:443 node.setupad.com tcp
US 8.8.8.8:53 setupad-tagan.adlightning.com udp
GB 108.138.217.126:443 setupad-tagan.adlightning.com tcp
GB 108.138.217.126:443 setupad-tagan.adlightning.com tcp
GB 108.138.217.126:443 setupad-tagan.adlightning.com tcp
GB 108.138.217.126:443 setupad-tagan.adlightning.com tcp
GB 108.138.217.126:443 setupad-tagan.adlightning.com tcp
GB 108.138.217.126:443 setupad-tagan.adlightning.com tcp
US 8.8.8.8:53 126.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
NL 185.235.87.97:443 gem.gbc.criteo.com tcp
FR 185.235.86.55:443 ag.gbc.criteo.com tcp
FR 185.235.86.55:443 ag.gbc.criteo.com tcp
NL 185.235.87.97:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 97.136.219.8.in-addr.arpa udp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 13.224.132.104:443 apien.ldmnq.com tcp
NL 185.235.87.110:443 gem.gbc.criteo.com tcp
FR 185.235.86.47:443 ag.gbc.criteo.com tcp
FR 185.235.86.47:443 ag.gbc.criteo.com tcp
NL 185.235.87.110:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 104.132.224.13.in-addr.arpa udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
NL 185.235.87.104:443 gem.gbc.criteo.com tcp
FR 185.235.86.51:443 ag.gbc.criteo.com tcp
NL 185.235.87.104:443 gem.gbc.criteo.com tcp
FR 185.235.86.51:443 ag.gbc.criteo.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
NL 185.235.87.92:443 gem.gbc.criteo.com tcp
FR 185.235.86.50:443 ag.gbc.criteo.com tcp
NL 185.235.87.92:443 gem.gbc.criteo.com tcp
FR 185.235.86.50:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 discord.gg udp
US 162.159.136.234:443 discord.gg tcp
US 162.159.136.234:443 discord.gg tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 en.ldplayer.net udp
US 8.8.8.8:53 ad.ldplayer.net udp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 163.181.57.232:443 en.ldplayer.net tcp
GB 18.172.153.86:443 cdn.ldplayer.net tcp
GB 18.172.153.86:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 advertise.ldplayer.net udp
GB 18.172.153.86:443 cdn.ldplayer.net tcp
GB 18.172.153.86:443 cdn.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
GB 18.172.153.86:443 cdn.ldplayer.net tcp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
US 8.8.8.8:53 123.201.165.18.in-addr.arpa udp
US 8.8.8.8:53 232.57.181.163.in-addr.arpa udp
US 8.8.8.8:53 86.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 235.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 res.ldplayer.net udp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.130.233:443 cdn.discordapp.com tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
GB 79.133.176.235:443 res.ldplayer.net tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 18.172.153.23:443 encdn.ldmnq.com tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
US 8.8.8.8:53 www.ldplayer.net udp
GB 163.181.57.232:443 www.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 18.172.153.23:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
NL 172.217.168.246:443 play-lh.googleusercontent.com tcp
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.179.131:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
NL 142.250.179.131:80 o.pki.goog tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 18.172.153.86:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 13.224.132.104:80 apien.ldmnq.com tcp
GB 13.224.132.104:443 apien.ldmnq.com tcp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
NL 185.235.87.108:443 gem.gbc.criteo.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
FR 185.235.86.33:443 ag.gbc.criteo.com tcp
GB 13.224.132.104:443 apien.ldmnq.com tcp
NL 185.235.87.108:443 gem.gbc.criteo.com tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
FR 185.235.86.33:443 ag.gbc.criteo.com tcp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
NL 178.250.1.11:443 dnacdn.net tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 prebid.a-mo.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 35.227.252.103:443 rtb.openx.net udp
NL 145.40.97.77:443 prebid.a-mo.net tcp
FR 5.196.111.65:443 prg.smartadserver.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
N/A 127.0.0.1:6471 tcp
US 172.67.75.241:443 script.4dex.io tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
FR 5.196.111.65:443 prg.smartadserver.com tcp
US 8.8.8.8:53 cm.adform.net udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
DK 37.157.2.230:443 cm.adform.net tcp
US 8.8.8.8:53 65.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 230.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 1b8efccaeff1ddfca81806c99f87290c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:6472 tcp
US 192.243.59.12:443 lavatoryyourself.com tcp
US 192.243.59.12:443 lavatoryyourself.com tcp
US 192.243.59.12:443 lavatoryyourself.com tcp
US 8.8.8.8:53 efc95e027c6d7b5cd5d8ddbcb56e8201.safeframe.googlesyndication.com udp
US 192.243.59.12:443 lavatoryyourself.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
GB 18.165.201.123:443 ad.ldplayer.net tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 18.172.153.128:443 encdn.ldmnq.com tcp
GB 18.172.153.128:443 encdn.ldmnq.com tcp
GB 18.172.153.128:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
US 8.8.8.8:53 128.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 44.219.3.41:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 44.219.3.41:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 172.217.23.202:443 jnn-pa.googleapis.com tcp
NL 142.250.179.134:443 static.doubleclick.net tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 172.217.23.202:443 jnn-pa.googleapis.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 172.217.23.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
NL 216.58.214.14:443 play.google.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
NL 216.58.214.14:443 play.google.com udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 41.3.219.44.in-addr.arpa udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 35.244.159.8:443 setupad-d.openx.net udp
NL 79.127.227.46:443 id.rtb.mx tcp
US 8.2.110.113:443 as.ck-ie.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
DE 79.127.216.47:443 id.rtb.mx tcp
US 8.8.8.8:53 prebid.adnxs.com udp
NL 185.89.208.11:443 prebid.adnxs.com tcp
US 8.8.8.8:53 vid.vidoomy.com udp
NL 185.89.208.11:443 prebid.adnxs.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
NL 185.235.87.93:443 gem.gbc.criteo.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
FR 185.235.86.30:443 ag.gbc.criteo.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com udp
NL 185.235.87.93:443 gem.gbc.criteo.com tcp
NL 142.251.36.22:443 i.ytimg.com udp
FR 185.235.86.30:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 06c930d1e18e3a322467082765edd921.safeframe.googlesyndication.com udp
FR 5.196.111.65:443 prg.smartadserver.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
GB 18.165.201.46:443 ad.ldplayer.net tcp
NL 142.251.36.6:443 s0.2mdn.net udp
US 8.8.8.8:53 rr2---sn-5hne6nz6.googlevideo.com udp
NL 74.125.100.199:443 rr2---sn-5hne6nz6.googlevideo.com tcp
NL 74.125.100.199:443 rr2---sn-5hne6nz6.googlevideo.com tcp
US 8.8.8.8:53 46.201.165.18.in-addr.arpa udp
NL 142.251.39.98:443 googleads4.g.doubleclick.net udp
NL 74.125.100.199:443 rr2---sn-5hne6nz6.googlevideo.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
NL 142.251.36.1:443 yt3.ggpht.com udp
NL 74.125.100.199:443 rr2---sn-5hne6nz6.googlevideo.com udp
US 8.8.8.8:53 199.100.125.74.in-addr.arpa udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 1x1.a-mo.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 45bfdc589b0ecf535ee25afc8d71a16c.safeframe.googlesyndication.com udp
DE 3.65.112.149:443 1x1.a-mo.net tcp
DE 3.65.112.149:443 1x1.a-mo.net tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
US 8.8.8.8:53 16ef922f14dfc6bd221819d47d6ebdaf.safeframe.googlesyndication.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 64.202.112.223:443 b1sync.zemanta.com tcp
DE 3.65.112.149:443 1x1.a-mo.net tcp
US 64.202.112.223:443 b1sync.zemanta.com tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 223.112.202.64.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 149.112.65.3.in-addr.arpa udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 ap.lijit.com udp
FR 164.132.25.184:443 rtb-csync.smartadserver.com tcp
IE 52.214.62.75:443 ap.lijit.com tcp
US 8.8.8.8:53 184.25.132.164.in-addr.arpa udp
US 8.8.8.8:53 75.62.214.52.in-addr.arpa udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.2.110.113:443 as.ck-ie.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 equativ-match.dotomi.com udp
US 8.8.8.8:53 s.company-target.com udp
US 8.8.8.8:53 ms-cookie-sync.presage.io udp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
US 34.96.71.22:443 s.company-target.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 63.215.202.137:443 equativ-match.dotomi.com tcp
IE 52.209.250.41:443 ms-cookie-sync.presage.io tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 91.228.74.159:443 cms.quantserve.com tcp
NL 63.215.202.137:443 equativ-match.dotomi.com tcp
IE 52.209.250.41:443 ms-cookie-sync.presage.io tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 137.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 41.250.209.52.in-addr.arpa udp
GB 18.165.201.123:443 ad.ldplayer.net tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 a.vidoomy.com udp
ES 212.36.83.245:443 a.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
NL 185.235.87.90:443 gem.gbc.criteo.com tcp
FR 185.235.86.52:443 ag.gbc.criteo.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
US 8.8.8.8:53 245.83.36.212.in-addr.arpa udp
NL 178.250.1.11:443 dnacdn.net tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
GB 163.181.57.235:443 ldcdn.ldmnq.com tcp
FR 185.235.86.52:443 ag.gbc.criteo.com tcp
NL 185.235.87.90:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 235.57.181.163.in-addr.arpa udp
GB 18.165.201.123:443 ad.ldplayer.net tcp
US 8.8.8.8:53 leomoon.com udp
US 140.99.245.61:443 leomoon.com tcp
US 140.99.245.61:443 leomoon.com tcp
US 140.99.245.61:443 leomoon.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
NL 142.250.179.194:443 ade.googlesyndication.com udp
US 8.8.8.8:53 61.245.99.140.in-addr.arpa udp
NL 185.235.87.99:443 gem.gbc.criteo.com tcp
FR 185.235.86.29:443 ag.gbc.criteo.com tcp
NL 185.235.87.99:443 gem.gbc.criteo.com tcp
FR 185.235.86.29:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 ad.ldplayer.net udp
GB 18.165.201.123:443 ad.ldplayer.net tcp
NL 185.235.87.102:443 gem.gbc.criteo.com tcp
FR 185.235.86.35:443 ag.gbc.criteo.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
FR 185.235.86.52:443 ag.gbc.criteo.com tcp
NL 185.235.87.90:443 gem.gbc.criteo.com tcp
FR 185.235.86.52:443 ag.gbc.criteo.com tcp
NL 185.235.87.90:443 gem.gbc.criteo.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
FR 185.235.86.35:443 ag.gbc.criteo.com tcp
NL 185.235.87.102:443 gem.gbc.criteo.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
NL 185.235.87.103:443 gem.gbc.criteo.com tcp
FR 185.235.86.42:443 ag.gbc.criteo.com tcp
NL 185.235.87.103:443 gem.gbc.criteo.com tcp
FR 185.235.86.42:443 ag.gbc.criteo.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
US 8.8.8.8:53 www.ldplayer.net udp
NL 142.251.36.22:443 i.ytimg.com udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 104.18.30.49:443 stpd.cloud tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
NL 178.250.1.11:443 dnacdn.net tcp
NL 172.217.23.202:443 jnn-pa.googleapis.com udp
FR 185.235.86.34:443 ag.gbc.criteo.com tcp
NL 185.235.87.87:443 gem.gbc.criteo.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
NL 185.235.87.102:443 gem.gbc.criteo.com tcp
NL 185.235.87.102:443 gem.gbc.criteo.com tcp
FR 185.235.86.35:443 ag.gbc.criteo.com tcp
FR 185.235.86.35:443 ag.gbc.criteo.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 35.227.252.103:443 rtb.openx.net udp
NL 178.250.1.11:443 dnacdn.net tcp
NL 142.250.102.84:443 accounts.google.com udp
FR 149.202.238.97:443 prg.smartadserver.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
NL 185.235.87.87:443 gem.gbc.criteo.com tcp
FR 185.235.86.34:443 ag.gbc.criteo.com tcp
FR 149.202.238.97:443 prg.smartadserver.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 97.238.202.149.in-addr.arpa udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 210762abf3c954006a75442948ce20a4.safeframe.googlesyndication.com udp
US 8.8.8.8:53 a6fbaec9dbaf32b281733e8eadb0ea8f.safeframe.googlesyndication.com udp
FR 185.235.86.52:443 ag.gbc.criteo.com tcp
NL 185.235.87.90:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 6f28f65274a07c07ff2a3d8c22c24e9c.safeframe.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
GB 18.165.201.123:443 ad.ldplayer.net tcp
NL 142.250.179.194:443 ade.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 ced-ns.sascdn.com udp
GB 92.123.143.233:443 ced-ns.sascdn.com tcp
US 35.244.159.8:443 setupad-d.openx.net udp
US 35.244.159.8:443 setupad-d.openx.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 233.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 match.sharethrough.com udp
FR 164.132.25.184:443 rtb-csync.smartadserver.com tcp
US 34.193.171.116:443 pxl.iqm.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
FR 164.132.25.184:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 apps.sascdn.com udp
GB 92.123.142.193:443 apps.sascdn.com tcp
FR 164.132.25.184:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 vid.vidoomy.com udp
US 8.8.8.8:53 euw2.smartadserver.com udp
US 8.8.8.8:53 www8.smartadserver.com udp
US 80.77.87.163:443 cs.admanmedia.com tcp
FR 178.32.197.49:443 www8.smartadserver.com tcp
FR 5.196.111.64:443 www8.smartadserver.com tcp
US 8.8.8.8:53 193.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 49.197.32.178.in-addr.arpa udp
US 8.8.8.8:53 64.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 253.61.156.35.in-addr.arpa udp
US 64.202.112.223:443 b1sync.zemanta.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
NL 142.251.39.98:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
GB 18.165.201.123:443 ad.ldplayer.net tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
NL 89.149.193.84:443 ssbsync.smartadserver.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
NL 89.149.193.84:443 ssbsync.smartadserver.com tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
NL 142.251.36.6:443 s0.2mdn.net udp
US 8.8.8.8:53 impssl.constantcontact.com udp
US 104.18.42.5:443 impssl.constantcontact.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
US 8.8.8.8:53 5.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 84.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
NL 74.125.100.199:443 rr2---sn-5hne6nz6.googlevideo.com udp
FR 185.235.86.37:443 ag.gbc.criteo.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
NL 185.235.87.100:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 a.vidoomy.com udp
ES 212.36.83.246:443 a.vidoomy.com tcp
US 8.8.8.8:53 246.83.36.212.in-addr.arpa udp
FR 185.235.86.34:443 ag.gbc.criteo.com tcp
FR 185.235.86.34:443 ag.gbc.criteo.com tcp
NL 185.235.87.87:443 gem.gbc.criteo.com tcp
NL 185.235.87.87:443 gem.gbc.criteo.com tcp
NL 185.235.87.100:443 gem.gbc.criteo.com tcp
FR 185.235.86.37:443 ag.gbc.criteo.com tcp
NL 185.235.87.90:443 gem.gbc.criteo.com tcp
FR 185.235.86.52:443 ag.gbc.criteo.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
NL 185.235.87.102:443 gem.gbc.criteo.com tcp
FR 185.235.86.35:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 d19mtdoi3rn3ox.cloudfront.net udp
GB 18.245.158.75:443 d19mtdoi3rn3ox.cloudfront.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 75.158.245.18.in-addr.arpa udp
NL 216.58.214.14:443 play.google.com udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
GB 216.137.34.187:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 187.34.137.216.in-addr.arpa udp
GB 216.137.34.187:443 d1arl2thrafelv.cloudfront.net tcp
FR 185.235.86.55:443 ag.gbc.criteo.com tcp
NL 185.235.87.97:443 gem.gbc.criteo.com tcp
FR 185.235.86.37:443 ag.gbc.criteo.com tcp
FR 185.235.86.37:443 ag.gbc.criteo.com tcp
NL 185.235.87.100:443 gem.gbc.criteo.com tcp
NL 185.235.87.100:443 gem.gbc.criteo.com tcp
NL 185.235.87.97:443 gem.gbc.criteo.com tcp
FR 185.235.86.55:443 ag.gbc.criteo.com tcp
NL 185.235.87.102:443 gem.gbc.criteo.com tcp
FR 185.235.86.35:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 ad.ldplayer.net udp
US 8.8.8.8:53 en.ldplayer.net udp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
GB 18.165.201.119:443 ad.ldplayer.net tcp
GB 163.181.57.237:443 en.ldplayer.net tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
GB 18.165.201.119:443 ad.ldplayer.net tcp
GB 18.165.201.119:443 ad.ldplayer.net tcp
US 8.8.8.8:53 119.201.165.18.in-addr.arpa udp
US 8.8.8.8:53 237.57.181.163.in-addr.arpa udp
NL 185.235.87.87:443 gem.gbc.criteo.com tcp
FR 185.235.86.34:443 ag.gbc.criteo.com tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
GB 18.165.201.119:443 ad.ldplayer.net tcp
GB 18.165.201.119:443 ad.ldplayer.net tcp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 13.224.132.126:80 apien.ldmnq.com tcp
GB 13.224.132.126:443 apien.ldmnq.com tcp
US 8.8.8.8:53 126.132.224.13.in-addr.arpa udp
GB 18.165.201.119:443 ad.ldplayer.net tcp
GB 18.165.201.119:443 ad.ldplayer.net tcp
NL 142.251.36.22:443 i.ytimg.com udp
US 8.8.8.8:53 i9.ytimg.com udp
GB 18.165.201.119:443 ad.ldplayer.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
FR 185.235.86.47:443 ag.gbc.criteo.com tcp
NL 185.235.87.110:443 gem.gbc.criteo.com tcp
FR 185.235.86.55:443 ag.gbc.criteo.com tcp
NL 185.235.87.97:443 gem.gbc.criteo.com tcp
FR 185.235.86.55:443 ag.gbc.criteo.com tcp
NL 185.235.87.97:443 gem.gbc.criteo.com tcp
FR 185.235.86.47:443 ag.gbc.criteo.com tcp
NL 185.235.87.110:443 gem.gbc.criteo.com tcp
GB 18.165.201.119:443 ad.ldplayer.net tcp
NL 185.235.87.87:443 gem.gbc.criteo.com tcp
FR 185.235.86.34:443 ag.gbc.criteo.com tcp
NL 185.235.87.100:443 gem.gbc.criteo.com tcp
FR 185.235.86.37:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 25.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

