Analysis Overview
Threat Level: Likely malicious
The file https://www.ldplayer.net/apps/roblox-mod-menu-on-pc.html was found to be: Likely malicious.
Malicious Activity Summary
Creates new service(s)
Possible privilege escalation attempt
Downloads MZ/PE file
Manipulates Digital Signatures
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Executes dropped EXE
Modifies file permissions
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Drops file in System32 directory
Launches sc.exe
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
NTFS ADS
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Runs net.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: LoadsDriver
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-10 17:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-10 17:24
Reported
2024-08-10 17:29
Platform
win10v2004-20240802-en
Max time kernel
329s
Max time network
330s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\2.5.29.32\FuncName = "FormatVerisignExtension" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2011\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4\FuncName = "WVTAsn1SpcIndirectDataContentEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETCAPS\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\FuncName = "EncodeAttrSequence" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\winmgmts:{impersonationLevel=Impersonate}!\root\cimv2 | C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\ldplayer9box\Ld9VMMR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-util-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-datetime-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf-PreW10.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libcrypto-1_1-x64.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxAuthSimple.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-conio-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSDL.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\load.cmd | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\regsvr32_x86.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\libssl-1_1.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSampleDevice.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\dpinst_64.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp100.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxRT.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-environment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\libcurl.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-errorhandling-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_CM.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-convert-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-runtime-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\capi.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5Gui.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\vbox-img.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-localization-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-locale-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDDU.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-profile-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l2-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\capi.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-runtime-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxManage.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-sysinfo-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-conio-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ossltest.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5WinExtras.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstVBoxDbg.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBTest.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9VMMR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDragAndDropSvc.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\msvcp120.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetAdp6Install.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxStub.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-errorhandling-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dism.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\NumMethods\ = "14" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7}\ = "IBIOSSettings" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C380-4510-BC7C-19314A7352F1} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7e67-4144-bf34-41c38e8b4cc7} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-b7f1-4a5a-a4ef-a11dd9c2a458} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-800A-40F8-87A6-170D02249A55}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2354-4267-883F-2F417D216519}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\ = "IEventSourceChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A161-41F1-B583-4892F4A9D5D5}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\ = "INetworkAdapter" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E64A-4908-804E-371CAD23A756}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8F30-401B-A8CD-FE31DBE839C0} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\ = "IDnDTarget" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A2-41AF-A05F-D7C661ABAEBE}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1a29-4a19-92cf-02285773f3b5} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42da-c94b-8aec-21968e08355d} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1F04-4191-AA2F-1FAC9646AE4C}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5409-414B-BD16-77DF7BA3451E} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4C4-4020-A185-0D2881BCFA8B}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E64A-4908-804E-371CAD23A756}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B855-40B8-AB0C-44D3515B4528}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-800a-40f8-87a6-170d02249a55} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox\CurVer | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2E88-4436-83D7-50F3E64D0503}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\ = "IGuestMonitorChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-394D-44D3-9EDB-AF2C4472C40A}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\NumMethods\ = "21" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-659C-488B-835C-4ECA7AE71C6C}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-b7db-4616-aac6-cfb94d89ba78} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057D-4391-B928-F14B06B710C5}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E72-4F34-B8F6-682785620C57}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 860659.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/apps/roblox-mod-menu-on-pc.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7468 /prefetch:8
C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=3040 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 /prefetch:2
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=262632
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismhost.exe {8DF141D0-912F-4799-AA56-8410B26F05B6}
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=ff.roblos|package=ff.roblos
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d8 0x4e4
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8388 /prefetch:8
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9000 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13350851376063954991,10164236442993626207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10076 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_ff.roblos_3040_ld.exe"
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\dnplayer.exe"
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe
"C:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| GB | 163.181.57.238:443 | www.ldplayer.net | tcp |
| GB | 163.181.57.238:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.57.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 30.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.4.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| NL | 172.217.168.246:443 | play-lh.googleusercontent.com | tcp |
| NL | 172.217.168.246:443 | play-lh.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lavatoryyourself.com | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| NL | 172.217.168.246:443 | play-lh.googleusercontent.com | tcp |
| US | 192.243.59.12:443 | lavatoryyourself.com | tcp |
| US | 192.243.59.12:443 | lavatoryyourself.com | tcp |
| US | 192.243.59.12:443 | lavatoryyourself.com | tcp |
| US | 192.243.59.12:443 | lavatoryyourself.com | tcp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.30.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 88.221.135.104:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 142.251.36.14:443 | apis.google.com | tcp |
| NL | 172.217.168.246:443 | play-lh.googleusercontent.com | tcp |
| NL | 172.217.168.246:443 | play-lh.googleusercontent.com | tcp |
| NL | 172.217.168.246:443 | play-lh.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| NL | 142.251.36.14:443 | apis.google.com | udp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| GB | 99.86.114.16:443 | apien.ldplayer.net | tcp |
| NL | 142.251.36.2:443 | www.googletagservices.com | tcp |
