d95ae7b09fc599fa5ef99c04131117f9b8f9432b3b4aa9cf8492535f8d71ceae

Resubmissions

17-01-2025 11:59

250117-n5rdyawnay 3

20-12-2024 21:57

18-12-2024 19:52

18-12-2024 19:51

18-12-2024 19:31

18-12-2024 19:27

18-12-2024 19:27

Analysis

max time kernel
599s
max time network
599s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2024 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcd1cdfe358c3b7c95e10cf72dbf727f_JaffaCakes118.pdf
Size

93KB
MD5

fcd1cdfe358c3b7c95e10cf72dbf727f
SHA1

7c5c487471db6b1702085fd880a931a819baa264
SHA256

d95ae7b09fc599fa5ef99c04131117f9b8f9432b3b4aa9cf8492535f8d71ceae
SHA512

30ca7a429aa4b1b3a877c6b8b83e3f957c2cb5a7a06d2ad63e0be5e85ade27f0d3255d8c0c671150013c01546369052882f5db77997f3980148a8b7a3a47caa6
SSDEEP

1536:UHedaEV1N3QjlwBgiZDASIKwJJYut9OLod6/d3Vb4fcXwWx+7oRW8pO+W/O:Kedai/3ywBgirIBL1qd3VbrXp+7ow+D

Score

8^/10

discovery execution exploit persistence phishing privilege_escalation

Malware Config

Signatures

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Downloads MZ/PE file

Manipulates Digital Signatures 1 TTPs 64 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\FuncName = "WVTAsn1SpcLinkDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221\FuncName = "WVTAsn1CatNameValueEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.3\FuncName = "WVTAsn1CatMemberInfo2Decode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\FuncName = "WVTAsn1SpcIndirectDataContentEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETSIGNEDDATAMSG\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkEncode"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLREMOVESIGNEDDATAMSG\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2221\FuncName = "WVTAsn1CatNameValueDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL"	regsvr32.exe

Possible privilege escalation attempt 6 IoCs

exploit

pid	Process
1628	takeown.exe
4188	icacls.exe
5800	takeown.exe
5880	icacls.exe
3884	takeown.exe
2796	icacls.exe

A potential corporate email address has been identified in the URL: currency-file@1
phishing
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 16 IoCs

pid	Process
5608	LDPlayer9_ens_1001_ld.exe
6004	LDPlayer.exe
4140	dnrepairer.exe
1660	dismhost.exe
4608	Ld9BoxSVC.exe
5492	driverconfig.exe
1556	dnplayer.exe
1528	Ld9BoxSVC.exe
3416	vbox-img.exe
608	vbox-img.exe
3876	vbox-img.exe
6172	Ld9BoxHeadless.exe
6300	Ld9BoxHeadless.exe
6404	Ld9BoxHeadless.exe
6480	Ld9BoxHeadless.exe
6544	Ld9BoxHeadless.exe

Loads dropped DLL 64 IoCs

pid	Process
4140	dnrepairer.exe
4140	dnrepairer.exe
4140	dnrepairer.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
1660	dismhost.exe
4608	Ld9BoxSVC.exe
4608	Ld9BoxSVC.exe
4608	Ld9BoxSVC.exe
4608	Ld9BoxSVC.exe
4608	Ld9BoxSVC.exe
4608	Ld9BoxSVC.exe
4608	Ld9BoxSVC.exe
4608	Ld9BoxSVC.exe
4608	Ld9BoxSVC.exe
1440	regsvr32.exe
1440	regsvr32.exe
1440	regsvr32.exe
1440	regsvr32.exe
1440	regsvr32.exe
1440	regsvr32.exe
1440	regsvr32.exe
1440	regsvr32.exe
6080	regsvr32.exe
6080	regsvr32.exe
6080	regsvr32.exe
6080	regsvr32.exe
6080	regsvr32.exe
6080	regsvr32.exe
6080	regsvr32.exe
6080	regsvr32.exe
6080	regsvr32.exe
2656	regsvr32.exe
2656	regsvr32.exe
2656	regsvr32.exe
2656	regsvr32.exe
2656	regsvr32.exe
2656	regsvr32.exe
2656	regsvr32.exe
2656	regsvr32.exe
4804	regsvr32.exe
4804	regsvr32.exe
4804	regsvr32.exe
4804	regsvr32.exe
4804	regsvr32.exe
4804	regsvr32.exe
4804	regsvr32.exe
4804	regsvr32.exe