\??\pipe\LOCAL\crashpad_2016_TJAPUDTLMAAJRAVX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9179dabb7565e52e036126556cd30d1b
SHA1 b47eae9a8e2d4812a0032683afad3ba3ae436242
SHA256 aaa5201af4099f0616c4facff30f661cbd3e7922638f348e31bab0a824a9bc77
SHA512 5870e95a55d4fa9f09f0185b8c57a4b06f26702f8470f29e547bf098285fd0b0686c18cd4822fdb2e0ced39bcfd8df112f2d5c36c364966e319422a330a964f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 21987a91db5a4f24797730dd2c4c15db
SHA1 87be19fe20c85e1fb198e6552335650eccb3bb91
SHA256 616c0f0b3f371993209573a988f56a35ecd0d0de58ce7a3b5b93a9a416a73312
SHA512 5f2f8db2ce66b18cc314e482ce475ae2f1fe0a33ada0f83b01b8be34f14b7e9d609440e484e5ad416d68e1aa80fd8f8c688095aa6e68124c08c77d0f8cffb0e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f04fbce9b4fdb5d352fb2907cda67a11
SHA1 40702c4d190b57218154dd754732b1c42f75f653
SHA256 97336e194aaf654104ceccb795eb025b247ca2257efc6ba4620b1bf3c77be43d
SHA512 6cce7905d8b753a6b5a1c77552e331a2bb6dfbea032aa775bc84441afa09abf1feda2a4371ffedeafdc8748a659aeb0ed8bf3ee7f6394491789f18f766d670ec