| NL | 172.217.168.246:443 | play-lh.googleusercontent.com | udp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 216.58.214.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 104.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| GB | 216.137.44.72:443 | tagan.adlightning.com | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 12.59.243.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.223.219.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| IE | 63.32.135.176:443 | bcp.crwdcntrl.net | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| NL | 216.58.214.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.116:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | rtb.adxpremium.services | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DK | 37.157.4.29:443 | adx.adform.net | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 145.40.97.77:443 | prebid.a-mo.net | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| US | 104.18.10.176:443 | mp.4dex.io | tcp |
| FR | 217.182.178.224:443 | prg.smartadserver.com | tcp |
| NL | 63.215.202.178:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.154.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.161.49.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.135.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.140.106.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.178.182.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.4.157.37.in-addr.arpa | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| DK | 37.157.6.243:443 | cm.adform.net | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| GB | 52.84.90.86:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ca6c977afd07f28f862dfa7fe95e832b.safeframe.googlesyndication.com | udp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| NL | 142.250.179.193:443 | ca6c977afd07f28f862dfa7fe95e832b.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fw.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.251.36.6:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | node.setupad.com | udp |
| US | 8.8.8.8:53 | ads.us.e-planning.net | udp |
| FR | 149.202.238.101:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| NL | 81.17.55.109:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 142.251.36.6:443 | s0.2mdn.net | udp |
| IE | 54.194.21.197:443 | fw.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 101.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.25.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| NL | 142.250.179.194:443 | ade.googlesyndication.com | tcp |
| NL | 142.250.179.194:443 | ade.googlesyndication.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | u.4dex.io | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| DE | 3.71.91.116:443 | match.sharethrough.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| GB | 108.156.39.117:443 | s.ad.smaato.net | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | 197.21.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.40.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.91.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| FR | 217.182.178.233:443 | rtb-csync.smartadserver.com | tcp |
| NL | 142.251.39.98:443 | googleads4.g.doubleclick.net | tcp |
| NL | 142.251.39.98:443 | googleads4.g.doubleclick.net | tcp |
| FR | 217.182.178.233:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | db8f2dd79f8f8aed6b37957e6404c7fb.safeframe.googlesyndication.com | udp |
| NL | 142.250.179.193:443 | db8f2dd79f8f8aed6b37957e6404c7fb.safeframe.googlesyndication.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 233.178.182.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 129.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adxbid.info | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 8.8.8.8:53 | setupad-d.openx.net | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | pxl.iqm.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 34.193.171.116:443 | pxl.iqm.com | tcp |
| NL | 147.75.85.97:443 | sync.a-mo.net | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| US | 104.21.48.215:443 | adxbid.info | tcp |
| US | 104.21.48.215:443 | adxbid.info | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | x2.i.lencr.org | udp |
| NL | 147.75.85.97:443 | sync.a-mo.net | tcp |
| GB | 95.100.245.168:80 | x2.i.lencr.org | tcp |
| US | 8.8.8.8:53 | 116.171.193.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.48.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | as.ck-ie.com | udp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| GB | 84.17.50.9:443 | vid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.85.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 172.64.151.101:443 | ssum.casalemedia.com | tcp |
| US | 8.8.8.8:53 | vpaid.vidoomy.com | udp |
| GB | 84.17.50.9:443 | vpaid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| US | 8.8.8.8:53 | 19.158.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.52:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.90:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| FR | 185.235.86.52:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.90:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | user-sync.adxpremium.services | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.201.192.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | d19mtdoi3rn3ox.cloudfront.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| GB | 18.245.158.103:443 | d19mtdoi3rn3ox.cloudfront.net | tcp |
| IE | 52.209.0.30:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | 192.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.0.209.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| GB | 216.137.34.105:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| GB | 216.137.34.105:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 105.34.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 23.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| NL | 185.235.87.102:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.35:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.102:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.35:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 146.48.219.8.in-addr.arpa | udp |
| FR | 217.182.178.224:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.226.234:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | 234.226.220.67.in-addr.arpa | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 216.58.214.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| NL | 185.235.87.87:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.34:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.87:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.34:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.58.20.217.in-addr.arpa | udp |
| NL | 185.235.87.100:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.37:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.37:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.100:443 | gem.gbc.criteo.com | tcp |
| FR | 217.182.178.224:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| US | 8.8.8.8:53 | setupad-tagan.adlightning.com | udp |
| GB | 108.138.217.126:443 | setupad-tagan.adlightning.com | tcp |
| GB | 108.138.217.126:443 | setupad-tagan.adlightning.com | tcp |
| GB | 108.138.217.126:443 | setupad-tagan.adlightning.com | tcp |
| GB | 108.138.217.126:443 | setupad-tagan.adlightning.com | tcp |
| GB | 108.138.217.126:443 | setupad-tagan.adlightning.com | tcp |
| GB | 108.138.217.126:443 | setupad-tagan.adlightning.com | tcp |
| US | 8.8.8.8:53 | 126.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| NL | 185.235.87.97:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.55:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.55:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.97:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| FR | 217.182.178.224:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 97.136.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| GB | 13.224.132.104:443 | apien.ldmnq.com | tcp |
| NL | 185.235.87.110:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.47:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.47:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.110:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 104.132.224.13.in-addr.arpa | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| NL | 185.235.87.104:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.51:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.104:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.51:443 | ag.gbc.criteo.com | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| NL | 185.235.87.92:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.50:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.92:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.50:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 234.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| GB | 163.181.57.232:443 | en.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | advertise.ldplayer.net | udp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | advertise.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 123.201.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.57.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| GB | 163.181.57.232:443 | www.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.23:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| NL | 172.217.168.246:443 | play-lh.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| GB | 13.224.132.104:80 | apien.ldmnq.com | tcp |
| GB | 13.224.132.104:443 | apien.ldmnq.com | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| NL | 185.235.87.108:443 | gem.gbc.criteo.com | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| FR | 185.235.86.33:443 | ag.gbc.criteo.com | tcp |