Modifies file permissions 1 TTPs 6 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5800	takeown.exe
5880	icacls.exe
3884	takeown.exe
2796	icacls.exe
1628	takeown.exe
4188	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	LDPlayer9_ens_1001_ld.exe
File opened (read-only)	\??\F:	LDPlayer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
662	discord.com
664	discord.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\ldplayer9box\VBoxSharedFolders.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\msvcr120.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDTrace.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-datetime-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-profile-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\padlock.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-string-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetLwfUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5OpenGL.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstVMREQ.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l2-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\DbgPlugInDiggers.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxCpuReport.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxPlaygroundDevice.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.inf	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\capi.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-profile-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\VBoxRT-x86.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\vcruntime140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxEFI64.fd	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9VirtualBox.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\regsvr32_x64.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-conio-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\msvcr100.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\EGL.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\ossltest.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\vccorlib140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\dpinst_86.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libeay32.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\ucrtbase.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\platforms\qoffscreen.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-stdio-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\USBTest.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxNetNAT.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxTestOGL.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-heap-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5Widgets.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxGuestPropSvc.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-synch-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-sysinfo-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetAdp6Uninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\platforms\qminimal.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-timezone-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxStub.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-localization-l1-2-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-private-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libcurl.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\SUPInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDD2.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxVMM.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\crashreport.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxExtPackHelperApp.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxRT.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSampleDriver.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-libraryloader-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-memory-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-util-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\vccorlib140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\platforms\qwindows.dll	dnrepairer.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DISM\dism.log	dism.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe

Launches sc.exe 8 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4372	sc.exe
5880	sc.exe
4740	sc.exe
1008	sc.exe
2400	sc.exe
3920	sc.exe
5068	sc.exe
5420	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 42 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dism.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnrepairer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverconfig.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer9_ens_1001_ld.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001"	dnplayer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133792055009592604"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2354-4267-883F-2F417D216519}\ = "IVetoEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EBF9-4D5C-7AEA-877BFC4256BA}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8084-11E9-B185-DBE296E54799}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E9BB-49B3-BFC7-C5171E93EF38}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1BCF-4218-9807-04E036CC70F1}\NumMethods\ = "14"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\NumMethods\ = "13"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27}\ProxyStubClsid32	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7193-426C-A41F-522E8F537FA0}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\ = "IMachine"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient.1\CLSID\ = "{20191216-26c0-4fe1-bf6f-67f633265bba}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4430-499F-92C8-8BED814A567A}\NumMethods\ = "17"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-735F-4FDE-8A54-427D49409B5F}\ = "ICloudNetwork"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\ProgId\ = "VirtualBox.Session.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\ = "IDnDTarget"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E}\NumMethods\ = "14"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9849-4F47-813E-24A75DC85615}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AEDF-461C-BE2C-99E91BDAD8A1}\NumMethods\ = "47"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3FF2-4F2E-8F09-07382EE25088}\ = "IMachineRegisteredEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4453-4F3E-C9B8-5686939C80B6}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2354-4267-883F-2F417D216519}\ = "IVetoEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.apk	LDPlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4430-499F-92C8-8BED814A567A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7708-444B-9EEF-C116CE423D39}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\ = "IDnDModeChangedEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9070-4F9C-B0D5-53054496DBE0}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7193-426C-A41F-522E8F537FA0}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44A0-A470-BA20-27890B96DBA9}\NumMethods\ = "32"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7997-4595-A731-3A509DB604E5}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3188-4C8C-8756-1395E8CB691C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7708-444B-9EEF-C116CE423D39}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5637-472A-9736-72019EABD7DE}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0547-448E-BC7C-94E9E173BF57}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5637-472A-9736-72019EABD7DE}\NumMethods\ = "13"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\ProxyStubClsid32	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A161-41F1-B583-4892F4A9D5D5}\NumMethods\ = "13"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8084-11E9-B185-DBE296E54799}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1640-41f9-bd74-3ef5fd653250}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8}\NumMethods	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E64A-4908-804E-371CAD23A756}\ = "IMouseCapabilityChangedEvent"	regsvr32.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
64	msedge.exe
64	msedge.exe
4244	chrome.exe
4244	chrome.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
5608	LDPlayer9_ens_1001_ld.exe
5608	LDPlayer9_ens_1001_ld.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
5608	LDPlayer9_ens_1001_ld.exe
5608	LDPlayer9_ens_1001_ld.exe
6004	LDPlayer.exe
6004	LDPlayer.exe
6004	LDPlayer.exe
6004	LDPlayer.exe
6004	LDPlayer.exe
6004	LDPlayer.exe
6004	LDPlayer.exe
6004	LDPlayer.exe
4140	dnrepairer.exe
4140	dnrepairer.exe
3424	powershell.exe
3424	powershell.exe
3424	powershell.exe
4052	powershell.exe
4052	powershell.exe
4052	powershell.exe
5528	powershell.exe
5528	powershell.exe
5528	powershell.exe
6004	LDPlayer.exe
6004	LDPlayer.exe
5608	LDPlayer9_ens_1001_ld.exe
5608	LDPlayer9_ens_1001_ld.exe
4564	msedge.exe
4564	msedge.exe
5124	msedge.exe
5124	msedge.exe
6796	msedge.exe
6796	msedge.exe
6584	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1556	dnplayer.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 47 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
64	msedge.exe
64	msedge.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3900	AcroRd32.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
64	msedge.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
1556	dnplayer.exe
5124	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
1556	dnplayer.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
3900	AcroRd32.exe
5608	LDPlayer9_ens_1001_ld.exe
6004	LDPlayer.exe
4140	dnrepairer.exe
4608	Ld9BoxSVC.exe
5492	driverconfig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 952	3900	AcroRd32.exe	83
PID 3900 wrote to memory of 952	3900	AcroRd32.exe	83
PID 3900 wrote to memory of 952	3900	AcroRd32.exe	83
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 3944	952	RdrCEF.exe	84
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85
PID 952 wrote to memory of 624	952	RdrCEF.exe	85

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fcd1cdfe358c3b7c95e10cf72dbf727f_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:952
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=47065EA8C1D1D32A92027A20444AEE04 --mojo-platform-channel-handle=1684 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3944
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=110483B8D9044BC6BCFAEE0793B9DDFB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=110483B8D9044BC6BCFAEE0793B9DDFB --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:624
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=16D5F66B357E6AA18F756F08D4248DD0 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3496
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9DF6381F1C18E37A8DF53ADBDE7E6BF4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9DF6381F1C18E37A8DF53ADBDE7E6BF4 --renderer-client-id=5 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3360
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=88400E81F4C1BB2954DA44DC1F50F3FD --mojo-platform-channel-handle=2256 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3736
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0E1C209EC1E041DEC4DB377DC81A602B --mojo-platform-channel-handle=2172 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff87a6846f8,0x7ff87a684708,0x7ff87a684718
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17822625387431342578,15760572120605066999,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17822625387431342578,15760572120605066999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17822625387431342578,15760572120605066999,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17822625387431342578,15760572120605066999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17822625387431342578,15760572120605066999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17822625387431342578,15760572120605066999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17822625387431342578,15760572120605066999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:5144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8788bcc40,0x7ff8788bcc4c,0x7ff8788bcc58
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1748 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3400,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4472,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4880,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5240 /prefetch:2
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5220,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3516,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=1612,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5024,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5732,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5728,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5900,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5716,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6172,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6008,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6024,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6292 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6296,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6132,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6380,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6432,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6416,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6292,i,376724547156764926,3757358427912233296,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5760