C:\Users\Admin\Downloads\Unconfirmed 860659.crdownload

MD5 9f9bbd12ae5894046810e6736ec4d892
SHA1 9e81b764a40ec39f6667c54b8d40da0b97cb5a7f
SHA256 8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4
SHA512 57d5b59de422394856e15b2d65c1f2a9e85a1b012c954ecad98682a84c7f90ff00be91819c8ae9cd123270e2cf446d69bfb248bde471a29846d57bf401417eaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

MD5 d9cb0b4a66458d85470ccf9b3575c0e7
SHA1 1572092be5489725cffbabe2f59eba094ee1d8a1
SHA256 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05
SHA512 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6

memory/5216-433-0x0000000072CD0000-0x0000000072CE6000-memory.dmp

memory/5216-432-0x00000000091D0000-0x00000000091E6000-memory.dmp

memory/5216-435-0x00000000097A0000-0x0000000009D44000-memory.dmp

memory/5216-436-0x0000000009390000-0x0000000009422000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 e3d03d49701d1abbf695b2f1423eb765
SHA1 da86480695b674f59928bd21e7cdf710f05f2556
SHA256 35491b33801fb07893d209e655eab5f9c41dc2223766768e62bde533c7e33bc3
SHA512 89638c6823b61aedb4908e29f3d86251699cd65901a461af4c75e0c382cf1c55e1bd35543f554c365435593ed8fd59af62a2915823de59d385c0a74c3a294c16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 d92d113f4d22e43aec25f6c377a68635
SHA1 981e781807b8af33168df16d7f1669b58a62a353
SHA256 3ab2334dbafcbd0877c34ce11aa92d2db778c71e1348da047845142e70f86d13
SHA512 11b9beae389681845b32d0ca8f1252826f1179acbdb01141f434f433249d3420cf2b4367eb60c763c6d1b3854c5911ded1a7e99e3d229bac1f8cbbef2f862e06

memory/5216-448-0x0000000002FC0000-0x0000000003004000-memory.dmp

memory/5216-449-0x000000000A200000-0x000000000A29C000-memory.dmp

memory/5216-450-0x0000000003630000-0x0000000003696000-memory.dmp

memory/5216-451-0x000000000AD70000-0x000000000B29C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d8f8c7f7-72e5-408f-8247-071cd016c480.tmp

MD5 568600475441699a3d22f95a4f4bb01e
SHA1 92714c3a85d25f8d1c4a3cd6feca5bbb8b00fd20
SHA256 78407fe1c4a466d6c6416a2534bccc90e448082b26c46fb3dd1f64d177ba19e1
SHA512 c3124cd1132791670238fe74965a0b4dae52d30e6b2e9e7fdcaee37eab4c605e3d33483c1082060942301b1336d03430573b00764bb1c2c332602bd0a53ab59d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d87a9c60994ac6452ec8878d1bb2935e
SHA1 b025e7744e92bb63c7e54063f92815a44ca4e846
SHA256 f4ad5ee10386504f2bbe82360ccb5d333133ca7474f97706612afa22ba7d1a51
SHA512 5e9137dff5f800278db5349288839a06cb6394f56dfbc0c687e0b13deeadcefd003f8b20c2dcbabbde43682167087ea4c8acad7a8f5ad8de5ce67a7e8a8ced9b

memory/5216-475-0x000000000AD40000-0x000000000AD4A000-memory.dmp

memory/5216-476-0x000000000B3F0000-0x000000000B440000-memory.dmp

memory/5216-477-0x000000000BE30000-0x000000000BEE2000-memory.dmp

memory/5216-478-0x000000000BDD0000-0x000000000BDEA000-memory.dmp

memory/5216-479-0x000000000BF30000-0x000000000BF42000-memory.dmp

memory/5216-480-0x000000000BFA0000-0x000000000BFC0000-memory.dmp

memory/5216-481-0x000000000C000000-0x000000000C032000-memory.dmp

memory/5216-482-0x000000000C0B0000-0x000000000C116000-memory.dmp

memory/5216-483-0x000000000C040000-0x000000000C05E000-memory.dmp

memory/5216-484-0x000000000C090000-0x000000000C0AA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eb974c53e4e4170bd3e0b52a91af4ad9
SHA1 b78760c855f64cca33f099a0fdeb67eee6fca188
SHA256 cc9135b05c0733f81b7e9236c74d58db8b723e7d6491f22b3fc5d5bba9ca886c
SHA512 426ca2f9cbff4c123c200128194ea410048bdcd288f1dd860ba4172aedee3aa619a2f2e94ad296a0b709c776ba75843801ec37ab710fd0ef7cbd1fbbee95650f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 1ca6683cf57a62bf477c20e3aca993a9
SHA1 3174c92c4cf3bc120d68ff2543136849cade3bcd
SHA256 ad695ad2e9c1adfb4bc74bdc8580f8d890d31596b57b342369fea5f446f51c28
SHA512 f52843ea19bce8600c6b67423c21525153c9b00cea3480a705a8ae17599b57e6394c04bbc586953c3baf2ba781cf6e4e3e09c30c614c3518e20c147c86c79927

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 b9fe5534dfadf9b1ab423d5e802e1451
SHA1 3f8746913fbbdba77f6516c7c17eb00c65e22a8f
SHA256 d84b74e05953355cb2363c627ca1c28642e2c0bcb2dd042d1a86d7b044ea22d3
SHA512 6ddaa735b029678c52025250837ce5823a9602d0bd30d04b88492d9bd46084acfb8726e573a29e31d3a457ee0a6f900f1a5c20b813dc6ee2d75172509026af48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 779f88fc24c04857c0809ac4eaf99b2b
SHA1 58038d2b46fa04a4045756c635bb88902341d1f2
SHA256 3a1751f6021e9dbd3365c89dd5cdc288d388a2a7e16c4dd75905856cf8ee8207
SHA512 86cd60ec6682d9bc87bfd767a65256fbff439ceea8da817685e376ced1973ae54fc712aefe4cf0ec1003bdb6417b958e67e428d8d0ae691608381e77e42adb03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586b19.TMP

MD5 50b63d41a1ec0a1f64423f83aa6bc7f5
SHA1 a6035df6e0cd457de5ef3113fcf2ca33ba322727
SHA256 9dfd0e1910156918115419e0bbcd4f8b19dbbf92aeea228311b6a1f5203c7b64
SHA512 92a3747f4dbc64b14e8033403701f9963f82000f2e9ddbddbd44ecebe4be8939352488415022905d9e44f169d0f76e7222d461b654ab06b3313d8486b652a270

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5354173e98579a419f67e14a922bfab2
SHA1 7612e24105117b27497ddb22c5b9bbe92de621c9
SHA256 9f79e29cced30c2ea18c4117ee348b73cc312d0fea78d79a4022f7c98627dca5
SHA512 3341258cfacbaef2d662737a1b8e70aab1694c20dadcdf229591a9595c3b468b9d36a4b289e8d49b46e48607b2d18a7c644a171ac2ccd53e743c098c021137fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d687a1c3c671ae95eac7f61ee4802309
SHA1 087849851342b08e8920109d1bf80fd4762ab113
SHA256 633fae1e6d9a40a4ec5965fb5a61467a7144426d809ecd00045b246b6f329994
SHA512 4b3e01f7bf23a683011e19e097249e9eb1bb52c8a325c413333838fc3bdade432378ff2f7cead087810f2052a870ca16aa9731f61bfa76d8f052b805c6620dbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 9684b15c8df80e8df9ff1abe31ef2ddf
SHA1 0c31faa123b055891ff97ec55a2be1ed041f1520
SHA256 b420169e7d43367fdd4c6fb7e5b8ba0ff7dd5c82901005efdc3532173a8ccfe1
SHA512 ac4b447ed34bf61b27901c529ff06c77e3005a48cf5e9822bb9ed1d2c5b295bf31c64a26689e942db21c7443d1d5955f6bfb007b8a1b20bd5f504b6c6c785467