| GB | 13.224.132.104:443 | apien.ldmnq.com | tcp |
| NL | 185.235.87.108:443 | gem.gbc.criteo.com | tcp |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| FR | 185.235.86.33:443 | ag.gbc.criteo.com | tcp |
| N/A | 127.0.0.1:6467 | tcp | |
| N/A | 127.0.0.1:6468 | tcp | |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 145.40.97.77:443 | prebid.a-mo.net | tcp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| N/A | 127.0.0.1:6471 | tcp | |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| DK | 37.157.2.230:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | 65.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1b8efccaeff1ddfca81806c99f87290c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 127.0.0.1:6472 | tcp | |
| US | 192.243.59.12:443 | lavatoryyourself.com | tcp |
| US | 192.243.59.12:443 | lavatoryyourself.com | tcp |
| US | 192.243.59.12:443 | lavatoryyourself.com | tcp |
| US | 8.8.8.8:53 | efc95e027c6d7b5cd5d8ddbcb56e8201.safeframe.googlesyndication.com | udp |
| US | 192.243.59.12:443 | lavatoryyourself.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.251.36.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 128.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| US | 44.219.3.41:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 44.219.3.41:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 172.217.23.202:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.250.179.134:443 | static.doubleclick.net | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 172.217.23.202:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 172.217.23.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 22.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.3.219.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | setupad-d.openx.net | udp |
| US | 35.244.159.8:443 | setupad-d.openx.net | udp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| NL | 185.235.87.93:443 | gem.gbc.criteo.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 185.235.86.30:443 | ag.gbc.criteo.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| NL | 185.235.87.93:443 | gem.gbc.criteo.com | tcp |
| NL | 142.251.36.22:443 | i.ytimg.com | udp |
| FR | 185.235.86.30:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | 06c930d1e18e3a322467082765edd921.safeframe.googlesyndication.com | udp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| GB | 18.165.201.46:443 | ad.ldplayer.net | tcp |
| NL | 142.251.36.6:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | rr2---sn-5hne6nz6.googlevideo.com | udp |
| NL | 74.125.100.199:443 | rr2---sn-5hne6nz6.googlevideo.com | tcp |
| NL | 74.125.100.199:443 | rr2---sn-5hne6nz6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 46.201.165.18.in-addr.arpa | udp |
| NL | 142.251.39.98:443 | googleads4.g.doubleclick.net | udp |
| NL | 74.125.100.199:443 | rr2---sn-5hne6nz6.googlevideo.com | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | udp |
| NL | 74.125.100.199:443 | rr2---sn-5hne6nz6.googlevideo.com | udp |
| US | 8.8.8.8:53 | 199.100.125.74.in-addr.arpa | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 1x1.a-mo.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | 45bfdc589b0ecf535ee25afc8d71a16c.safeframe.googlesyndication.com | udp |
| DE | 3.65.112.149:443 | 1x1.a-mo.net | tcp |
| DE | 3.65.112.149:443 | 1x1.a-mo.net | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | 16ef922f14dfc6bd221819d47d6ebdaf.safeframe.googlesyndication.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 64.202.112.223:443 | b1sync.zemanta.com | tcp |
| DE | 3.65.112.149:443 | 1x1.a-mo.net | tcp |
| US | 64.202.112.223:443 | b1sync.zemanta.com | tcp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.112.202.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.112.65.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| FR | 164.132.25.184:443 | rtb-csync.smartadserver.com | tcp |
| IE | 52.214.62.75:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | 184.25.132.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.62.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | equativ-match.dotomi.com | udp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| US | 8.8.8.8:53 | ms-cookie-sync.presage.io | udp |
| US | 151.101.130.49:443 | sync-tm.everesttech.net | tcp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 63.215.202.137:443 | equativ-match.dotomi.com | tcp |
| IE | 52.209.250.41:443 | ms-cookie-sync.presage.io | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| NL | 63.215.202.137:443 | equativ-match.dotomi.com | tcp |
| IE | 52.209.250.41:443 | ms-cookie-sync.presage.io | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| US | 8.8.8.8:53 | 49.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.250.209.52.in-addr.arpa | udp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | a.vidoomy.com | udp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| NL | 185.235.87.90:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.52:443 | ag.gbc.criteo.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| US | 8.8.8.8:53 | 245.83.36.212.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| GB | 163.181.57.235:443 | ldcdn.ldmnq.com | tcp |
| FR | 185.235.86.52:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.90:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 235.57.181.163.in-addr.arpa | udp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | leomoon.com | udp |
| US | 140.99.245.61:443 | leomoon.com | tcp |
| US | 140.99.245.61:443 | leomoon.com | tcp |
| US | 140.99.245.61:443 | leomoon.com | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| NL | 142.250.179.194:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 61.245.99.140.in-addr.arpa | udp |
| NL | 185.235.87.99:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.29:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.99:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.29:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| NL | 185.235.87.102:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.35:443 | ag.gbc.criteo.com | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| FR | 185.235.86.52:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.90:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.52:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.90:443 | gem.gbc.criteo.com | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| FR | 185.235.86.35:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.102:443 | gem.gbc.criteo.com | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| NL | 185.235.87.103:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.42:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.103:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.42:443 | ag.gbc.criteo.com | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| NL | 142.251.36.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 172.217.23.202:443 | jnn-pa.googleapis.com | udp |
| FR | 185.235.86.34:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.87:443 | gem.gbc.criteo.com | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| NL | 185.235.87.102:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.102:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.35:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.35:443 | ag.gbc.criteo.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| FR | 149.202.238.97:443 | prg.smartadserver.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 185.235.87.87:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.34:443 | ag.gbc.criteo.com | tcp |
| FR | 149.202.238.97:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 97.238.202.149.in-addr.arpa | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | 210762abf3c954006a75442948ce20a4.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | a6fbaec9dbaf32b281733e8eadb0ea8f.safeframe.googlesyndication.com | udp |
| FR | 185.235.86.52:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.90:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 6f28f65274a07c07ff2a3d8c22c24e9c.safeframe.googlesyndication.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| NL | 142.250.179.194:443 | ade.googlesyndication.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ced-ns.sascdn.com | udp |
| GB | 92.123.143.233:443 | ced-ns.sascdn.com | tcp |
| US | 35.244.159.8:443 | setupad-d.openx.net | udp |
| US | 35.244.159.8:443 | setupad-d.openx.net | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| FR | 164.132.25.184:443 | rtb-csync.smartadserver.com | tcp |
| US | 34.193.171.116:443 | pxl.iqm.com | tcp |
| DE | 35.156.61.253:443 | match.sharethrough.com | tcp |
| DE | 35.156.61.253:443 | match.sharethrough.com | tcp |
| FR | 164.132.25.184:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | apps.sascdn.com | udp |
| GB | 92.123.142.193:443 | apps.sascdn.com | tcp |
| FR | 164.132.25.184:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | www8.smartadserver.com | udp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| FR | 178.32.197.49:443 | www8.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | www8.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 193.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.61.156.35.in-addr.arpa | udp |