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2740

C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5608
- C:\LDPlayer\LDPlayer9\LDPlayer.exe
  "C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1001 -language=en -path="C:\LDPlayer\LDPlayer9\"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6004
- - C:\LDPlayer\LDPlayer9\dnrepairer.exe
    "C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=459466
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4140
  - - C:\Windows\SysWOW64\net.exe
      "net" start cryptsvc
      4⤵
      System Location Discovery: System Language Discovery
      PID:3628
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start cryptsvc
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5416
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Softpub.dll /s
      4⤵
      Manipulates Digital Signatures
      System Location Discovery: System Language Discovery
      PID:2640
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Wintrust.dll /s
      4⤵
      Manipulates Digital Signatures
      System Location Discovery: System Language Discovery
      PID:3996
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Initpki.dll /s
      4⤵
      System Location Discovery: System Language Discovery
      PID:5068
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32" Initpki.dll /s
      4⤵
      System Location Discovery: System Language Discovery
      PID:5600
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" dssenh.dll /s
      4⤵
      System Location Discovery: System Language Discovery
      PID:5100
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" rsaenh.dll /s
      4⤵
      System Location Discovery: System Language Discovery
      PID:1176
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" cryptdlg.dll /s
      4⤵
      Manipulates Digital Signatures
      System Location Discovery: System Language Discovery
      PID:5888
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:5800
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:5880
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:3884
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:2796
  - - C:\Windows\SysWOW64\dism.exe
      C:\Windows\system32\dism.exe /Online /English /Get-Features
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\63D789BF-F8D7-4170-9C2E-6D265F61D290\dismhost.exe
        
        C:\Users\Admin\AppData\Local\Temp\63D789BF-F8D7-4170-9C2E-6D265F61D290\dismhost.exe {79AD3ED7-60F0-4FE1-9F8A-C6CA85F25092}
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:1660
  - - C:\Windows\SysWOW64\sc.exe
      sc query HvHost
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:5880
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmms
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:4740
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmcompute
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:1008
  - - C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
      "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:4608
  - - C:\Windows\SYSTEM32\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
      4⤵
      Loads dropped DLL
      PID:1440
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6080
  - - C:\Windows\SYSTEM32\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:2656
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4804
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:2400
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc" start Ld9BoxSup
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:3920
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3424
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4052
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5528
- - C:\LDPlayer\LDPlayer9\driverconfig.exe
    "C:\LDPlayer\LDPlayer9\driverconfig.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5492
- - C:\Windows\SysWOW64\takeown.exe
    "takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:1628
- - C:\Windows\SysWOW64\icacls.exe
    "icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff87a6846f8,0x7ff87a684708,0x7ff87a684718
    3⤵
    PID:3896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
    3⤵
    PID:3948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
    3⤵
    PID:368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:2396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
    3⤵
    PID:6536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3808 /prefetch:8
    3⤵
    PID:6788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3828 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6796
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
    3⤵
    PID:6420
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
    3⤵
    PID:6668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
    3⤵
    PID:744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
    3⤵
    PID:7100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
    3⤵
    PID:6220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
    3⤵
    PID:6372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
    3⤵
    PID:5092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
    3⤵
    PID:6644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
    3⤵
    PID:6240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
    3⤵
    PID:752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
    3⤵
    PID:5492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
    3⤵
    PID:6092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
    3⤵
    PID:5992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
    3⤵
    PID:7668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6764 /prefetch:8
    3⤵
    PID:8092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
    3⤵
    PID:7384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
    3⤵
    PID:7464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
    3⤵
    PID:6740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
    3⤵
    PID:7040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
    3⤵
    PID:5460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
    3⤵
    PID:5728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
    3⤵
    PID:4532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7468 /prefetch:8
    3⤵
    PID:5680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
    3⤵
    PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
    3⤵
    PID:4168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
    3⤵
    PID:7400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14042616288921158826,10570025620704639608,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6544 /prefetch:2
    3⤵
    PID:6632
- C:\LDPlayer\LDPlayer9\dnplayer.exe
  "C:\LDPlayer\LDPlayer9\\dnplayer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1556
- - C:\Windows\SysWOW64\sc.exe
    sc query HvHost
    3⤵
    - Launches sc.exe
    - System Location Discovery: System Language Discovery
    PID:5068
- - C:\Windows\SysWOW64\sc.exe
    sc query vmms
    3⤵
    - Launches sc.exe
    - System Location Discovery: System Language Discovery
    PID:5420
- - C:\Windows\SysWOW64\sc.exe
    sc query vmcompute
    3⤵
    - Launches sc.exe
    - System Location Discovery: System Language Discovery
    PID:4372
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
    3⤵
    - Executes dropped EXE
    PID:3416
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
    3⤵
    - Executes dropped EXE
    PID:608
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
    3⤵
    - Executes dropped EXE
    PID:3876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
    3⤵
    PID:7012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87a6846f8,0x7ff87a684708,0x7ff87a684718
      4⤵
      PID:7032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x3a4
1⤵
PID:3996