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 46ee47977e8fbd00c90bb40408552c4b
SHA1 7815a93d926825820e995b225a5529138867c83d
SHA256 c22d0ddea77ab700f68ff7a4d81234f8651886ea3cfb549e421f0efe6adcb9f0
SHA512 83521b7f3923f2925e64963228d4a279fda5e145a521fc22c085a6a71f641da480b7ffefbfb6a05fcb715626bb9eefde962300121a3d1e2ae2a2e89dfdc8e7f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 79fcdc673807f85020e867c8fc9d72f5
SHA1 9184293b361b1bacb43a71575a3a9302d682bd77
SHA256 28967157117db7e2285163a0be83690a199f42ddb2237506f943321f0e2262d8
SHA512 3a39ab0276ca290ec4c921068c2763d568bba8600669c075b6de4862efcf25c654aa8ec01c81e16b1e2b3a6e9a3c8e6a8cee18f8ea7767d963fc2a7a40985d74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 2d1467542fba5752339f564d1bc852cf
SHA1 59fd5f24ec10fb96bf99752684baa8a9657dca41
SHA256 9be5d8e3d24e30f0299ff05ee0e666a3f5202ea819825eea1d869f5bac5f306a
SHA512 430439cb25d4547151886f00e07f65b11ffa51d86b0eaa993cc80fee56e6e302e7a0b8bd264f824959f4b817810d0547a3931bd10d670f7ad714c6492be99a25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 e710b3ecd28f8f106c3ba323848005f3
SHA1 a0fe8b1db9bdbb555f62653775aeb9147b3e0deb
SHA256 836b55e748be8ebc1ec5a4fdf891c1cd7094dc8a6d5b587ebc74496e54427153
SHA512 577a58fe4c68d1b5f43b4dc6cea50a7bdbafe2d4cb0a564cb1b4170aa6ca8bb49aaf93174c8b9dbd70ba0292be3cecbbc5a3b50541ae6b94671cd9d5f0bf62d2

C:\LDPlayer\LDPlayer9\dnrepairer.exe

MD5 8c32366769719275a9e4d9916d0fb3fb
SHA1 56123f2303dbb13f583ef1ff689d5ca26e53ba12
SHA256 2a8774e1bf13aa2116c647953dc5e712deca53caa6d5de04f92548c0acd7bee5
SHA512 4d69b154c572da5ea185ae147855d542744bf2aff0024a88f51f1c73c57724eb9f50277476ccbaaf585e1291b5c019154877e7289880e32fd9d20f1d8c851eab

C:\LDPlayer\LDPlayer9\MSVCP120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\LDPlayer\LDPlayer9\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\LDPlayer\LDPlayer9\phones.data

MD5 fdee6e3ccf8b61db774884ccb810c66f
SHA1 7a6b13a61cd3ad252387d110d9c25ced9897994d
SHA256 657fec32d9ce7b96986513645a48ddd047a5968d897c589fbc0fc9adb8c670f4
SHA512 f773f6fc22adadf048b9bfb03e4d6e119e8876412beb8517d999f4ed6a219e2ba50eded5308d361b6780792af9f699644e3a8b581a17d5a312f759d981f64512

C:\LDPlayer\LDPlayer9\crashreport.dll

MD5 6fcb827fe4a5ae344eae27b53d368903
SHA1 719c435846d0860c3c2baf27055a6d114890a8ab
SHA256 bc67354096d13b85a1a13eeb7a2ad899bb35b003519756d28f145e3c040f7804
SHA512 9659a187bccd6fa736fd187abcf57eeeb8b1323d8cc269bb9793978243abbdf830085d6e1df5da7876710ddb5cab20c79d2f53ef4acf6f4826504944fdd5e9cc

C:\LDPlayer\LDPlayer9\dnresource.rcc

MD5 65eeb6cb2049e4df3a1db20f15db52ab
SHA1 10182b8c8e95079b105bbe66247fd0e8e97d4eea
SHA256 68fe01a6df81242470ceb107f630a5be3281524ec8ea6aa2182b3847271ab053
SHA512 38ddc0fe70b3f5051a8b2dc02c8dc4be695e9f0ac31654f42c1579b5df93c9708db09e6966fa61e528035c0d47bf09e4e4be38b670670948f8c65f3dc8ab18df

C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

MD5 4c8b9c87872f2c8be1401db45a10aa93
SHA1 aef9591801ace53ee8eb056add8419dcca296127
SHA256 d1b08cd7ac4ecfa0eddcdccbfe08853aaba1aecf0cec0f09b1069ecc03055d86
SHA512 f461a8c6344a567f8f260fbdc597c58705b6291de7642cd382890cc0350993f8b0abd02de99345f45ae4c00da99d872625c998b897713ebe57775ac17902758b

C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\DismHost.exe

MD5 e5d5e9c1f65b8ec7aa5b7f1b1acdd731
SHA1 dbb14dcda6502ab1d23a7c77d405dafbcbeb439e
SHA256 e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80
SHA512 7cf80d4a16c5dbbf61fcb22ebe30cf78ca42a030b7d7b4ad017f28fba2c9b111e8cf5b3064621453a44869bbaed124d6fb1e8d2c8fe8202f1e47579d874fa4bc

C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\DismCorePS.dll

MD5 a033f16836d6f8acbe3b27b614b51453
SHA1 716297072897aea3ec985640793d2cdcbf996cf9
SHA256 e3b3a4c9c6403cb8b0aa12d34915b67e4eaa5bb911e102cf77033aa315d66a1e
SHA512 ad5b641d93ad35b3c7a3b56cdf576750d1ad4c63e2a16006739888f0702280cad57dd0a6553ef426111c04ceafd6d1e87f6e7486a171fff77f243311aee83871

C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismprov.dll

MD5 490be3119ea17fa29329e77b7e416e80
SHA1 c71191c3415c98b7d9c9bbcf1005ce6a813221da
SHA256 ef1e263e1bcc05d9538cb9469dd7dba5093956aa325479c3d2607168cc1c000a
SHA512 6339b030008b7d009d36abf0f9595da9b793264ebdce156d4a330d095a5d7602ba074075ea05fef3dde474fc1d8e778480429de308c121df0bf3075177f26f13

C:\Windows\Logs\DISM\dism.log

MD5 6e9048e611eca811596235c0b6385ed8
SHA1 da596814a3f775ae1e4609c2c66be25f40a40b23
SHA256 1fbad7a245ddce76f5db67bda53eeb5abafde3c38ee2160659a84449aca82970
SHA512 18290858bd66f34b8a540ba68130bcea665c9a25d619ba6f73501f3270558dea57115f28ec1c9adfb3c38bb6b10f0385a0ef3e6346e81ad1f6e50d89f39375eb

memory/4700-1437-0x0000000004520000-0x0000000004556000-memory.dmp

memory/4700-1438-0x0000000004CE0000-0x0000000005308000-memory.dmp

memory/4700-1439-0x0000000004B30000-0x0000000004B52000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fmjn154e.dji.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4700-1449-0x00000000054D0000-0x0000000005824000-memory.dmp

memory/4700-1450-0x0000000005AD0000-0x0000000005AEE000-memory.dmp

memory/4700-1451-0x0000000005B00000-0x0000000005B4C000-memory.dmp

memory/4700-1453-0x000000006DE00000-0x000000006DE4C000-memory.dmp

memory/4700-1463-0x00000000060A0000-0x00000000060BE000-memory.dmp

memory/4700-1452-0x0000000006AC0000-0x0000000006AF2000-memory.dmp

memory/4700-1464-0x0000000006D00000-0x0000000006DA3000-memory.dmp

memory/4700-1465-0x0000000007430000-0x0000000007AAA000-memory.dmp

memory/4700-1466-0x0000000006E60000-0x0000000006E6A000-memory.dmp

memory/4700-1467-0x0000000007070000-0x0000000007106000-memory.dmp

memory/4700-1468-0x0000000006FF0000-0x0000000007001000-memory.dmp

memory/4700-1470-0x0000000007110000-0x000000000712A000-memory.dmp

memory/4700-1469-0x0000000007030000-0x000000000703E000-memory.dmp

memory/6412-1482-0x00000000061C0000-0x0000000006514000-memory.dmp

memory/6412-1492-0x000000006DE00000-0x000000006DE4C000-memory.dmp

memory/6156-1512-0x000000006DE00000-0x000000006DE4C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1dff30ced9ea3826dae7b41d633a80b0
SHA1 6f8073250bfa44f51bf0bdbe7b7b3549aa0ca22e
SHA256 0b6bd7bd951583715016c97ef5792af30a80403cc7206a084aaa7161c1787131
SHA512 27d7048effdaeb27fbcda4da352920825185cf234e1f6c2f34ceabbb92843c85d4cf32bd262d690cc3484dcb1f103a80fe51395a87f6a6253ce84a87871065cb

C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

C:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 6fe5ee1daf303963482ffc414b1f4aed
SHA1 076ebaeeb02853d96e20085fbedaf7e61f3a60d3
SHA256 2685e5c1aa3cdead02024f21abadb413c6dc130946f7b44ca01b0cea64bdd2ae
SHA512 8bc6758c95a53ebcd6b6fd27bdd3165f91bcd8f370d677afb7d599865b57ecad274eb21502235eeb64ad2624046cafa9f14576221b1503e333815df5a6dfe134

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 77138e2662cdeffd61cf6210ae3fb8ca
SHA1 a085b99630efc74cedd0be9a0eeb57eff7b3850f
SHA256 68c83685da55573ae966db3113ee513dd76ba489024373968e527bd44d814724
SHA512 a4621910aa3ae4b5dfa558e69d0270717341467cf067d9397e2bbf118f789c87eef8750ecb25ffd9c60f51f35ceb40b211ce9a738116c4dfc06e543ac90d1bcc

memory/2372-1615-0x0000000000D20000-0x0000000000D36000-memory.dmp

memory/2372-1636-0x0000000035170000-0x0000000035180000-memory.dmp

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 b2e3ba2084f827f2e46a917983363f0b
SHA1 41fd27f8688b7a755abc0acc72a2a6a0e1045c78
SHA256 7daa3d35584a7e87c3e8e3afeb436d088209966471d6c766328087823f1f3e73
SHA512 4aea989bda6efc91836264f04f23fb3760764e3ef7809f618ad949c2e64b5a167fe5d054607535ec22fea4942d9ddc5ea7f70a1f529ee23633c1cd275d90e508