| US | 64.202.112.223:443 | b1sync.zemanta.com | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| NL | 142.251.39.98:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| NL | 89.149.193.84:443 | ssbsync.smartadserver.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| NL | 89.149.193.84:443 | ssbsync.smartadserver.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| NL | 142.251.36.6:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | impssl.constantcontact.com | udp |
| US | 104.18.42.5:443 | impssl.constantcontact.com | tcp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.42.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | 84.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| NL | 74.125.100.199:443 | rr2---sn-5hne6nz6.googlevideo.com | udp |
| FR | 185.235.86.37:443 | ag.gbc.criteo.com | tcp |
| GB | 18.165.201.123:443 | ad.ldplayer.net | tcp |
| NL | 185.235.87.100:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | a.vidoomy.com | udp |
| ES | 212.36.83.246:443 | a.vidoomy.com | tcp |
| US | 8.8.8.8:53 | 246.83.36.212.in-addr.arpa | udp |
| FR | 185.235.86.34:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.34:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.87:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.87:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.100:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.37:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.90:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.52:443 | ag.gbc.criteo.com | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| NL | 185.235.87.102:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.35:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | d19mtdoi3rn3ox.cloudfront.net | udp |
| GB | 18.245.158.75:443 | d19mtdoi3rn3ox.cloudfront.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 75.158.245.18.in-addr.arpa | udp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| GB | 216.137.34.187:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 187.34.137.216.in-addr.arpa | udp |
| GB | 216.137.34.187:443 | d1arl2thrafelv.cloudfront.net | tcp |
| FR | 185.235.86.55:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.97:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.37:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.37:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.100:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.100:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.97:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.55:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.102:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.35:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| GB | 18.165.201.119:443 | ad.ldplayer.net | tcp |
| GB | 163.181.57.237:443 | en.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| GB | 18.165.201.119:443 | ad.ldplayer.net | tcp |
| GB | 18.165.201.119:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 119.201.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.57.181.163.in-addr.arpa | udp |
| NL | 185.235.87.87:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.34:443 | ag.gbc.criteo.com | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 18.172.153.76:443 | cdn.ldplayer.net | tcp |
| GB | 18.165.201.119:443 | ad.ldplayer.net | tcp |
| GB | 18.165.201.119:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| GB | 13.224.132.126:80 | apien.ldmnq.com | tcp |
| GB | 13.224.132.126:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 126.132.224.13.in-addr.arpa | udp |
| GB | 18.165.201.119:443 | ad.ldplayer.net | tcp |
| GB | 18.165.201.119:443 | ad.ldplayer.net | tcp |
| NL | 142.251.36.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i9.ytimg.com | udp |
| GB | 18.165.201.119:443 | ad.ldplayer.net | tcp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| FR | 185.235.86.47:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.110:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.55:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.97:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.55:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.97:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.47:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.110:443 | gem.gbc.criteo.com | tcp |
| GB | 18.165.201.119:443 | ad.ldplayer.net | tcp |
| NL | 185.235.87.87:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.34:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.100:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.37:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_2016_TJAPUDTLMAAJRAVX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9179dabb7565e52e036126556cd30d1b |
| SHA1 | b47eae9a8e2d4812a0032683afad3ba3ae436242 |
| SHA256 | aaa5201af4099f0616c4facff30f661cbd3e7922638f348e31bab0a824a9bc77 |
| SHA512 | 5870e95a55d4fa9f09f0185b8c57a4b06f26702f8470f29e547bf098285fd0b0686c18cd4822fdb2e0ced39bcfd8df112f2d5c36c364966e319422a330a964f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21987a91db5a4f24797730dd2c4c15db |
| SHA1 | 87be19fe20c85e1fb198e6552335650eccb3bb91 |
| SHA256 | 616c0f0b3f371993209573a988f56a35ecd0d0de58ce7a3b5b93a9a416a73312 |
| SHA512 | 5f2f8db2ce66b18cc314e482ce475ae2f1fe0a33ada0f83b01b8be34f14b7e9d609440e484e5ad416d68e1aa80fd8f8c688095aa6e68124c08c77d0f8cffb0e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f04fbce9b4fdb5d352fb2907cda67a11 |
| SHA1 | 40702c4d190b57218154dd754732b1c42f75f653 |
| SHA256 | 97336e194aaf654104ceccb795eb025b247ca2257efc6ba4620b1bf3c77be43d |
| SHA512 | 6cce7905d8b753a6b5a1c77552e331a2bb6dfbea032aa775bc84441afa09abf1feda2a4371ffedeafdc8748a659aeb0ed8bf3ee7f6394491789f18f766d670ec |
C:\Users\Admin\Downloads\Unconfirmed 860659.crdownload
| MD5 | 9f9bbd12ae5894046810e6736ec4d892 |
| SHA1 | 9e81b764a40ec39f6667c54b8d40da0b97cb5a7f |
| SHA256 | 8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4 |
| SHA512 | 57d5b59de422394856e15b2d65c1f2a9e85a1b012c954ecad98682a84c7f90ff00be91819c8ae9cd123270e2cf446d69bfb248bde471a29846d57bf401417eaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | d9cb0b4a66458d85470ccf9b3575c0e7 |
| SHA1 | 1572092be5489725cffbabe2f59eba094ee1d8a1 |
| SHA256 | 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05 |
| SHA512 | 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6 |
memory/5216-433-0x0000000072CD0000-0x0000000072CE6000-memory.dmp
memory/5216-432-0x00000000091D0000-0x00000000091E6000-memory.dmp
memory/5216-435-0x00000000097A0000-0x0000000009D44000-memory.dmp
memory/5216-436-0x0000000009390000-0x0000000009422000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | e3d03d49701d1abbf695b2f1423eb765 |
| SHA1 | da86480695b674f59928bd21e7cdf710f05f2556 |
| SHA256 | 35491b33801fb07893d209e655eab5f9c41dc2223766768e62bde533c7e33bc3 |
| SHA512 | 89638c6823b61aedb4908e29f3d86251699cd65901a461af4c75e0c382cf1c55e1bd35543f554c365435593ed8fd59af62a2915823de59d385c0a74c3a294c16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | d92d113f4d22e43aec25f6c377a68635 |
| SHA1 | 981e781807b8af33168df16d7f1669b58a62a353 |
| SHA256 | 3ab2334dbafcbd0877c34ce11aa92d2db778c71e1348da047845142e70f86d13 |
| SHA512 | 11b9beae389681845b32d0ca8f1252826f1179acbdb01141f434f433249d3420cf2b4367eb60c763c6d1b3854c5911ded1a7e99e3d229bac1f8cbbef2f862e06 |
memory/5216-448-0x0000000002FC0000-0x0000000003004000-memory.dmp
memory/5216-449-0x000000000A200000-0x000000000A29C000-memory.dmp
memory/5216-450-0x0000000003630000-0x0000000003696000-memory.dmp
memory/5216-451-0x000000000AD70000-0x000000000B29C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d8f8c7f7-72e5-408f-8247-071cd016c480.tmp
| MD5 | 568600475441699a3d22f95a4f4bb01e |
| SHA1 | 92714c3a85d25f8d1c4a3cd6feca5bbb8b00fd20 |
| SHA256 | 78407fe1c4a466d6c6416a2534bccc90e448082b26c46fb3dd1f64d177ba19e1 |
| SHA512 | c3124cd1132791670238fe74965a0b4dae52d30e6b2e9e7fdcaee37eab4c605e3d33483c1082060942301b1336d03430573b00764bb1c2c332602bd0a53ab59d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d87a9c60994ac6452ec8878d1bb2935e |
| SHA1 | b025e7744e92bb63c7e54063f92815a44ca4e846 |
| SHA256 | f4ad5ee10386504f2bbe82360ccb5d333133ca7474f97706612afa22ba7d1a51 |
| SHA512 | 5e9137dff5f800278db5349288839a06cb6394f56dfbc0c687e0b13deeadcefd003f8b20c2dcbabbde43682167087ea4c8acad7a8f5ad8de5ce67a7e8a8ced9b |
memory/5216-475-0x000000000AD40000-0x000000000AD4A000-memory.dmp
memory/5216-476-0x000000000B3F0000-0x000000000B440000-memory.dmp
memory/5216-477-0x000000000BE30000-0x000000000BEE2000-memory.dmp
memory/5216-478-0x000000000BDD0000-0x000000000BDEA000-memory.dmp
memory/5216-479-0x000000000BF30000-0x000000000BF42000-memory.dmp
memory/5216-480-0x000000000BFA0000-0x000000000BFC0000-memory.dmp
memory/5216-481-0x000000000C000000-0x000000000C032000-memory.dmp
memory/5216-482-0x000000000C0B0000-0x000000000C116000-memory.dmp
memory/5216-483-0x000000000C040000-0x000000000C05E000-memory.dmp
memory/5216-484-0x000000000C090000-0x000000000C0AA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | eb974c53e4e4170bd3e0b52a91af4ad9 |
| SHA1 | b78760c855f64cca33f099a0fdeb67eee6fca188 |
| SHA256 | cc9135b05c0733f81b7e9236c74d58db8b723e7d6491f22b3fc5d5bba9ca886c |
| SHA512 | 426ca2f9cbff4c123c200128194ea410048bdcd288f1dd860ba4172aedee3aa619a2f2e94ad296a0b709c776ba75843801ec37ab710fd0ef7cbd1fbbee95650f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 1ca6683cf57a62bf477c20e3aca993a9 |
| SHA1 | 3174c92c4cf3bc120d68ff2543136849cade3bcd |
| SHA256 | ad695ad2e9c1adfb4bc74bdc8580f8d890d31596b57b342369fea5f446f51c28 |
| SHA512 | f52843ea19bce8600c6b67423c21525153c9b00cea3480a705a8ae17599b57e6394c04bbc586953c3baf2ba781cf6e4e3e09c30c614c3518e20c147c86c79927 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | b9fe5534dfadf9b1ab423d5e802e1451 |