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Modifies registry class
PID:1528
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:6172
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:6300
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:6404
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:6480
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:6544

C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
1⤵
PID:3876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LDPlayer\LDPlayer9\MSVCP120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
C:\LDPlayer\LDPlayer9\crashreport.dll

Filesize
51KB

MD5
7be82413e3298dae3711818f153b4fe8

SHA1
2b2eac3d244c25d5b74943df4a8a265edcf354a7

SHA256
55a2388daf44bb66c95608f44cd3fcc88956d81040fb41531a6236812d451bf3

SHA512
0cb45c442e093e8f7d74cd188e949af8fa955c5e026f4f7c606d1076cda81fd11ae82376b89e5f75c5f4c6da8f5ecbe0d05436fb37984ebb7f2fd9cc08b9ccce

Download Submit
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

Filesize
1.3MB

MD5
c96426bac61bc4e328f43a4b4c515c5e

SHA1
d56e89234a673df43c5019701931869ecc2c1a84

SHA256
de534005a03cecdc5259aa55792bdc116cdcdaaf4c868700478132a7e7ec2031

SHA512
9e3da21dd31fc68129b641891e4b87af7291cb0793539b0759e384440aa7ddc8de3737706b6e6b1c11cded69c3c84773965c35af6d5ed33d4dfe0323f1949dac

Download Submit
C:\LDPlayer\LDPlayer9\dnplayer.exe

Filesize
3.7MB

MD5
9a7951afbe910494e052c662df119ee5

SHA1
64c21bb4a933b7ce3db1a82eaff20da117d63283

SHA256
cc91188722d6e0327da83ba30d5c0090a160f31e2c6fee966184286716fd2d0f

SHA512
1ada231473c1e87d5a0e5ab14fd28cd88d8fb69ab348f310e6a7c00895644fc6f44c86753c9d757608165765605ee800ef1a6bac5744c627193e0d89842fc6e0

Download Submit
C:\LDPlayer\LDPlayer9\dnrepairer.exe

Filesize
41.9MB

MD5
d1cfc8d49b4aecca4f33cbcb280d4fca

SHA1
c822a3fad4f37c463fa9d2259f3b78b72b0e840a

SHA256
d6d79a9f89390ab046e8f304c25bbb646ee8c997f76ad14bfed03bbd6c1aea7d

SHA512
7960f62754f66b8f14cde7a9d5d7d841b4eb6c1d4c9a86a24e3757836e18a94f0aa7be531b40515939f13a09d036415f15773b5c926c193a993d3fc0582e8f90