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9c0aa24770647f9e437b1b717c1a09c3
SHA1 af9f0cf87b2050a53016fed162c40e4b913eca4f
SHA256 017d80dbb3f4604e1de203f006af9883d0353d6a4b05acb240cecac60da29aa4
SHA512 62226861166dfcae97e5f6116a62e95a086aa81b07d39e594e263099034669004d916638754b5564a3bd9fb2d44cb0d590a6c6a54787a370f8b920aae69e181f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8cf148a23d819cb8a63c99d4539b8869
SHA1 5112e9c152eb0cada92e61bdf25bd2edaaffba13
SHA256 128ff4163b43107c8aafc9df2ebd8e7db54f4800fde7c04af0e054feec59cad1
SHA512 335f51c16c0937e2e97cd2060a5ea08c37340b7cb4ba1202f7c671f484dd4feb810a7c426ed49295e2eab64f4a895eba1770aece474d826e158069bfb76a6da5

memory/2372-1827-0x000000006BB70000-0x000000006BBEE000-memory.dmp

memory/2372-1826-0x000000006BBF0000-0x000000006C196000-memory.dmp

memory/2372-1830-0x000000006BA90000-0x000000006BAE9000-memory.dmp

memory/2372-1829-0x000000006BAF0000-0x000000006BB6A000-memory.dmp

memory/2372-1828-0x000000006C220000-0x000000006DC1B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 5d7e698c85d8838486d858a263b39863
SHA1 850ce36b32e34ffe009271056cd6da5dd8e90fe1
SHA256 8dcd04d5c789c901cfe841cc3be23b05c8d6f83d2d33d3b4e20bb26a6d50be60
SHA512 7981e5906f52df2190bdfe78fcfa1de34054e625cc3761d445776d014ef05969e7ebe09554c3ade3774ea9f44d9beb3ed4f10d896355cad963c86c65d3d4f816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 63cd792b68de36b668d8e35d78987399
SHA1 2787bf697196963aec3ebd0a60f7f661f437d4a4
SHA256 9c69f9f1b09296f5b8c5905b08dbf0249567cbe336051cb1f3a4a6a010f47859
SHA512 b585f446e62010e6b48906b83832982b1f8ddb81f7891ea54e944d00229d5f52b44f30c6c0c6964b34bbb597e763ad950a79bb334ff6052080f42b0f02be5b08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 b761c12dd9fe677fd63d0ca992d3fe09
SHA1 161f77c0f02d467542ad6386e2f8a20289d30ea9
SHA256 0a26b4ecc2b3ec28d84e44bb7c856d911464446bb700daa757ead354371a5d29
SHA512 9d5c20061467bf6ee129e614c8b72501483b71de460b3245e35f54826f879259eaaf2ecbc92e07ec95fe209fdd84a28feb823dc38374a55be36e4362ac5a2d08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 7820201f0db0c706a0ea5bb7ce018ef2
SHA1 6d116650afbb3b25bfd6226c7d5ee00dd1fe4515
SHA256 04f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a
SHA512 bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 c55dbb2a5e2048f8ac7b88cafbe13ab6
SHA1 6629572a0fd059184b4e5c57687fa414fa7283d3
SHA256 a82abfaf7dd683f673153324de1295a2a952e5b40fbbc581b5fc39603883f5cb
SHA512 61336d53f5f14636ad0552e92bafec6ab262faea08d28143dbe6f631bd6be86ed1b6b2dd5a2127cde53a1405ee4bc8384c3327521571917dc22c7fd553f108aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 cfa2ab4f9278c82c01d2320d480258fe
SHA1 ba1468b2006b74fe48be560d3e87f181e8d8ba77
SHA256 d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e
SHA512 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 8a42ba5472aa4afa3d3ac12f31d47408
SHA1 2add574424ac47c1e83b0b7fae5d040c46ac38a7
SHA256 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4
SHA512 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 631c4ff7d6e4024e5bdf8eb9fc2a2bcb
SHA1 c59d67b2bb027b438d05bd7c3ad9214393ef51c6
SHA256 27ccc7fad443790d6f9dc6fbb217fc2bc6e12f6a88e010e76d58cc33e1e99c82
SHA512 12517b3522fcc96cfafc031903de605609f91232a965d92473be5c1e7fc9ad4b1a46fa38c554e0613f0b1cfb02fd0a14122eaf77a0bbf3a06bd5868d31d0160e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 6fb26b39d8dcf2f09ef8aebb8a5ffe23
SHA1 578cac24c947a6d24bc05a6aa305756dd70e9ac3
SHA256 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059
SHA512 c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2667e55261d86d3_0

MD5 02dddc3f63c05a84a41b9a484e393eb4
SHA1 4656057d7bb6b0b530b7c1eb803d49a40e312b2f
SHA256 8453fef58a8bd5d3118c36b66fce7e8d1c6939d8f927a2e79ffffa092fcc9e0a
SHA512 95b774abc2de27523d34a021a5ce72dfafa01f29f848bda54916de67cdc0ecf9138e41cb5b43d309c9b0d586b610e8d28f5e2b1f431ff1d75525626fc871c07b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 2ffa40a18e79cdc8e4de8109a647f37c
SHA1 9b663751e7ef29ee8a46e40c565e47f02bd60779
SHA256 d40c5f48fe21a5206cfdd42cae37a74cf2d23f1f9e54925e7d33d3acb0df246b
SHA512 e816903ac4ea642991caa2126b743f7009b221d99d80f4516a953c8bb9ac208ed58a7c1c99c78ef7685e43eb7ce3362dd416176ddf73ae4c920047822d18f061

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\689471a49c9589a5_0

MD5 80da6bd11560d52013cc290fdfa3fffc
SHA1 c6ad062ba50f389477e5dc11ba2c1c83962255d2
SHA256 cb8962f180a764822d93c2e84326dd15b7ebf6291eae2e40615fee4e78273bff
SHA512 86d6ca4f45a4b5534a83b353a6590629092b543136bff3bc6ded21f22d486649952f8367a1b350233a30f697010106b16a9915859d7214b5910f9b55f1b3acd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 05e9679509b61424a07cc4d4efb7247f
SHA1 db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81
SHA256 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b
SHA512 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c88fad2ab82f1a1c_0

MD5 8f74be975ed7929d23bb3df3282af346
SHA1 1d040df21aaac7a388aabf2428ba67031628e1d6
SHA256 5ceebca80727da7a3d39373bc71e652c1126613da8791b7564722fdb1ffa4a79
SHA512 6aa6d2075cd63db975cb5fd0ad9642b9d7d1ec1c4dc42e50903aea502572188651cdf8ed157e89b77ea661fc167fb3c05836edaba223c875dac5e6917b14bd1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4cc440ac75c1267f_0

MD5 5174c7c876ed5345ededd5b4154a8b39
SHA1 ddccbaf983c491a8c811d28444d4964fec895f0d
SHA256 9b0adbcd1e52097ab96a60335876f3eae6e9bd7d8e178504d435327aae568ad3
SHA512 6e647d7ed3610942d89ac1343e31c23a7db4e9388a58d6f00a778dd926549da0ef917ce4d7dca3ddf0df504966d19d81351825be924849220079f110e6698dbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92063f2bbd648a4f_0

MD5 99f48c5f319c1ad10cdfc805a1c9d386
SHA1 ae5000d345214bb6ba0515dd0bba27b4b061f215
SHA256 0cac8aff44ae6a765fbcd29d93044a5ef99dd31c780f946640f87ce8cbdd84a2
SHA512 9173df0ea70d03bb92765ee1adf317ed91452f5f9dc2e92c992942da2d19158f7e94e446961e112ed6bc279e76e2723fae033d6fc3fb583c5f9f564dfd91f2b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b523b98579dacafe_0

MD5 cba571a36e74e11d7e3373a962f1f58b
SHA1 a22cae9984335a75720e5a8a7e3eddb38d27bed8
SHA256 3fbb5a118be7c1369d43130da3fdfacbece6d3b4bd1baf7a4aa6467f4fb9011e
SHA512 ebc40dd52aa6def63db810eb4f42978b4e9a39fd7d7bd7873b9a39342098e6b5681fcfecba6aeb24cc1c57ad963a0e789566669b2677838c2bf442f5b6a9d172

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\adedf07b69a25b84_0

MD5 58a2ebf791830ef6ae2d9b3882a10235
SHA1 9014f8ef07d3133b2b7a07903ba2450b478940e2
SHA256 3c50da582065ceb926931c4cb5763a3cbe4c5ebd4253e267d99fe05e67820a7d
SHA512 08a9f9d1035830190ed347872bf3da3c09f6f47d51be114051652a693c6a1f1e9365a8227d582f782cb9cb598c375775d953a43366247f9fdbcdc24ecbbea79d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4e9e66b8a32fd8c_0