| SHA1 | 3f8746913fbbdba77f6516c7c17eb00c65e22a8f |
| SHA256 | d84b74e05953355cb2363c627ca1c28642e2c0bcb2dd042d1a86d7b044ea22d3 |
| SHA512 | 6ddaa735b029678c52025250837ce5823a9602d0bd30d04b88492d9bd46084acfb8726e573a29e31d3a457ee0a6f900f1a5c20b813dc6ee2d75172509026af48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 779f88fc24c04857c0809ac4eaf99b2b |
| SHA1 | 58038d2b46fa04a4045756c635bb88902341d1f2 |
| SHA256 | 3a1751f6021e9dbd3365c89dd5cdc288d388a2a7e16c4dd75905856cf8ee8207 |
| SHA512 | 86cd60ec6682d9bc87bfd767a65256fbff439ceea8da817685e376ced1973ae54fc712aefe4cf0ec1003bdb6417b958e67e428d8d0ae691608381e77e42adb03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586b19.TMP
| MD5 | 50b63d41a1ec0a1f64423f83aa6bc7f5 |
| SHA1 | a6035df6e0cd457de5ef3113fcf2ca33ba322727 |
| SHA256 | 9dfd0e1910156918115419e0bbcd4f8b19dbbf92aeea228311b6a1f5203c7b64 |
| SHA512 | 92a3747f4dbc64b14e8033403701f9963f82000f2e9ddbddbd44ecebe4be8939352488415022905d9e44f169d0f76e7222d461b654ab06b3313d8486b652a270 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5354173e98579a419f67e14a922bfab2 |
| SHA1 | 7612e24105117b27497ddb22c5b9bbe92de621c9 |
| SHA256 | 9f79e29cced30c2ea18c4117ee348b73cc312d0fea78d79a4022f7c98627dca5 |
| SHA512 | 3341258cfacbaef2d662737a1b8e70aab1694c20dadcdf229591a9595c3b468b9d36a4b289e8d49b46e48607b2d18a7c644a171ac2ccd53e743c098c021137fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d687a1c3c671ae95eac7f61ee4802309 |
| SHA1 | 087849851342b08e8920109d1bf80fd4762ab113 |
| SHA256 | 633fae1e6d9a40a4ec5965fb5a61467a7144426d809ecd00045b246b6f329994 |
| SHA512 | 4b3e01f7bf23a683011e19e097249e9eb1bb52c8a325c413333838fc3bdade432378ff2f7cead087810f2052a870ca16aa9731f61bfa76d8f052b805c6620dbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | 9684b15c8df80e8df9ff1abe31ef2ddf |
| SHA1 | 0c31faa123b055891ff97ec55a2be1ed041f1520 |
| SHA256 | b420169e7d43367fdd4c6fb7e5b8ba0ff7dd5c82901005efdc3532173a8ccfe1 |
| SHA512 | ac4b447ed34bf61b27901c529ff06c77e3005a48cf5e9822bb9ed1d2c5b295bf31c64a26689e942db21c7443d1d5955f6bfb007b8a1b20bd5f504b6c6c785467 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | 46ee47977e8fbd00c90bb40408552c4b |
| SHA1 | 7815a93d926825820e995b225a5529138867c83d |
| SHA256 | c22d0ddea77ab700f68ff7a4d81234f8651886ea3cfb549e421f0efe6adcb9f0 |
| SHA512 | 83521b7f3923f2925e64963228d4a279fda5e145a521fc22c085a6a71f641da480b7ffefbfb6a05fcb715626bb9eefde962300121a3d1e2ae2a2e89dfdc8e7f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 79fcdc673807f85020e867c8fc9d72f5 |
| SHA1 | 9184293b361b1bacb43a71575a3a9302d682bd77 |
| SHA256 | 28967157117db7e2285163a0be83690a199f42ddb2237506f943321f0e2262d8 |
| SHA512 | 3a39ab0276ca290ec4c921068c2763d568bba8600669c075b6de4862efcf25c654aa8ec01c81e16b1e2b3a6e9a3c8e6a8cee18f8ea7767d963fc2a7a40985d74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 2d1467542fba5752339f564d1bc852cf |
| SHA1 | 59fd5f24ec10fb96bf99752684baa8a9657dca41 |
| SHA256 | 9be5d8e3d24e30f0299ff05ee0e666a3f5202ea819825eea1d869f5bac5f306a |
| SHA512 | 430439cb25d4547151886f00e07f65b11ffa51d86b0eaa993cc80fee56e6e302e7a0b8bd264f824959f4b817810d0547a3931bd10d670f7ad714c6492be99a25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | e710b3ecd28f8f106c3ba323848005f3 |
| SHA1 | a0fe8b1db9bdbb555f62653775aeb9147b3e0deb |
| SHA256 | 836b55e748be8ebc1ec5a4fdf891c1cd7094dc8a6d5b587ebc74496e54427153 |
| SHA512 | 577a58fe4c68d1b5f43b4dc6cea50a7bdbafe2d4cb0a564cb1b4170aa6ca8bb49aaf93174c8b9dbd70ba0292be3cecbbc5a3b50541ae6b94671cd9d5f0bf62d2 |
C:\LDPlayer\LDPlayer9\dnrepairer.exe
| MD5 | 8c32366769719275a9e4d9916d0fb3fb |
| SHA1 | 56123f2303dbb13f583ef1ff689d5ca26e53ba12 |
| SHA256 | 2a8774e1bf13aa2116c647953dc5e712deca53caa6d5de04f92548c0acd7bee5 |
| SHA512 | 4d69b154c572da5ea185ae147855d542744bf2aff0024a88f51f1c73c57724eb9f50277476ccbaaf585e1291b5c019154877e7289880e32fd9d20f1d8c851eab |
C:\LDPlayer\LDPlayer9\MSVCP120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\LDPlayer\LDPlayer9\phones.data
| MD5 | fdee6e3ccf8b61db774884ccb810c66f |
| SHA1 | 7a6b13a61cd3ad252387d110d9c25ced9897994d |
| SHA256 | 657fec32d9ce7b96986513645a48ddd047a5968d897c589fbc0fc9adb8c670f4 |
| SHA512 | f773f6fc22adadf048b9bfb03e4d6e119e8876412beb8517d999f4ed6a219e2ba50eded5308d361b6780792af9f699644e3a8b581a17d5a312f759d981f64512 |
C:\LDPlayer\LDPlayer9\crashreport.dll
| MD5 | 6fcb827fe4a5ae344eae27b53d368903 |
| SHA1 | 719c435846d0860c3c2baf27055a6d114890a8ab |
| SHA256 | bc67354096d13b85a1a13eeb7a2ad899bb35b003519756d28f145e3c040f7804 |
| SHA512 | 9659a187bccd6fa736fd187abcf57eeeb8b1323d8cc269bb9793978243abbdf830085d6e1df5da7876710ddb5cab20c79d2f53ef4acf6f4826504944fdd5e9cc |
C:\LDPlayer\LDPlayer9\dnresource.rcc
| MD5 | 65eeb6cb2049e4df3a1db20f15db52ab |
| SHA1 | 10182b8c8e95079b105bbe66247fd0e8e97d4eea |
| SHA256 | 68fe01a6df81242470ceb107f630a5be3281524ec8ea6aa2182b3847271ab053 |
| SHA512 | 38ddc0fe70b3f5051a8b2dc02c8dc4be695e9f0ac31654f42c1579b5df93c9708db09e6966fa61e528035c0d47bf09e4e4be38b670670948f8c65f3dc8ab18df |
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config
| MD5 | 4c8b9c87872f2c8be1401db45a10aa93 |
| SHA1 | aef9591801ace53ee8eb056add8419dcca296127 |
| SHA256 | d1b08cd7ac4ecfa0eddcdccbfe08853aaba1aecf0cec0f09b1069ecc03055d86 |
| SHA512 | f461a8c6344a567f8f260fbdc597c58705b6291de7642cd382890cc0350993f8b0abd02de99345f45ae4c00da99d872625c998b897713ebe57775ac17902758b |
C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\DismHost.exe
| MD5 | e5d5e9c1f65b8ec7aa5b7f1b1acdd731 |
| SHA1 | dbb14dcda6502ab1d23a7c77d405dafbcbeb439e |
| SHA256 | e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80 |
| SHA512 | 7cf80d4a16c5dbbf61fcb22ebe30cf78ca42a030b7d7b4ad017f28fba2c9b111e8cf5b3064621453a44869bbaed124d6fb1e8d2c8fe8202f1e47579d874fa4bc |
C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\DismCorePS.dll
| MD5 | a033f16836d6f8acbe3b27b614b51453 |
| SHA1 | 716297072897aea3ec985640793d2cdcbf996cf9 |
| SHA256 | e3b3a4c9c6403cb8b0aa12d34915b67e4eaa5bb911e102cf77033aa315d66a1e |
| SHA512 | ad5b641d93ad35b3c7a3b56cdf576750d1ad4c63e2a16006739888f0702280cad57dd0a6553ef426111c04ceafd6d1e87f6e7486a171fff77f243311aee83871 |
C:\Users\Admin\AppData\Local\Temp\E38729CC-9649-46E5-99FA-F48E46B2ACA0\dismprov.dll
| MD5 | 490be3119ea17fa29329e77b7e416e80 |
| SHA1 | c71191c3415c98b7d9c9bbcf1005ce6a813221da |
| SHA256 | ef1e263e1bcc05d9538cb9469dd7dba5093956aa325479c3d2607168cc1c000a |
| SHA512 | 6339b030008b7d009d36abf0f9595da9b793264ebdce156d4a330d095a5d7602ba074075ea05fef3dde474fc1d8e778480429de308c121df0bf3075177f26f13 |
C:\Windows\Logs\DISM\dism.log
| MD5 | 6e9048e611eca811596235c0b6385ed8 |
| SHA1 | da596814a3f775ae1e4609c2c66be25f40a40b23 |
| SHA256 | 1fbad7a245ddce76f5db67bda53eeb5abafde3c38ee2160659a84449aca82970 |
| SHA512 | 18290858bd66f34b8a540ba68130bcea665c9a25d619ba6f73501f3270558dea57115f28ec1c9adfb3c38bb6b10f0385a0ef3e6346e81ad1f6e50d89f39375eb |
memory/4700-1437-0x0000000004520000-0x0000000004556000-memory.dmp
memory/4700-1438-0x0000000004CE0000-0x0000000005308000-memory.dmp
memory/4700-1439-0x0000000004B30000-0x0000000004B52000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fmjn154e.dji.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4700-1449-0x00000000054D0000-0x0000000005824000-memory.dmp
memory/4700-1450-0x0000000005AD0000-0x0000000005AEE000-memory.dmp
memory/4700-1451-0x0000000005B00000-0x0000000005B4C000-memory.dmp
memory/4700-1453-0x000000006DE00000-0x000000006DE4C000-memory.dmp
memory/4700-1463-0x00000000060A0000-0x00000000060BE000-memory.dmp
memory/4700-1452-0x0000000006AC0000-0x0000000006AF2000-memory.dmp
memory/4700-1464-0x0000000006D00000-0x0000000006DA3000-memory.dmp
memory/4700-1465-0x0000000007430000-0x0000000007AAA000-memory.dmp
memory/4700-1466-0x0000000006E60000-0x0000000006E6A000-memory.dmp
memory/4700-1467-0x0000000007070000-0x0000000007106000-memory.dmp
memory/4700-1468-0x0000000006FF0000-0x0000000007001000-memory.dmp
memory/4700-1470-0x0000000007110000-0x000000000712A000-memory.dmp
memory/4700-1469-0x0000000007030000-0x000000000703E000-memory.dmp
memory/6412-1482-0x00000000061C0000-0x0000000006514000-memory.dmp
memory/6412-1492-0x000000006DE00000-0x000000006DE4C000-memory.dmp
memory/6156-1512-0x000000006DE00000-0x000000006DE4C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1dff30ced9ea3826dae7b41d633a80b0 |
| SHA1 | 6f8073250bfa44f51bf0bdbe7b7b3549aa0ca22e |
| SHA256 | 0b6bd7bd951583715016c97ef5792af30a80403cc7206a084aaa7161c1787131 |
| SHA512 | 27d7048effdaeb27fbcda4da352920825185cf234e1f6c2f34ceabbb92843c85d4cf32bd262d690cc3484dcb1f103a80fe51395a87f6a6253ce84a87871065cb |
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | 6fe5ee1daf303963482ffc414b1f4aed |
| SHA1 | 076ebaeeb02853d96e20085fbedaf7e61f3a60d3 |
| SHA256 | 2685e5c1aa3cdead02024f21abadb413c6dc130946f7b44ca01b0cea64bdd2ae |
| SHA512 | 8bc6758c95a53ebcd6b6fd27bdd3165f91bcd8f370d677afb7d599865b57ecad274eb21502235eeb64ad2624046cafa9f14576221b1503e333815df5a6dfe134 |
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 77138e2662cdeffd61cf6210ae3fb8ca |
| SHA1 | a085b99630efc74cedd0be9a0eeb57eff7b3850f |
| SHA256 | 68c83685da55573ae966db3113ee513dd76ba489024373968e527bd44d814724 |
| SHA512 | a4621910aa3ae4b5dfa558e69d0270717341467cf067d9397e2bbf118f789c87eef8750ecb25ffd9c60f51f35ceb40b211ce9a738116c4dfc06e543ac90d1bcc |
memory/2372-1615-0x0000000000D20000-0x0000000000D36000-memory.dmp
memory/2372-1636-0x0000000035170000-0x0000000035180000-memory.dmp
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | b2e3ba2084f827f2e46a917983363f0b |
| SHA1 | 41fd27f8688b7a755abc0acc72a2a6a0e1045c78 |