Download Submit
C:\LDPlayer\LDPlayer9\dnresource.rcc

Filesize
5.6MB

MD5
08c1c92c1a8e1e6391ffd43758a8cc10

SHA1
c8b973dcc917ced036a1c6dc16497ba88192d93f

SHA256
112e99e297b84a1ef7c11728856758e21a1a0379c05c80b9216d7be5cbbc0617

SHA512
c80e501c7c1758d8c6ff3b790e53200c0628a31208552a2fc85e757ae43437c572579f80c5497a0b76a45333e308b398e003042d2a7ca6e4e12fea72e34911eb

Download Submit
C:\LDPlayer\LDPlayer9\fonts\NanumGothicLight.otf

Filesize
314KB

MD5
e2e37d20b47d7ee294b91572f69e323a

SHA1
afb760386f293285f679f9f93086037fc5e09dcc

SHA256
153161ab882db768c70a753af5e8129852b9c9cae5511a23653beb6414d834a2

SHA512
001500f527e2d3c3b404cd66188149c620d45ee6510a1f9902aacc25b51f8213e6654f0c1ecc927d6ff672ffbe7dc044a84ec470a9eb86d2cba2840df7390901

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

Filesize
652KB

MD5
ad9d7cbdb4b19fb65960d69126e3ff68

SHA1
dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d

SHA256
a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326

SHA512
f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

Filesize
1.5MB

MD5
66df6f7b7a98ff750aade522c22d239a

SHA1
f69464fe18ed03de597bb46482ae899f43c94617

SHA256
91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f

SHA512
48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

Filesize
2.0MB

MD5
01c4246df55a5fff93d086bb56110d2b

SHA1
e2939375c4dd7b478913328b88eaa3c91913cfdc

SHA256
c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889

SHA512
39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

Filesize
442KB

MD5
2d40f6c6a4f88c8c2685ee25b53ec00d

SHA1
faf96bac1e7665aa07029d8f94e1ac84014a863b

SHA256
1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334

SHA512
4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

Filesize
1.2MB

MD5
ba46e6e1c5861617b4d97de00149b905

SHA1
4affc8aab49c7dc3ceeca81391c4f737d7672b32

SHA256
2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e

SHA512
bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

Filesize
192KB

MD5
52c43baddd43be63fbfb398722f3b01d

SHA1
be1b1064fdda4dde4b72ef523b8e02c050ccd820

SHA256
8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f

SHA512
04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

Filesize
511KB

MD5
e8fd6da54f056363b284608c3f6a832e

SHA1
32e88b82fd398568517ab03b33e9765b59c4946d

SHA256
b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd

SHA512
4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

Filesize
522KB

MD5
3e29914113ec4b968ba5eb1f6d194a0a

SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe

SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

Filesize
283KB

MD5
0054560df6c69d2067689433172088ef

SHA1
a30042b77ebd7c704be0e986349030bcdb82857d

SHA256
72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750

SHA512
418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

Download Submit
C:\LDPlayer\LDPlayer9\msvcr120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
C:\LDPlayer\LDPlayer9\phones.data

Filesize
5KB

MD5
fdee6e3ccf8b61db774884ccb810c66f

SHA1
7a6b13a61cd3ad252387d110d9c25ced9897994d

SHA256
657fec32d9ce7b96986513645a48ddd047a5968d897c589fbc0fc9adb8c670f4

SHA512
f773f6fc22adadf048b9bfb03e4d6e119e8876412beb8517d999f4ed6a219e2ba50eded5308d361b6780792af9f699644e3a8b581a17d5a312f759d981f64512

Download Submit
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

Filesize
636B

MD5
5a749a6de73007aaad326884097d863c

SHA1
83b540433ec3a95bfd2e9ffe3b58513e35456de6

SHA256
131ac135f165c3c179dfb48a778a65cdd7cca5f4c21fee3ebf605f1f7cf7fa32

SHA512
7ec456705d216b18ee5a4018e5834c84300988846279bfb28547cf488de7ea3ccde5156e352dadd536c14b511d4d0a1c3ab8723d82338165d93d4729c16f3abf