MD5 f17f6ba9e32267ca6ca615d0444f3474
SHA1 28731db9b1e1c3dc7bfad0a61d0908b9cb6a67cb
SHA256 7146c74ee3888ad02b9b251cb5453d3194d3807fee4fbd8bf25262230797792c
SHA512 774f16691a4f98aa93d44f0fe0f8af4744fb2d5e9dd4d028c917e9674155ecf749a13668de2036a36fb4f856f08bfcd639618ed5e9a9f021ba58381eb095ec0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635c5a48473ec11e_0

MD5 a48e13455d2a75b497690db65a834b72
SHA1 48ddde8846e5093539f7f0e03fb72a37e02ea7cf
SHA256 65cc0faa9dc31913d7b076564c4ef6810862c14dd7084151efda42b8e3403b30
SHA512 1f88b6baeba8f13d17564aac0a30a806a211f5a8d14699fad4d8f96ed971d816a8fc29ef0ac851eafd0bb0d90190287c3ecf80569e88063b8c08fa4814f7655d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53b92fbc4d68952f_0

MD5 30ce23f1b125628f8da0f1581a636a3a
SHA1 50a0e30c1e172b8cbb78d8e9d85ec3ff01f489eb
SHA256 09ef322ec96da1f2d5e0ae154e4489c9a198283a24ccdbc397873ea36aeb25e6
SHA512 26220fcebbaaa5b2c0de6f2c223343c2ff0252835a7739105721d5899a310529a1d97a03b756b3c31937d4ca9f2813336a59a27ee5f97e35f3398135b7192174

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdff3907e497c060_0

MD5 6a9237f25761fdeeca5e90482c2420a3
SHA1 c6ca2e2ffa4d079c2f8fd603b0c694f2211fa914
SHA256 8b3641ffa56dfd41a2e9a9c1318f9e82a895b470658e81688074aff55618993c
SHA512 ad77b035d1879c22f9ac0c95c626f97314c989cf2e1bb16fa6301c148a917e1f027d0ca5077142f136b894f4d1f39ea342a29e118e0a8489115fa54b87df6715

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a73304e39deaa22e6e545e6b54369779
SHA1 7f2b91ea6a6d3510f01681e4dad44a07363d8fc9
SHA256 0ad36e6bdb733d221a9cfc277efb140a811b88e17445f3176174258539d44f15
SHA512 0226fa475f44f6cc21ad4bd4eba4801f550307917a98ecf62309160836d7151818b7622f257eaffc546fa480e199b12d086c2445117545c26dc134bae0327f94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 db3bb213cf3512e6212f9b90c5d6f4fb
SHA1 bc766cbee048826ec951216735e73b963e9ed405
SHA256 ed5c67edf1edb91700ca80ad0630bd75f68d178cb8b3770e178297815aa783a5
SHA512 acc784b42102fe355d6556fb7ffb4493baaf9be0b56f9fe779d64752559705d349146c28e498bbcb3d2ade9d49cb70a8ff99f0eefb983eb83e3f7a9de2662009

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\79c077474726e249_0

MD5 2f852ab76255131f27c910cc3cc3aabc
SHA1 5d81e44abd90bc23419ce8a1f5bb37cd5c7d150a
SHA256 a66ace53cdd3b3c00afec5bed3fc6853909473453a365ee0dd804bd829307733
SHA512 ef690221453f252beb1cdc2647e9a593048529e58b2f7a6690920127f50ee2fd406934877f5e08ff5d775a4c23d5aa1edd0daa8976e9b892a0c12647dbd3c3c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8172256176818c44_0

MD5 471180592b6512b7cea9136cfedf9fab
SHA1 73a257243c1facb9093decf378271f1f735f7343
SHA256 6d105c66f3a29b8a2130dc3c9b9c95ac1aa633b21c2f008f0f2dbcdad210eec5
SHA512 c326a3689a5719f45dbff6fe7f91707644e868ef5d7fd7bf116bc1c4464e19598bff87d98311474b9b0b0a263ea79bc1e6544ff10c219f7587a5666c5b456f24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb2a3eee4aae17d8_0

MD5 1f6d46bfa2d16bad8c5a220492c54816
SHA1 93f66bbd0ce8426bdb335544a22aa5d3a5bc53ae
SHA256 9da045451dd34cbae2d24eab9ea7dd43fa923d3befd0facfa0db9322f85f5162
SHA512 dcb0d4c8fbfee314dce41f05865a6e50c7b98001d6509eca74d5063113ecd1393855c4d35c7494e47c6b179ce55cd3de7700d237f28f28288f27fe5a44e6ad7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\42b2928a5bbeda35_0

MD5 a39d012992a25ea117b984854ec44cf1
SHA1 d101d10274e1153311f84bab81f59f0a54d029c9
SHA256 b9225786eabd2cdbe89cb77f7c43499cbcf1576771d8caaf884394b45b39674e
SHA512 03b5e7e7fa548f2e9848354ff087b365c3283c602da5ed6101184ea959ea35c0555132f9e7667fc99f435c09806ef550842061cf1ab03a9c9eae8c6194656503

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\98b9457c0e08130d_0

MD5 80f0c80c76f6c6a3999dc9528beb7cdb
SHA1 9992f20c52e0ccd6dfe7a111ba46c500e22992a6
SHA256 08a0384915a71c726fb44e49d963d3d917a23d8a07c3ac774bbceecbc8dc476e
SHA512 78b287f7c7639a5cd7d440fa3f1f7d52a5c084d847e7fd4dc4a87a6771d9385ab641cb54e1ba029a0cbc5a18648ccc99f86ef697b07dbb97c4cd5616a89cb3d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c644062b95acf88_0

MD5 593b0b1fe30851bdb981738c925a3f73
SHA1 d1f92fb2f0a7369b776075d340ec8ffe98293c5c
SHA256 d0a3e3c7abd130d59bb0c4d8e3403b69aa2ab3b17d2db790cef7c4326e83a5b6
SHA512 761471304e4e2826d631604d88280fb20e5f0ba14f55c3f0a887c4daef3374db18fd5d2b8f3ac6af873b63342cb7bfa6ee54916089bfab6041195537a5ede1fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 f79882e12fe87d482fe216d30ef3c93a
SHA1 e3031f2d694529705d8634b397815cd907fec24d
SHA256 c95d79ddd197080d143fdbaf458ce6d653621088f2d16827b3037f4417a32f61
SHA512 075f20268aa1b46fd322da5220b1705e42076d6ee681417bc95d5e900c6ed9929eca102796757e5db387db56ed2e97937e074b5af75840e55b018623c0a845c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 c03ff64e7985603de96e7f84ec7dd438
SHA1 dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA256 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512 bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4483e588d8140f7adcf93d4c7ce7f9e9
SHA1 2f0271b321a6c62bdd33c1f2b03d7042e458d8a4
SHA256 ad2257ec22114294f05418019d77f6d3053109a527e703e4f4b05fccd7042583
SHA512 ed98b299a91dd5b020bcfca0fa162fe12cb5100be1a10baab3d6dc554d54ce3ab4b99b5d231de18d92fd0b710940c355cb5c17bfc661f36b6a9e5029df181e3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 2335c53afb1602527663457cc9c69410
SHA1 8f5fc5d6c267d93a855106d908eb3e29c6b77d11
SHA256 9eace0b1569f237f159f7f0a949ba8c435b994331aea1f5c7f73c88d2383da89
SHA512 fb5c29cc151f75126a610aa2b81f05f0cc74ae3a115846ae3e0ea2ce5d233b48c3807868ea9043945de64107af790931fd44938ba28e8ceb90c0d549b0834984

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2e51ac2d03e9097903be7d56b7c5fbe0
SHA1 74002f4f8ed172d9f56d79b8fed44b610de4001d
SHA256 0078f30ca09f4133e1dd2c41a65413b4322e3622240a30a6136db50dd383ec3d
SHA512 a6267d67d0dcb7b46114a57f5e714a6f179a782ad8df2b8a17c3d0747652dc389583de7deaaddc40f9452a0f25bd9034432a6688ba8f3822a62e8f8557b7a6a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4427c673b05f99b38575b465a46282f2
SHA1 f1e1990750cd6c7aea53427e02aba222c75ac2fe
SHA256 66b50e287cb6ea72eb43dfec74f7f5a4b6ddb62055abb50aff59689d02b46aeb
SHA512 5544db6cad0171c5dc1ead700937a1ce4556b5e9efbabe185b0f5bef955cdb5b81cfbb3c42ef6ebef52b1d3f028b5922bdb9d98b7f2fa53ade39edac7a2dcd7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 304e5cbc5de8533f6dbe420dd90f388f
SHA1 e6a86a275202d14a10926f6bb3322271641d8ee0
SHA256 5108bc04dcd8fbbdb5c47acdd967bacacf0fa87867daa3c5a374baf3322cf20d
SHA512 6a08bf4f94e6db50569c822eb2efc58f4a991c50dc3e32398f6430e4278345b303571615369226f4e88590ff4f40f9d6a61f765aacd6bb5eb34d36ab75a6b284

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

MD5 40695d01e0b35f2bc7ecbd9595f4360a
SHA1 0898b5a6016b4b442233869342d61144986e3804
SHA256 f899c78c1600beb6df038d9506cba2f8275e7621ca16ff53d74acfa99f6e46bd
SHA512 82d4cbf149626025df25d952a35c17727f46fc18076928f5b4721710f19b2cdc09a111a7f9464e3cb7d1c37e0286abdbf3eac26c1e3de5b803f196385fbd3344