| SHA256 | 7daa3d35584a7e87c3e8e3afeb436d088209966471d6c766328087823f1f3e73 |
| SHA512 | 4aea989bda6efc91836264f04f23fb3760764e3ef7809f618ad949c2e64b5a167fe5d054607535ec22fea4942d9ddc5ea7f70a1f529ee23633c1cd275d90e508 |
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9c0aa24770647f9e437b1b717c1a09c3 |
| SHA1 | af9f0cf87b2050a53016fed162c40e4b913eca4f |
| SHA256 | 017d80dbb3f4604e1de203f006af9883d0353d6a4b05acb240cecac60da29aa4 |
| SHA512 | 62226861166dfcae97e5f6116a62e95a086aa81b07d39e594e263099034669004d916638754b5564a3bd9fb2d44cb0d590a6c6a54787a370f8b920aae69e181f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8cf148a23d819cb8a63c99d4539b8869 |
| SHA1 | 5112e9c152eb0cada92e61bdf25bd2edaaffba13 |
| SHA256 | 128ff4163b43107c8aafc9df2ebd8e7db54f4800fde7c04af0e054feec59cad1 |
| SHA512 | 335f51c16c0937e2e97cd2060a5ea08c37340b7cb4ba1202f7c671f484dd4feb810a7c426ed49295e2eab64f4a895eba1770aece474d826e158069bfb76a6da5 |
memory/2372-1827-0x000000006BB70000-0x000000006BBEE000-memory.dmp
memory/2372-1826-0x000000006BBF0000-0x000000006C196000-memory.dmp
memory/2372-1830-0x000000006BA90000-0x000000006BAE9000-memory.dmp
memory/2372-1829-0x000000006BAF0000-0x000000006BB6A000-memory.dmp
memory/2372-1828-0x000000006C220000-0x000000006DC1B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 5d7e698c85d8838486d858a263b39863 |
| SHA1 | 850ce36b32e34ffe009271056cd6da5dd8e90fe1 |
| SHA256 | 8dcd04d5c789c901cfe841cc3be23b05c8d6f83d2d33d3b4e20bb26a6d50be60 |
| SHA512 | 7981e5906f52df2190bdfe78fcfa1de34054e625cc3761d445776d014ef05969e7ebe09554c3ade3774ea9f44d9beb3ed4f10d896355cad963c86c65d3d4f816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 63cd792b68de36b668d8e35d78987399 |
| SHA1 | 2787bf697196963aec3ebd0a60f7f661f437d4a4 |
| SHA256 | 9c69f9f1b09296f5b8c5905b08dbf0249567cbe336051cb1f3a4a6a010f47859 |
| SHA512 | b585f446e62010e6b48906b83832982b1f8ddb81f7891ea54e944d00229d5f52b44f30c6c0c6964b34bbb597e763ad950a79bb334ff6052080f42b0f02be5b08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | b761c12dd9fe677fd63d0ca992d3fe09 |
| SHA1 | 161f77c0f02d467542ad6386e2f8a20289d30ea9 |
| SHA256 | 0a26b4ecc2b3ec28d84e44bb7c856d911464446bb700daa757ead354371a5d29 |
| SHA512 | 9d5c20061467bf6ee129e614c8b72501483b71de460b3245e35f54826f879259eaaf2ecbc92e07ec95fe209fdd84a28feb823dc38374a55be36e4362ac5a2d08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 89a574ff00e6b0ec61d995d059ce6e65 |
| SHA1 | aea09e96808ab77165ffa712eaa58b8f056d0bb6 |
| SHA256 | e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44 |
| SHA512 | 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 7820201f0db0c706a0ea5bb7ce018ef2 |
| SHA1 | 6d116650afbb3b25bfd6226c7d5ee00dd1fe4515 |
| SHA256 | 04f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a |
| SHA512 | bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | c55dbb2a5e2048f8ac7b88cafbe13ab6 |
| SHA1 | 6629572a0fd059184b4e5c57687fa414fa7283d3 |
| SHA256 | a82abfaf7dd683f673153324de1295a2a952e5b40fbbc581b5fc39603883f5cb |
| SHA512 | 61336d53f5f14636ad0552e92bafec6ab262faea08d28143dbe6f631bd6be86ed1b6b2dd5a2127cde53a1405ee4bc8384c3327521571917dc22c7fd553f108aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | cfa2ab4f9278c82c01d2320d480258fe |
| SHA1 | ba1468b2006b74fe48be560d3e87f181e8d8ba77 |
| SHA256 | d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e |
| SHA512 | 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 8a42ba5472aa4afa3d3ac12f31d47408 |
| SHA1 | 2add574424ac47c1e83b0b7fae5d040c46ac38a7 |
| SHA256 | 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4 |
| SHA512 | 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 631c4ff7d6e4024e5bdf8eb9fc2a2bcb |
| SHA1 | c59d67b2bb027b438d05bd7c3ad9214393ef51c6 |
| SHA256 | 27ccc7fad443790d6f9dc6fbb217fc2bc6e12f6a88e010e76d58cc33e1e99c82 |
| SHA512 | 12517b3522fcc96cfafc031903de605609f91232a965d92473be5c1e7fc9ad4b1a46fa38c554e0613f0b1cfb02fd0a14122eaf77a0bbf3a06bd5868d31d0160e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 6fb26b39d8dcf2f09ef8aebb8a5ffe23 |
| SHA1 | 578cac24c947a6d24bc05a6aa305756dd70e9ac3 |
| SHA256 | 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059 |
| SHA512 | c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2667e55261d86d3_0
| MD5 | 02dddc3f63c05a84a41b9a484e393eb4 |
| SHA1 | 4656057d7bb6b0b530b7c1eb803d49a40e312b2f |
| SHA256 | 8453fef58a8bd5d3118c36b66fce7e8d1c6939d8f927a2e79ffffa092fcc9e0a |
| SHA512 | 95b774abc2de27523d34a021a5ce72dfafa01f29f848bda54916de67cdc0ecf9138e41cb5b43d309c9b0d586b610e8d28f5e2b1f431ff1d75525626fc871c07b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 2ffa40a18e79cdc8e4de8109a647f37c |
| SHA1 | 9b663751e7ef29ee8a46e40c565e47f02bd60779 |
| SHA256 | d40c5f48fe21a5206cfdd42cae37a74cf2d23f1f9e54925e7d33d3acb0df246b |
| SHA512 | e816903ac4ea642991caa2126b743f7009b221d99d80f4516a953c8bb9ac208ed58a7c1c99c78ef7685e43eb7ce3362dd416176ddf73ae4c920047822d18f061 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\689471a49c9589a5_0
| MD5 | 80da6bd11560d52013cc290fdfa3fffc |
| SHA1 | c6ad062ba50f389477e5dc11ba2c1c83962255d2 |
| SHA256 | cb8962f180a764822d93c2e84326dd15b7ebf6291eae2e40615fee4e78273bff |
| SHA512 | 86d6ca4f45a4b5534a83b353a6590629092b543136bff3bc6ded21f22d486649952f8367a1b350233a30f697010106b16a9915859d7214b5910f9b55f1b3acd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 05e9679509b61424a07cc4d4efb7247f |
| SHA1 | db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81 |
| SHA256 | 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b |
| SHA512 | 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c88fad2ab82f1a1c_0
| MD5 | 8f74be975ed7929d23bb3df3282af346 |
| SHA1 | 1d040df21aaac7a388aabf2428ba67031628e1d6 |
| SHA256 | 5ceebca80727da7a3d39373bc71e652c1126613da8791b7564722fdb1ffa4a79 |
| SHA512 | 6aa6d2075cd63db975cb5fd0ad9642b9d7d1ec1c4dc42e50903aea502572188651cdf8ed157e89b77ea661fc167fb3c05836edaba223c875dac5e6917b14bd1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4cc440ac75c1267f_0
| MD5 | 5174c7c876ed5345ededd5b4154a8b39 |
| SHA1 | ddccbaf983c491a8c811d28444d4964fec895f0d |
| SHA256 | 9b0adbcd1e52097ab96a60335876f3eae6e9bd7d8e178504d435327aae568ad3 |
| SHA512 | 6e647d7ed3610942d89ac1343e31c23a7db4e9388a58d6f00a778dd926549da0ef917ce4d7dca3ddf0df504966d19d81351825be924849220079f110e6698dbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92063f2bbd648a4f_0
| MD5 | 99f48c5f319c1ad10cdfc805a1c9d386 |
| SHA1 | ae5000d345214bb6ba0515dd0bba27b4b061f215 |
| SHA256 | 0cac8aff44ae6a765fbcd29d93044a5ef99dd31c780f946640f87ce8cbdd84a2 |
| SHA512 | 9173df0ea70d03bb92765ee1adf317ed91452f5f9dc2e92c992942da2d19158f7e94e446961e112ed6bc279e76e2723fae033d6fc3fb583c5f9f564dfd91f2b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b523b98579dacafe_0
| MD5 | cba571a36e74e11d7e3373a962f1f58b |
| SHA1 | a22cae9984335a75720e5a8a7e3eddb38d27bed8 |
| SHA256 | 3fbb5a118be7c1369d43130da3fdfacbece6d3b4bd1baf7a4aa6467f4fb9011e |
| SHA512 | ebc40dd52aa6def63db810eb4f42978b4e9a39fd7d7bd7873b9a39342098e6b5681fcfecba6aeb24cc1c57ad963a0e789566669b2677838c2bf442f5b6a9d172 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\adedf07b69a25b84_0
| MD5 | 58a2ebf791830ef6ae2d9b3882a10235 |
| SHA1 | 9014f8ef07d3133b2b7a07903ba2450b478940e2 |
| SHA256 | 3c50da582065ceb926931c4cb5763a3cbe4c5ebd4253e267d99fe05e67820a7d |
| SHA512 | 08a9f9d1035830190ed347872bf3da3c09f6f47d51be114051652a693c6a1f1e9365a8227d582f782cb9cb598c375775d953a43366247f9fdbcdc24ecbbea79d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4e9e66b8a32fd8c_0
| MD5 | f17f6ba9e32267ca6ca615d0444f3474 |
| SHA1 | 28731db9b1e1c3dc7bfad0a61d0908b9cb6a67cb |
| SHA256 | 7146c74ee3888ad02b9b251cb5453d3194d3807fee4fbd8bf25262230797792c |
| SHA512 | 774f16691a4f98aa93d44f0fe0f8af4744fb2d5e9dd4d028c917e9674155ecf749a13668de2036a36fb4f856f08bfcd639618ed5e9a9f021ba58381eb095ec0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635c5a48473ec11e_0
| MD5 | a48e13455d2a75b497690db65a834b72 |
| SHA1 | 48ddde8846e5093539f7f0e03fb72a37e02ea7cf |
| SHA256 | 65cc0faa9dc31913d7b076564c4ef6810862c14dd7084151efda42b8e3403b30 |
| SHA512 | 1f88b6baeba8f13d17564aac0a30a806a211f5a8d14699fad4d8f96ed971d816a8fc29ef0ac851eafd0bb0d90190287c3ecf80569e88063b8c08fa4814f7655d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53b92fbc4d68952f_0
| MD5 | 30ce23f1b125628f8da0f1581a636a3a |
| SHA1 | 50a0e30c1e172b8cbb78d8e9d85ec3ff01f489eb |
| SHA256 | 09ef322ec96da1f2d5e0ae154e4489c9a198283a24ccdbc397873ea36aeb25e6 |
| SHA512 | 26220fcebbaaa5b2c0de6f2c223343c2ff0252835a7739105721d5899a310529a1d97a03b756b3c31937d4ca9f2813336a59a27ee5f97e35f3398135b7192174 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdff3907e497c060_0
| MD5 | 6a9237f25761fdeeca5e90482c2420a3 |
| SHA1 | c6ca2e2ffa4d079c2f8fd603b0c694f2211fa914 |
| SHA256 | 8b3641ffa56dfd41a2e9a9c1318f9e82a895b470658e81688074aff55618993c |
| SHA512 | ad77b035d1879c22f9ac0c95c626f97314c989cf2e1bb16fa6301c148a917e1f027d0ca5077142f136b894f4d1f39ea342a29e118e0a8489115fa54b87df6715 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a73304e39deaa22e6e545e6b54369779 |
| SHA1 | 7f2b91ea6a6d3510f01681e4dad44a07363d8fc9 |
| SHA256 | 0ad36e6bdb733d221a9cfc277efb140a811b88e17445f3176174258539d44f15 |
| SHA512 | 0226fa475f44f6cc21ad4bd4eba4801f550307917a98ecf62309160836d7151818b7622f257eaffc546fa480e199b12d086c2445117545c26dc134bae0327f94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db3bb213cf3512e6212f9b90c5d6f4fb |
| SHA1 | bc766cbee048826ec951216735e73b963e9ed405 |
| SHA256 | ed5c67edf1edb91700ca80ad0630bd75f68d178cb8b3770e178297815aa783a5 |