Download Submit
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

Filesize
35.1MB

MD5
4d592fd525e977bf3d832cdb1482faa0

SHA1
131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef

SHA256
f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6

SHA512
afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

Download Submit
C:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf

Filesize
103KB

MD5
4acd5f0e312730f1d8b8805f3699c184

SHA1
67c957e102bf2b2a86c5708257bc32f91c006739

SHA256
72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

SHA512
9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
05f500062b3e3e0eabd717386a2035e7

SHA1
f35ec3a1c85d6b021da0396267a8196dff6ade94

SHA256
75ad882fc9cb46c9ec6edd492664a03aa666978ea547356e7bee8ab791b4e481

SHA512
ac19b24e11a1c52c0d8f25cc2dbc0987a6b94c653b2c0cf2955cc9a5df95ebd62e456e99f81b0a71983648daee5d350aa6b43d2c4805bd90c01b909f2e0295b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\772D055D5E4421B179898A4E6FBD9ACC

Filesize
471B

MD5
590945023a53a01498b2091a30734069

SHA1
ed91267f4a5ce25bd19b6ed4cb81d26f898e1982

SHA256
6726c8635aa8de5817de3d937d0c43f3172356978dd79e1710f4bedc18cf9332

SHA512
4c82351ae40e2b58f8b57f4d85fe4ee3db3b1c6d719c83ffd4c1899018a1eb102cecc020a708b7421db65167e4f085f704d30c4e7751344b59986879cf2458c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_D14B79B440CDC26D7D21C81855E2C04D

Filesize
471B

MD5
c986ca6afac509688baf637161ae070b

SHA1
3ca71833883bc05ce7abb67220f0bd0066498344

SHA256
ad4df164cb6b278c8a067341e0f4d4b1c9a9b2ba9bf95b0b0c68b217ca9381dd

SHA512
ff6a3347b6082db1eeeeebcdc643bfb60875815f304bd78a8ee707224251902b5750480647ecacab0f2c3271ddd529b12c4f82f11c83334ad706da72f22a0b23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\772D055D5E4421B179898A4E6FBD9ACC

Filesize
400B

MD5
8281cef3dbff117f8d554be504c761ae

SHA1
5f763a7b58317603f0d328387debf9376760613c

SHA256
b4cc0f919af741f6e7ebd483d7f4c84cd32495f85d346ba2615f3b7a1f630f8b

SHA512
3e7adf001f9b094950bf01a456ca601ae15df39881d94aaa2c09733c53753d52acc9cede98f4a1a96fee29277df709d49b1bded23bb93e7e5a151e29e1f48055

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_D14B79B440CDC26D7D21C81855E2C04D

Filesize
404B

MD5
b4d95080b317f80035db611fecf87edc

SHA1
6c0621a3eeb8ce3382a5160c602936efb77a2228

SHA256
8baefe4e2844bc93cc1cf55f98051389e74bd2877f1d23f298bce836dfd828f7

SHA512
e0dc6e57e4c201fcce05a46ebb2b1dcd24ba9787cb957bed6e6006aa24d6dc41e005ed7a7d69bd5737d6f4b29070962c7379aa674c0c36e7a17602e743148926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5da755aa09bc1530a402b5764bdfd0f4

SHA1
d68c281128f50677cd554af4338ba7c225fb3642

SHA256
d50cde999f756af3092103b759d1d48b88ac7880c38d14bdf22605fe8a4335f6

SHA512
81090d351e590260f8be424ca0e5762f3adc8c83a7ee0759da9454031751265b24e40c908f26e5e671d9405508313a6db2660d18715294ae059a2760874d12d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