C:\Users\Admin\AppData\Local\Temp\CPU-V.ini

MD5 71aeb97dda8b98fb3dd0eccde3610b73
SHA1 48dbad3303ffc7814a8e1c5962f3058f0b298257
SHA256 ba2267e8aa29108d63fd826e1fd3481bf905b4f1ec6f5de87ecce49378f8dc5b
SHA512 317ff8c725a72ed8d9f065b8e78c62193bae3a66d4ac8f7e163f04fb5b26ce98b6343639dd5d91481a9f44fdc49ea350baf7947858425b250c18a4d00c59b3fe

C:\Users\Admin\AppData\Local\Temp\CPU-V.dll

MD5 c324caacf1859269a6d0e7465644891d
SHA1 3b962eeebdcad3f99d1d74d417186b9e24417d84
SHA256 62cce2c15b1b06e3f7cc89c6707b437b010163d93ece7d40c349103d097987fb
SHA512 51a631092201de03e144e9a7112ae0af095379c9139fc309a043f8b71e593453230ba75d2089be82c59e5a62d353b0dc2294d850d42645d398e9e6ac08c238d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c2987bdaf68c521434c2b375c27a76e8
SHA1 d1645072e05afd6a6066d852eb4bfb759fd90a87
SHA256 80a791379fcee6ecf2baae0b96ec5205c5332a71535ce5b402d3757de7f476a3
SHA512 5278b2103182a778b58310d5534d7e428290f0b516c9c5fc9c1a059373b3e33dad72a7f0384e6aa3f0da20edf6f93756abc645224d6dbe2e213c199a5c1f3c6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bdc218bc9f176a5b344a149935323b4e
SHA1 dbaf12fb3bba853f0f7a5359961850da1ec7fe84
SHA256 27f28451db9030e7dc792ee727d316aace42e0af916c38105c9d1a6d9a91c487
SHA512 309d9d76643a4d29fe14439459c496f304cf73cd8d942948666b27e14ff45298006c6e425a6e87b1bc28f0830f5cd3690736e3c1f621d57e35aa9fece6c35263

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 5730615dc0f2a7841ccefa2564c0767e
SHA1 072ad6e1e8b062b4e9fd38568398b3982118319b
SHA256 1d4f1a8a04ab19cecffe2b2abfc2bca6e58a2223863524a5c4884e234a2f1824
SHA512 87ba2f3e3f1bd61dce7f49c09c9153a9abd168f0c49ea5390fc0e16c9c78f5ca5a997354cadfd997fdfa9f53afa7aed3ab3198ca3329c701dfb971fd580be372

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

MD5 fd1f79856510e1cddd8141f1d82aff4f
SHA1 659aa5c13b63adfb1480856cf8da6acd4fa624f4
SHA256 d2c922c16632143318a2792e0ea9345ea5c072ad583a84d8ef164cf952fec4f4
SHA512 7781c5280010519da7e71a849a9cb5e37f7b29a1e800bbf9cc47536eaa937abeecd1a2d61867c2744b7de83f0cfdc88b72255ee083501df0455fd018b0f86376

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

MD5 bdcf1dd416d169d87ad5f73b2fb38bb2
SHA1 f6f595a5d88f84b54533e34be969f3871ed9942f
SHA256 ee2264f45d3d0fc70f89a61c215d0470df5a9c39e47828db7e48c59fca9a50dd
SHA512 335a8b789c5dd06285df135e9e33cbaae0b20b3cda378fd2e92b33a66d7726e4e079f7920055121d2495d102e993e18d9a4430a36860d8cef5cfa100452186fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

MD5 80f1c7472825e6dd19d7ab65b0984ffb
SHA1 76af1427993a5d699b8441a32d751777a91fb0ef
SHA256 cc6186b5115525964b454ef070e9034df1d919d806314ee6a2203a2d66b4f7b3
SHA512 b0be05f9536efd3ee010afef24fe879aeabe56cd52c877cc23980b8c1742823834f2e9e8c000a78d79b077d0f257dc30bff10b5eb5bfa6d2cd684405bfec7c0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 d3ef6437c4c145a84f7bbb8209fef087
SHA1 0b36d6634e425b3b6fa2cabec7bedf8f134b1018
SHA256 0d83a48d921608ac04d900fc9ae7ba330ad29af1edf63e052ea81c02fd3a1841
SHA512 d99165209c425b96f939b58c669962f4f2d989922611f0c8b3519f3800ce0173af65032053dbe90993bfce3051ed1c93df85f7681d2c3540645039242a0cad0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 175d5e2f16843efd7a212409e5241b7e
SHA1 edabbd7c29b39e6d55e66cb1ea33e24e5f6eef61
SHA256 7e2b2bf96bf8de372c93d20757221d806abc90c3cbe596c9af0276487f280872
SHA512 3018dc1412bf57ff37702db8f45a2bc8cc3c93e99dbaf7c84c90421e10f4f6a67c3f6889beca8a938b5981342d09ff0895256bfa8b3198ccb51af46eb2295621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 5f11bf52dd6708f48c3c6e2b3e559ea2
SHA1 a34ffad7a077c73614921fe32ae24395910ff54a
SHA256 9028c236f5dee9b16d499fd227093460c246ead71ee28a3529d1511f9823e276
SHA512 5518c4cf8e456e3f1bbcbdb7408a2d422f433330050b6270be4e72d2c1378f94de9859093a640d768df967ef5de9bd7116a2c8f13b60f47bdd63e500ddb65da5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 7ecdb36aed0eb415f9b5edcf886e8a22
SHA1 8ab80e699b3c7bee211dde978dac9ed1d034b9ef
SHA256 d552f7461b3ffbd520e5a07857e952bae8097b60e05c96aeb049df1d8b9e88c1
SHA512 31ceb147cb4cfb9ca82a898cf3a354811d4468c022620c84ca6620c2dc3daa1df39a0cfcd80c1e28eae514048ced4f2d45c0da8a319c96d0b4b557486152be5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 6b9c9cb1156b887985fabce7a100fa90
SHA1 1a5360c8d4e3e6f4ba48857bc6eebc73695ac1b9
SHA256 2b274c4e1cf56a8b0983f00a51acb92a52088ad84e3af58deb6f543be5cc2fcb
SHA512 2a3818a62abf2133e388c7578df605a09c0c9e16d1bb200833c08cfeea9831d8dc3096765fd73669882bb24f1556c2fb3f1de2d8569110dfdd88e035fc2956c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 2fe80982e7c9a69dd61f5797d4ecf963
SHA1 5a4399532a4eb5fe623b745344ad24076ced5732
SHA256 08d0c271527fca86eab6102bfae0915591a6814ea11d12e41dba02dca352a26b
SHA512 358f4ce628966f5dedb982dae904783d0741585066b801be0b9460272722afb87db4d117b74ad81513eff7c30315abafd148eaeaade10dfc6f62f2213749525d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 dae367b5357782884e8362d33fe2a909
SHA1 4aee94523eb71a119dbde43566664b1c10b88aef
SHA256 7d1d52775467fe22501bd747aef0746189296b606b29b5035416b523e9edd698
SHA512 41287efe0795692c19200d4e6a0123b2638b2e55c606fa90bda2711c4109adc60228b0ebc0deec30b9ad9c32207ac5620a89ae9105a744b1a36b8b18b839e13b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 4e091fa7382c3e22ab53ff65ad594700
SHA1 37fa4babf99073d0b0a1a9e2dc280f18c2e8a569
SHA256 763f7d6f7b724ac2a91c3a50d2d271e22e1b678edf1f79e18309d7341300b230
SHA512 8f76bc69871d21670667ee93f1b9deae2a83175832bf8b4b23ec4cbf1bc86a740b733a39dfa124d5251f0759087be859b004bb0cf935c1ac792a2f0b33d7544b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 4bcd71fb69ce56f30859e8ff48fcd8f4
SHA1 5f5ab65994f33198dbf82219f60f5aaeb8fc11ee
SHA256 a70038a4e276640ef13dcc100d7365e2f759d03b839ae246e30610f92ea19c39
SHA512 9a0d9cf3f1561874136350adad0695b6dc6ceec754506df0a5756c567bb8b374ce399a54e2250a58eaabdcf9c4e77dea02c0eeaaa4713d46e09541a27ca15b3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 4c8100365e5a86d44378656e40cb21f8
SHA1 89af280820244cf71ebf73c51d8120f7bf363ace
SHA256 ec7cd56f8ee5594f09be4d83be29039698f08bdc122d9fa4c07cf0096c94ea90
SHA512 56f35d5b18788cca83ae85f7a3a4202ee5bb5adf6012e12b871dde39153dd818b0b4d9cd00f186966415de65d0215324053f793ee6fe983d7ce3bd18129324e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 53c76e38a86839826c4b11ec8ef0c43b
SHA1 003e5c12cb954caa268ef65156481340a2616451
SHA256 cfae8cec164ad2e5cd252c5bfdb9ce8f0988e59ef8627d6a1581b794a3f9f36e
SHA512 f18b138336b10776dfc86abe2b2a6222439eccbf4b1edb56816c6431e0345bcf6d29d18dc990454f02c8125a044ded56430dd15bc69eb4402573776afb1ad069