| SHA512 | acc784b42102fe355d6556fb7ffb4493baaf9be0b56f9fe779d64752559705d349146c28e498bbcb3d2ade9d49cb70a8ff99f0eefb983eb83e3f7a9de2662009 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\79c077474726e249_0
| MD5 | 2f852ab76255131f27c910cc3cc3aabc |
| SHA1 | 5d81e44abd90bc23419ce8a1f5bb37cd5c7d150a |
| SHA256 | a66ace53cdd3b3c00afec5bed3fc6853909473453a365ee0dd804bd829307733 |
| SHA512 | ef690221453f252beb1cdc2647e9a593048529e58b2f7a6690920127f50ee2fd406934877f5e08ff5d775a4c23d5aa1edd0daa8976e9b892a0c12647dbd3c3c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8172256176818c44_0
| MD5 | 471180592b6512b7cea9136cfedf9fab |
| SHA1 | 73a257243c1facb9093decf378271f1f735f7343 |
| SHA256 | 6d105c66f3a29b8a2130dc3c9b9c95ac1aa633b21c2f008f0f2dbcdad210eec5 |
| SHA512 | c326a3689a5719f45dbff6fe7f91707644e868ef5d7fd7bf116bc1c4464e19598bff87d98311474b9b0b0a263ea79bc1e6544ff10c219f7587a5666c5b456f24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb2a3eee4aae17d8_0
| MD5 | 1f6d46bfa2d16bad8c5a220492c54816 |
| SHA1 | 93f66bbd0ce8426bdb335544a22aa5d3a5bc53ae |
| SHA256 | 9da045451dd34cbae2d24eab9ea7dd43fa923d3befd0facfa0db9322f85f5162 |
| SHA512 | dcb0d4c8fbfee314dce41f05865a6e50c7b98001d6509eca74d5063113ecd1393855c4d35c7494e47c6b179ce55cd3de7700d237f28f28288f27fe5a44e6ad7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\42b2928a5bbeda35_0
| MD5 | a39d012992a25ea117b984854ec44cf1 |
| SHA1 | d101d10274e1153311f84bab81f59f0a54d029c9 |
| SHA256 | b9225786eabd2cdbe89cb77f7c43499cbcf1576771d8caaf884394b45b39674e |
| SHA512 | 03b5e7e7fa548f2e9848354ff087b365c3283c602da5ed6101184ea959ea35c0555132f9e7667fc99f435c09806ef550842061cf1ab03a9c9eae8c6194656503 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\98b9457c0e08130d_0
| MD5 | 80f0c80c76f6c6a3999dc9528beb7cdb |
| SHA1 | 9992f20c52e0ccd6dfe7a111ba46c500e22992a6 |
| SHA256 | 08a0384915a71c726fb44e49d963d3d917a23d8a07c3ac774bbceecbc8dc476e |
| SHA512 | 78b287f7c7639a5cd7d440fa3f1f7d52a5c084d847e7fd4dc4a87a6771d9385ab641cb54e1ba029a0cbc5a18648ccc99f86ef697b07dbb97c4cd5616a89cb3d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c644062b95acf88_0
| MD5 | 593b0b1fe30851bdb981738c925a3f73 |
| SHA1 | d1f92fb2f0a7369b776075d340ec8ffe98293c5c |
| SHA256 | d0a3e3c7abd130d59bb0c4d8e3403b69aa2ab3b17d2db790cef7c4326e83a5b6 |
| SHA512 | 761471304e4e2826d631604d88280fb20e5f0ba14f55c3f0a887c4daef3374db18fd5d2b8f3ac6af873b63342cb7bfa6ee54916089bfab6041195537a5ede1fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | f79882e12fe87d482fe216d30ef3c93a |
| SHA1 | e3031f2d694529705d8634b397815cd907fec24d |
| SHA256 | c95d79ddd197080d143fdbaf458ce6d653621088f2d16827b3037f4417a32f61 |
| SHA512 | 075f20268aa1b46fd322da5220b1705e42076d6ee681417bc95d5e900c6ed9929eca102796757e5db387db56ed2e97937e074b5af75840e55b018623c0a845c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4483e588d8140f7adcf93d4c7ce7f9e9 |
| SHA1 | 2f0271b321a6c62bdd33c1f2b03d7042e458d8a4 |
| SHA256 | ad2257ec22114294f05418019d77f6d3053109a527e703e4f4b05fccd7042583 |
| SHA512 | ed98b299a91dd5b020bcfca0fa162fe12cb5100be1a10baab3d6dc554d54ce3ab4b99b5d231de18d92fd0b710940c355cb5c17bfc661f36b6a9e5029df181e3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | 2335c53afb1602527663457cc9c69410 |
| SHA1 | 8f5fc5d6c267d93a855106d908eb3e29c6b77d11 |
| SHA256 | 9eace0b1569f237f159f7f0a949ba8c435b994331aea1f5c7f73c88d2383da89 |
| SHA512 | fb5c29cc151f75126a610aa2b81f05f0cc74ae3a115846ae3e0ea2ce5d233b48c3807868ea9043945de64107af790931fd44938ba28e8ceb90c0d549b0834984 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2e51ac2d03e9097903be7d56b7c5fbe0 |
| SHA1 | 74002f4f8ed172d9f56d79b8fed44b610de4001d |
| SHA256 | 0078f30ca09f4133e1dd2c41a65413b4322e3622240a30a6136db50dd383ec3d |
| SHA512 | a6267d67d0dcb7b46114a57f5e714a6f179a782ad8df2b8a17c3d0747652dc389583de7deaaddc40f9452a0f25bd9034432a6688ba8f3822a62e8f8557b7a6a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4427c673b05f99b38575b465a46282f2 |
| SHA1 | f1e1990750cd6c7aea53427e02aba222c75ac2fe |
| SHA256 | 66b50e287cb6ea72eb43dfec74f7f5a4b6ddb62055abb50aff59689d02b46aeb |
| SHA512 | 5544db6cad0171c5dc1ead700937a1ce4556b5e9efbabe185b0f5bef955cdb5b81cfbb3c42ef6ebef52b1d3f028b5922bdb9d98b7f2fa53ade39edac7a2dcd7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 304e5cbc5de8533f6dbe420dd90f388f |
| SHA1 | e6a86a275202d14a10926f6bb3322271641d8ee0 |
| SHA256 | 5108bc04dcd8fbbdb5c47acdd967bacacf0fa87867daa3c5a374baf3322cf20d |
| SHA512 | 6a08bf4f94e6db50569c822eb2efc58f4a991c50dc3e32398f6430e4278345b303571615369226f4e88590ff4f40f9d6a61f765aacd6bb5eb34d36ab75a6b284 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073
| MD5 | 40695d01e0b35f2bc7ecbd9595f4360a |
| SHA1 | 0898b5a6016b4b442233869342d61144986e3804 |
| SHA256 | f899c78c1600beb6df038d9506cba2f8275e7621ca16ff53d74acfa99f6e46bd |
| SHA512 | 82d4cbf149626025df25d952a35c17727f46fc18076928f5b4721710f19b2cdc09a111a7f9464e3cb7d1c37e0286abdbf3eac26c1e3de5b803f196385fbd3344 |
C:\Users\Admin\AppData\Local\Temp\CPU-V.ini
| MD5 | 71aeb97dda8b98fb3dd0eccde3610b73 |
| SHA1 | 48dbad3303ffc7814a8e1c5962f3058f0b298257 |
| SHA256 | ba2267e8aa29108d63fd826e1fd3481bf905b4f1ec6f5de87ecce49378f8dc5b |
| SHA512 | 317ff8c725a72ed8d9f065b8e78c62193bae3a66d4ac8f7e163f04fb5b26ce98b6343639dd5d91481a9f44fdc49ea350baf7947858425b250c18a4d00c59b3fe |
C:\Users\Admin\AppData\Local\Temp\CPU-V.dll
| MD5 | c324caacf1859269a6d0e7465644891d |
| SHA1 | 3b962eeebdcad3f99d1d74d417186b9e24417d84 |
| SHA256 | 62cce2c15b1b06e3f7cc89c6707b437b010163d93ece7d40c349103d097987fb |
| SHA512 | 51a631092201de03e144e9a7112ae0af095379c9139fc309a043f8b71e593453230ba75d2089be82c59e5a62d353b0dc2294d850d42645d398e9e6ac08c238d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c2987bdaf68c521434c2b375c27a76e8 |
| SHA1 | d1645072e05afd6a6066d852eb4bfb759fd90a87 |
| SHA256 | 80a791379fcee6ecf2baae0b96ec5205c5332a71535ce5b402d3757de7f476a3 |
| SHA512 | 5278b2103182a778b58310d5534d7e428290f0b516c9c5fc9c1a059373b3e33dad72a7f0384e6aa3f0da20edf6f93756abc645224d6dbe2e213c199a5c1f3c6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bdc218bc9f176a5b344a149935323b4e |
| SHA1 | dbaf12fb3bba853f0f7a5359961850da1ec7fe84 |
| SHA256 | 27f28451db9030e7dc792ee727d316aace42e0af916c38105c9d1a6d9a91c487 |
| SHA512 | 309d9d76643a4d29fe14439459c496f304cf73cd8d942948666b27e14ff45298006c6e425a6e87b1bc28f0830f5cd3690736e3c1f621d57e35aa9fece6c35263 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 5730615dc0f2a7841ccefa2564c0767e |
| SHA1 | 072ad6e1e8b062b4e9fd38568398b3982118319b |
| SHA256 | 1d4f1a8a04ab19cecffe2b2abfc2bca6e58a2223863524a5c4884e234a2f1824 |
| SHA512 | 87ba2f3e3f1bd61dce7f49c09c9153a9abd168f0c49ea5390fc0e16c9c78f5ca5a997354cadfd997fdfa9f53afa7aed3ab3198ca3329c701dfb971fd580be372 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051
| MD5 | fd1f79856510e1cddd8141f1d82aff4f |
| SHA1 | 659aa5c13b63adfb1480856cf8da6acd4fa624f4 |
| SHA256 | d2c922c16632143318a2792e0ea9345ea5c072ad583a84d8ef164cf952fec4f4 |
| SHA512 | 7781c5280010519da7e71a849a9cb5e37f7b29a1e800bbf9cc47536eaa937abeecd1a2d61867c2744b7de83f0cfdc88b72255ee083501df0455fd018b0f86376 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059
| MD5 | bdcf1dd416d169d87ad5f73b2fb38bb2 |
| SHA1 | f6f595a5d88f84b54533e34be969f3871ed9942f |
| SHA256 | ee2264f45d3d0fc70f89a61c215d0470df5a9c39e47828db7e48c59fca9a50dd |
| SHA512 | 335a8b789c5dd06285df135e9e33cbaae0b20b3cda378fd2e92b33a66d7726e4e079f7920055121d2495d102e993e18d9a4430a36860d8cef5cfa100452186fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a
| MD5 | 80f1c7472825e6dd19d7ab65b0984ffb |
| SHA1 | 76af1427993a5d699b8441a32d751777a91fb0ef |
| SHA256 | cc6186b5115525964b454ef070e9034df1d919d806314ee6a2203a2d66b4f7b3 |
| SHA512 | b0be05f9536efd3ee010afef24fe879aeabe56cd52c877cc23980b8c1742823834f2e9e8c000a78d79b077d0f257dc30bff10b5eb5bfa6d2cd684405bfec7c0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | d3ef6437c4c145a84f7bbb8209fef087 |
| SHA1 | 0b36d6634e425b3b6fa2cabec7bedf8f134b1018 |
| SHA256 | 0d83a48d921608ac04d900fc9ae7ba330ad29af1edf63e052ea81c02fd3a1841 |
| SHA512 | d99165209c425b96f939b58c669962f4f2d989922611f0c8b3519f3800ce0173af65032053dbe90993bfce3051ed1c93df85f7681d2c3540645039242a0cad0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 175d5e2f16843efd7a212409e5241b7e |
| SHA1 | edabbd7c29b39e6d55e66cb1ea33e24e5f6eef61 |
| SHA256 | 7e2b2bf96bf8de372c93d20757221d806abc90c3cbe596c9af0276487f280872 |
| SHA512 | 3018dc1412bf57ff37702db8f45a2bc8cc3c93e99dbaf7c84c90421e10f4f6a67c3f6889beca8a938b5981342d09ff0895256bfa8b3198ccb51af46eb2295621 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 5f11bf52dd6708f48c3c6e2b3e559ea2 |
| SHA1 | a34ffad7a077c73614921fe32ae24395910ff54a |
| SHA256 | 9028c236f5dee9b16d499fd227093460c246ead71ee28a3529d1511f9823e276 |
| SHA512 | 5518c4cf8e456e3f1bbcbdb7408a2d422f433330050b6270be4e72d2c1378f94de9859093a640d768df967ef5de9bd7116a2c8f13b60f47bdd63e500ddb65da5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 7ecdb36aed0eb415f9b5edcf886e8a22 |
| SHA1 | 8ab80e699b3c7bee211dde978dac9ed1d034b9ef |
| SHA256 | d552f7461b3ffbd520e5a07857e952bae8097b60e05c96aeb049df1d8b9e88c1 |
| SHA512 | 31ceb147cb4cfb9ca82a898cf3a354811d4468c022620c84ca6620c2dc3daa1df39a0cfcd80c1e28eae514048ced4f2d45c0da8a319c96d0b4b557486152be5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 6b9c9cb1156b887985fabce7a100fa90 |
| SHA1 | 1a5360c8d4e3e6f4ba48857bc6eebc73695ac1b9 |
| SHA256 | 2b274c4e1cf56a8b0983f00a51acb92a52088ad84e3af58deb6f543be5cc2fcb |