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 fb27a5afc7d344e6c83f807c6d8892dc
SHA1 4304f79089a599fa89e5ffec15a93d9ebf042285
SHA256 ef2f8bb51abc91e0640ee8d2d37b912feacb3c558b4da1b719020557408fa24c
SHA512 90b8e77c45cc92e44d4f1c43e9b2faa99e4834dd1c3cf28a118c5537580a17d1b10c87ce7b731a9c884866a1812fe59196bbd2eaed60b7edcfb59ce7853628fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 7698a4df2498e1e9f59ad8c2ae461d6b
SHA1 983e9ebe580290e7ca5c950866e78f58c59171f1
SHA256 a7c84874edb5bd7e4ea45ff4dfe562a857b3a0ac94ded097417770807bd7a6d3
SHA512 36eaf027fdf7040619fba7cf4eb32552869699932157dde8934c43ba10f3709e0a1e544873e3c5f4ba3f3ca1a31c94a45485cc65c38a358b106fc4445d200e46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

MD5 87f4a2066a7ba3bb60789dc61c0970cd
SHA1 687efe2ef33a0fba0d8a0d3380c58104136a7836
SHA256 15a310395e304995da5a905a89f021d4a62163d92c6c3fa6e379f7913262bc62
SHA512 0ad5ef6c631cb15031e6e7d9725cf4c076842dbb5dae2e094218f98957e39210402f79d2b8691525fbb109c500a69fd34112c7c32c3a4a14431d0ea09b509156

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 99d9fc3e66447461b7b83c831ceb4cda
SHA1 918e640452f271e98f3a089d3c0a14a3ceecb162
SHA256 1a10c6ebcfca50073bac15c7bd6bb7077db16eb38746c83c2bf6bf641a8c1935
SHA512 26f7e80a0425afc204a2c40ae370e2b47d48c8370f35bc88f0fbfdde2e7e6d20face615e2a9bcdf417314c99a8f105b913f7e10c23f5895ad8ba5b4c92de5a3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 3e278232b923045fdb147ced2de48ff3
SHA1 50147909ffaa89b12dabf791713bc9f432a2584f
SHA256 7651fb801c085f984488083c5489cb6b94414e4e5c20e32f5507202642c6bc8c
SHA512 a6e78cedcbac1cb58a178a9bcb024b3d6f595013c9bc162a6bbab714cbda057cc40248768d7baa69a85827e24ed81e4d50502bf6b3c7f671b48a80d7ac1c8fe3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 7a750eccd64bcb7c0e63cd91332760a7
SHA1 5f2011e1fae2c39e8d31be418abcc70b0db602f8
SHA256 3e20cba32209388ea78a2bc727f5cb6d9bb9adfe9885dc625ca29bce0b439f41
SHA512 885c81364d57037a5c071c0c771e36c77405104f03f712baa7f339c7ecbc94fb7291009be144e23ab9290a08c174c841b1fb60e6d811aa790504ba67f1939932

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d96bd3b61b9f2877_0

MD5 5d990470d5d150803b86b6c180f16dc9
SHA1 74118246c2652ad7b967a05171bafce7a255f85d
SHA256 de4a8bec17752b6afe6d212601a06c785a91df15386cba3ccc2a423322faebb0
SHA512 8a37c407b905ea984658745d9c7d1bb50663d3bb3ee4f1c527d7dfd2edf0adfd6d33e2816f8fe38379ecf78e619755df4becf2bf758687e4c6fba99674f84fae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\19c40221cdd58558_0

MD5 1cf900418b933b48bfa9474dd53cd4d3
SHA1 63b7f90248e5bd17a7a2f28556183d6121b66903
SHA256 57f4570d8522035247764e5550c7d557d5ecbb371d2ef1e9b9046235775ecdf6
SHA512 63c4333d623855d13afe6538ae80687d1db837590d2f80d225d734e02d12470ad40552bd74f18a0b11934cef98d6e30c70bae331dc1e91df2f482ecedf0d654e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f59cb41c7f6a27be_0

MD5 45a94f0bd433b5229b8e9f0b55492571
SHA1 49ed34ccc12fc53b18f090bf21240ea435b54964
SHA256 52fc6c42de8bb5d8f2ac5302c8f375f7f65f91f16123fa6ffc020e633fb01e02
SHA512 b4a88af8e2d3257230fddd887dda1942bb6f62500c1adfe1127b3db5ec497d5b6e010f2afd1a84acc35d07b3332de0528f4a6dfe4e05f5bf144c03638ec3b73f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3355c555ad5e31aa_0

MD5 c723f75b8c5c50b085badf42064d0192
SHA1 8eafb013e186a55ad271f6f1322f2bcb0e588ec0
SHA256 7d45bb0c7d517ec6c0f3ff717baf7f9dcf1b4ca3db759104747395031b1a3371
SHA512 d139a67ebcf13073b259a04ca28e7e5d17bc8323670cccff86aeb5813c2c94acea29180edd735f8162494a17d79f9623a6e929b01e147bf1e3a4a6d4555c77d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

MD5 67e59a06ec50dcd4aebe11bb4a7e99a5
SHA1 5d073dbe75e1a8b4ff9c3120df0084f373768dae
SHA256 14be8f816315d26d4bc7f78088d502eff79dee045f9e6b239493a707758107fe
SHA512 6364515e92ed455f837dcc021cc5d7bbab8eac2a61140de17ff6a67dfdbbd8fbdded5ce739d001a0ba555b6693dafdb6af83424d6643ff6efddc46d391b21d95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0c1101dc31cb4e0846b8ec17f6464f9f
SHA1 b73b96f76047e9a558e54bf73da7539497e7ecd9
SHA256 7a9276126982adbf1a92ea29bec1257d36e68350f3796dfd3b0805d2d52ffecf
SHA512 69cde00052a73dc7359676d82a8f85863c467c7b79f725bb544f4614ae9f7c7df29706059f24397a44da490448e58a936d82e7e3c3734d88aad1fbf1ee1c6ee9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 849c5edc717195b6336d2de9d0c70087
SHA1 79e546a6112425068d44e2e6344d6c2becc5948a
SHA256 9c2ecd58b2e04aba4c861d1f0c3e27a0999103e452573cefc8418552850c4f0f
SHA512 196b84f3b3d7129d99d40ef97330ea06bdcff01173b12438644a510808520d4896d6d2b2a2c503cfb6fe061688af30d76484781fb5f534695393991ee750d7a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 307d5de64245fa12253ba400d8de65c1
SHA1 0ff3dbfa12fcc6d584cb83187c6edad187ee4318
SHA256 281f18dd3a663015acef571bea61399d762968c57c419510d8532cae9ae6e5e4
SHA512 b3ecc1409353ffd05517d5191cdabc10f20cb232c1caf36c563f8561c06a26c34574776f61ca84d00e78dd5d58491db336f8da9b0ecdf3c9af856cf5a84afdd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fdd2473ea8a47e33f9ba3dcf919da520
SHA1 689334e9f07a16f87ef72ac396bfef1f99907e91
SHA256 a444bae4ebb4b1bab324ff39dc82bb641f57381aa2260953aabdeeaff3e65fd3
SHA512 ea452e68a0f869c6e597c7621175cc4974fc0a09d5b8674ace1831910d646f70bb011424ce645b68c601b371568babfd7d58510a4718277e47ef5b750d07adf0

memory/5944-3236-0x000001C851FA0000-0x000001C851FA1000-memory.dmp

memory/5944-3235-0x000001C851FA0000-0x000001C851FA1000-memory.dmp

memory/5944-3234-0x000001C851FA0000-0x000001C851FA1000-memory.dmp

memory/5944-3241-0x000001C851FA0000-0x000001C851FA1000-memory.dmp

memory/5944-3246-0x000001C851FA0000-0x000001C851FA1000-memory.dmp

memory/5944-3245-0x000001C851FA0000-0x000001C851FA1000-memory.dmp

memory/5944-3244-0x000001C851FA0000-0x000001C851FA1000-memory.dmp

memory/5944-3243-0x000001C851FA0000-0x000001C851FA1000-memory.dmp

memory/5944-3242-0x000001C851FA0000-0x000001C851FA1000-memory.dmp

memory/5944-3240-0x000001C851FA0000-0x000001C851FA1000-memory.dmp

memory/5172-3265-0x0000000073240000-0x0000000073256000-memory.dmp

memory/5172-3264-0x0000000008CE0000-0x0000000008CF6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c2ac8229cfb88d1f23fa3fe817d6994d
SHA1 a9a59042e32a3867a4a67c4b317fa791e5e7534b
SHA256 6623dc974b014977c2b972440e92d79c4a8bc8f67256a03d4106876f118c0059
SHA512 41206228b1943a2d54477229e0836c71365ee633f3fc8424d6c3fd1cbf45b74a87e8f2f66f92658544038729639982359f261afe4a3757bb4c6ec3f06a8770fa

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 29204877f4771d9cd63c5ab69e3173e7
SHA1 662b9c3e789863c746ed8f9e85a32840b4883fd0
SHA256 c57020b8c23aa076bf6d072f4cdeb86545db8770e5568d914e08edbd2fe514ab
SHA512 cf6d47659939c24d01ca60af723894fa30ee438832505861b24d70033b70eff556f60f47e3922e38c6cc0abd63c74ba5395917ae78ea6fd8b921e914feb0f659

C:\LDPlayer\LDPlayer9\device.ini

MD5 94d32acb6b099c7a87c8aba12546a59b
SHA1 18c98b6ca1f9b4dba44e859e088abace95303ee0
SHA256 29695f4af54d611adb6e12f41c8a23398cbcdfcbdb02d19df40213886ac5b8fb
SHA512 28955fe59441755879f8f98df386947d5eec5bd1b64113d2e1fd04ae6628900b1155d35f810df576d4de6a030b9b1f9bb7a6b1e94a6c5a9f699173bbd3f9af6d