| SHA512 | 2a3818a62abf2133e388c7578df605a09c0c9e16d1bb200833c08cfeea9831d8dc3096765fd73669882bb24f1556c2fb3f1de2d8569110dfdd88e035fc2956c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 2fe80982e7c9a69dd61f5797d4ecf963 |
| SHA1 | 5a4399532a4eb5fe623b745344ad24076ced5732 |
| SHA256 | 08d0c271527fca86eab6102bfae0915591a6814ea11d12e41dba02dca352a26b |
| SHA512 | 358f4ce628966f5dedb982dae904783d0741585066b801be0b9460272722afb87db4d117b74ad81513eff7c30315abafd148eaeaade10dfc6f62f2213749525d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | dae367b5357782884e8362d33fe2a909 |
| SHA1 | 4aee94523eb71a119dbde43566664b1c10b88aef |
| SHA256 | 7d1d52775467fe22501bd747aef0746189296b606b29b5035416b523e9edd698 |
| SHA512 | 41287efe0795692c19200d4e6a0123b2638b2e55c606fa90bda2711c4109adc60228b0ebc0deec30b9ad9c32207ac5620a89ae9105a744b1a36b8b18b839e13b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 4e091fa7382c3e22ab53ff65ad594700 |
| SHA1 | 37fa4babf99073d0b0a1a9e2dc280f18c2e8a569 |
| SHA256 | 763f7d6f7b724ac2a91c3a50d2d271e22e1b678edf1f79e18309d7341300b230 |
| SHA512 | 8f76bc69871d21670667ee93f1b9deae2a83175832bf8b4b23ec4cbf1bc86a740b733a39dfa124d5251f0759087be859b004bb0cf935c1ac792a2f0b33d7544b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 4bcd71fb69ce56f30859e8ff48fcd8f4 |
| SHA1 | 5f5ab65994f33198dbf82219f60f5aaeb8fc11ee |
| SHA256 | a70038a4e276640ef13dcc100d7365e2f759d03b839ae246e30610f92ea19c39 |
| SHA512 | 9a0d9cf3f1561874136350adad0695b6dc6ceec754506df0a5756c567bb8b374ce399a54e2250a58eaabdcf9c4e77dea02c0eeaaa4713d46e09541a27ca15b3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 4c8100365e5a86d44378656e40cb21f8 |
| SHA1 | 89af280820244cf71ebf73c51d8120f7bf363ace |
| SHA256 | ec7cd56f8ee5594f09be4d83be29039698f08bdc122d9fa4c07cf0096c94ea90 |
| SHA512 | 56f35d5b18788cca83ae85f7a3a4202ee5bb5adf6012e12b871dde39153dd818b0b4d9cd00f186966415de65d0215324053f793ee6fe983d7ce3bd18129324e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 53c76e38a86839826c4b11ec8ef0c43b |
| SHA1 | 003e5c12cb954caa268ef65156481340a2616451 |
| SHA256 | cfae8cec164ad2e5cd252c5bfdb9ce8f0988e59ef8627d6a1581b794a3f9f36e |
| SHA512 | f18b138336b10776dfc86abe2b2a6222439eccbf4b1edb56816c6431e0345bcf6d29d18dc990454f02c8125a044ded56430dd15bc69eb4402573776afb1ad069 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | fb27a5afc7d344e6c83f807c6d8892dc |
| SHA1 | 4304f79089a599fa89e5ffec15a93d9ebf042285 |
| SHA256 | ef2f8bb51abc91e0640ee8d2d37b912feacb3c558b4da1b719020557408fa24c |
| SHA512 | 90b8e77c45cc92e44d4f1c43e9b2faa99e4834dd1c3cf28a118c5537580a17d1b10c87ce7b731a9c884866a1812fe59196bbd2eaed60b7edcfb59ce7853628fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 7698a4df2498e1e9f59ad8c2ae461d6b |
| SHA1 | 983e9ebe580290e7ca5c950866e78f58c59171f1 |
| SHA256 | a7c84874edb5bd7e4ea45ff4dfe562a857b3a0ac94ded097417770807bd7a6d3 |
| SHA512 | 36eaf027fdf7040619fba7cf4eb32552869699932157dde8934c43ba10f3709e0a1e544873e3c5f4ba3f3ca1a31c94a45485cc65c38a358b106fc4445d200e46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050
| MD5 | 87f4a2066a7ba3bb60789dc61c0970cd |
| SHA1 | 687efe2ef33a0fba0d8a0d3380c58104136a7836 |
| SHA256 | 15a310395e304995da5a905a89f021d4a62163d92c6c3fa6e379f7913262bc62 |
| SHA512 | 0ad5ef6c631cb15031e6e7d9725cf4c076842dbb5dae2e094218f98957e39210402f79d2b8691525fbb109c500a69fd34112c7c32c3a4a14431d0ea09b509156 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 99d9fc3e66447461b7b83c831ceb4cda |
| SHA1 | 918e640452f271e98f3a089d3c0a14a3ceecb162 |
| SHA256 | 1a10c6ebcfca50073bac15c7bd6bb7077db16eb38746c83c2bf6bf641a8c1935 |
| SHA512 | 26f7e80a0425afc204a2c40ae370e2b47d48c8370f35bc88f0fbfdde2e7e6d20face615e2a9bcdf417314c99a8f105b913f7e10c23f5895ad8ba5b4c92de5a3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 3e278232b923045fdb147ced2de48ff3 |
| SHA1 | 50147909ffaa89b12dabf791713bc9f432a2584f |
| SHA256 | 7651fb801c085f984488083c5489cb6b94414e4e5c20e32f5507202642c6bc8c |
| SHA512 | a6e78cedcbac1cb58a178a9bcb024b3d6f595013c9bc162a6bbab714cbda057cc40248768d7baa69a85827e24ed81e4d50502bf6b3c7f671b48a80d7ac1c8fe3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 7a750eccd64bcb7c0e63cd91332760a7 |
| SHA1 | 5f2011e1fae2c39e8d31be418abcc70b0db602f8 |
| SHA256 | 3e20cba32209388ea78a2bc727f5cb6d9bb9adfe9885dc625ca29bce0b439f41 |
| SHA512 | 885c81364d57037a5c071c0c771e36c77405104f03f712baa7f339c7ecbc94fb7291009be144e23ab9290a08c174c841b1fb60e6d811aa790504ba67f1939932 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d96bd3b61b9f2877_0
| MD5 | 5d990470d5d150803b86b6c180f16dc9 |
| SHA1 | 74118246c2652ad7b967a05171bafce7a255f85d |
| SHA256 | de4a8bec17752b6afe6d212601a06c785a91df15386cba3ccc2a423322faebb0 |
| SHA512 | 8a37c407b905ea984658745d9c7d1bb50663d3bb3ee4f1c527d7dfd2edf0adfd6d33e2816f8fe38379ecf78e619755df4becf2bf758687e4c6fba99674f84fae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\19c40221cdd58558_0
| MD5 | 1cf900418b933b48bfa9474dd53cd4d3 |
| SHA1 | 63b7f90248e5bd17a7a2f28556183d6121b66903 |
| SHA256 | 57f4570d8522035247764e5550c7d557d5ecbb371d2ef1e9b9046235775ecdf6 |
| SHA512 | 63c4333d623855d13afe6538ae80687d1db837590d2f80d225d734e02d12470ad40552bd74f18a0b11934cef98d6e30c70bae331dc1e91df2f482ecedf0d654e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f59cb41c7f6a27be_0
| MD5 | 45a94f0bd433b5229b8e9f0b55492571 |
| SHA1 | 49ed34ccc12fc53b18f090bf21240ea435b54964 |
| SHA256 | 52fc6c42de8bb5d8f2ac5302c8f375f7f65f91f16123fa6ffc020e633fb01e02 |
| SHA512 | b4a88af8e2d3257230fddd887dda1942bb6f62500c1adfe1127b3db5ec497d5b6e010f2afd1a84acc35d07b3332de0528f4a6dfe4e05f5bf144c03638ec3b73f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3355c555ad5e31aa_0
| MD5 | c723f75b8c5c50b085badf42064d0192 |
| SHA1 | 8eafb013e186a55ad271f6f1322f2bcb0e588ec0 |
| SHA256 | 7d45bb0c7d517ec6c0f3ff717baf7f9dcf1b4ca3db759104747395031b1a3371 |
| SHA512 | d139a67ebcf13073b259a04ca28e7e5d17bc8323670cccff86aeb5813c2c94acea29180edd735f8162494a17d79f9623a6e929b01e147bf1e3a4a6d4555c77d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079
| MD5 | 67e59a06ec50dcd4aebe11bb4a7e99a5 |
| SHA1 | 5d073dbe75e1a8b4ff9c3120df0084f373768dae |
| SHA256 | 14be8f816315d26d4bc7f78088d502eff79dee045f9e6b239493a707758107fe |
| SHA512 | 6364515e92ed455f837dcc021cc5d7bbab8eac2a61140de17ff6a67dfdbbd8fbdded5ce739d001a0ba555b6693dafdb6af83424d6643ff6efddc46d391b21d95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0c1101dc31cb4e0846b8ec17f6464f9f |
| SHA1 | b73b96f76047e9a558e54bf73da7539497e7ecd9 |
| SHA256 | 7a9276126982adbf1a92ea29bec1257d36e68350f3796dfd3b0805d2d52ffecf |
| SHA512 | 69cde00052a73dc7359676d82a8f85863c467c7b79f725bb544f4614ae9f7c7df29706059f24397a44da490448e58a936d82e7e3c3734d88aad1fbf1ee1c6ee9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 849c5edc717195b6336d2de9d0c70087 |
| SHA1 | 79e546a6112425068d44e2e6344d6c2becc5948a |
| SHA256 | 9c2ecd58b2e04aba4c861d1f0c3e27a0999103e452573cefc8418552850c4f0f |
| SHA512 | 196b84f3b3d7129d99d40ef97330ea06bdcff01173b12438644a510808520d4896d6d2b2a2c503cfb6fe061688af30d76484781fb5f534695393991ee750d7a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 307d5de64245fa12253ba400d8de65c1 |
| SHA1 | 0ff3dbfa12fcc6d584cb83187c6edad187ee4318 |
| SHA256 | 281f18dd3a663015acef571bea61399d762968c57c419510d8532cae9ae6e5e4 |
| SHA512 | b3ecc1409353ffd05517d5191cdabc10f20cb232c1caf36c563f8561c06a26c34574776f61ca84d00e78dd5d58491db336f8da9b0ecdf3c9af856cf5a84afdd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fdd2473ea8a47e33f9ba3dcf919da520 |
| SHA1 | 689334e9f07a16f87ef72ac396bfef1f99907e91 |
| SHA256 | a444bae4ebb4b1bab324ff39dc82bb641f57381aa2260953aabdeeaff3e65fd3 |
| SHA512 | ea452e68a0f869c6e597c7621175cc4974fc0a09d5b8674ace1831910d646f70bb011424ce645b68c601b371568babfd7d58510a4718277e47ef5b750d07adf0 |
memory/5944-3236-0x000001C851FA0000-0x000001C851FA1000-memory.dmp
memory/5944-3235-0x000001C851FA0000-0x000001C851FA1000-memory.dmp
memory/5944-3234-0x000001C851FA0000-0x000001C851FA1000-memory.dmp
memory/5944-3241-0x000001C851FA0000-0x000001C851FA1000-memory.dmp
memory/5944-3246-0x000001C851FA0000-0x000001C851FA1000-memory.dmp
memory/5944-3245-0x000001C851FA0000-0x000001C851FA1000-memory.dmp
memory/5944-3244-0x000001C851FA0000-0x000001C851FA1000-memory.dmp
memory/5944-3243-0x000001C851FA0000-0x000001C851FA1000-memory.dmp
memory/5944-3242-0x000001C851FA0000-0x000001C851FA1000-memory.dmp
memory/5944-3240-0x000001C851FA0000-0x000001C851FA1000-memory.dmp
memory/5172-3265-0x0000000073240000-0x0000000073256000-memory.dmp
memory/5172-3264-0x0000000008CE0000-0x0000000008CF6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c2ac8229cfb88d1f23fa3fe817d6994d |
| SHA1 | a9a59042e32a3867a4a67c4b317fa791e5e7534b |
| SHA256 | 6623dc974b014977c2b972440e92d79c4a8bc8f67256a03d4106876f118c0059 |
| SHA512 | 41206228b1943a2d54477229e0836c71365ee633f3fc8424d6c3fd1cbf45b74a87e8f2f66f92658544038729639982359f261afe4a3757bb4c6ec3f06a8770fa |
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 29204877f4771d9cd63c5ab69e3173e7 |
| SHA1 | 662b9c3e789863c746ed8f9e85a32840b4883fd0 |
| SHA256 | c57020b8c23aa076bf6d072f4cdeb86545db8770e5568d914e08edbd2fe514ab |
| SHA512 | cf6d47659939c24d01ca60af723894fa30ee438832505861b24d70033b70eff556f60f47e3922e38c6cc0abd63c74ba5395917ae78ea6fd8b921e914feb0f659 |
C:\LDPlayer\LDPlayer9\device.ini
| MD5 | 94d32acb6b099c7a87c8aba12546a59b |
| SHA1 | 18c98b6ca1f9b4dba44e859e088abace95303ee0 |
| SHA256 | 29695f4af54d611adb6e12f41c8a23398cbcdfcbdb02d19df40213886ac5b8fb |
| SHA512 | 28955fe59441755879f8f98df386947d5eec5bd1b64113d2e1fd04ae6628900b1155d35f810df576d4de6a030b9b1f9bb7a6b1e94a6c5a9f699173bbd3f9af6d |