Filesize
25KB

MD5
777a63c7bb73394365962e8e0fd2dc01

SHA1
2ca4ef52bd745378018eb30180ffa208a76b5c04

SHA256
10a7f1cc102eed344c455765969891f8c4ef071626036419fba5f17fa42810df

SHA512
986adc9a20bad40f8cace5dd9af3c3ac58e2fddfb30363ef61ef51d2493e603e28241da0144833eb62cae3c2d3fd2a38ba0a4822f01eb890cf58c7d7febdb8fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065

Filesize
68KB

MD5
0ee42460f08de77b1c1bc877c90b5bf8

SHA1
99498ed1844bdc692e126b4b32d1cba3fc3650c1

SHA256
0800e1de67b166f3fc650b8aa3e4dc94af721b43fe8a5faee841c24598c64520

SHA512
a849da59e3e36b99eb11f9f4150d05c62da3e622aa6ca30b7394e34fd03b71a40e0d15eed9ef3c68e2bd4e1f3a306c58d09a2619299599a88578a79fa16f27a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000067

Filesize
20KB

MD5
49c61a9c31b4b8a59171e13070683cad

SHA1
4d91c18941913b2ca260b877f924a44543826923

SHA256
998967f4697b28aabf6997d03df5a913f6f255a3b3a407c37f60278c4c523795

SHA512
c7fe90181791222331be6075c0d66188fd5f15f3ad2db31065b9bc1acc3c013fc97b9bcef1e9195176ee3aff97d36395da923aa40368fb3498b036e55aa5e878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
7a175f998d5d545bc4db139b6473f996

SHA1
6f2e26cd0ca25d6b7a0e6b20597ab26b83275cca

SHA256
8781cce1788a5226a0731d60000c4fb05ecfc7fac020742a40486228423cd980

SHA512
caa17eaf659b7df54e3d1d751b8a4fea05d02f2d8058eba57df4d53255e798f23846f444c34072978acc8e6144530f20f9f153ce7d6592c1ed4605e2465cecaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f491a3b876201fe7195b885a054ba87f

SHA1
800c84b97dfb9f04b8de1cf19352b338831ab0bb

SHA256
00ab9e7cf1f505cad64ef5b91c75717f8811620a6035aff113c4c78e518e3142

SHA512
8979e46447550d446b7ea8d511e30bc980628c00993bf81bfc74d81042ddd728b52f02d800334bdd4deb2da21dff6ecbedc44d69468843c6ccd776bb014919ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6e7d71d54377c50e7a713d82a1b19e14

SHA1
325a99dfc2f82e1b3ecfceadd935a09aa69e0038

SHA256
5dac1a8be7a3ec268eae09c271f0cec81b1463995de200a4b6809dac5a478ae3

SHA512
141ec383bbb0244bee00977f1922035c0a45f9b2a3761214a61bef5a63e7a0620431203d75b093c4d898bc0002f713c70a685f3ec8a04a6747d0a7bf1ceb331b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
29e8d0907704da8b4cf9d70603687422

SHA1
fefafe99308076e007383e474d360e4e9306b7b3

SHA256
d6ae07a87f441be66177b3820b080c974f885dad40ac59cb082420aea0a53249

SHA512
44c0e23bb2342bd01ebf4111362539f3c860b654e78659ed9d12640bb8b571b4f7bbb913ef3403de70cf84bd672fd12e191f45163ef0172be89d7ee05f7a4296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
085da37085e3af4a135ffba7e0c0358a

SHA1
a83ca8ef8ac0bbfedeb7d8b8e29fb7626dd402e3

SHA256
fb34dba1899fd6b2635f49d381fbb50bf70f611417bf261f96b41b9ee358490c

SHA512
154843ba4c9482a0cbdbb8df179295b8c1528a8242c8e3f183f39b5e8e3a3b5283757ad2e4b0e87aa0949457c18138e73fcba553ff50815494bc1054ef50b72d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
25KB

MD5
9152a698079e22f3fcf463443b7d656d

SHA1
32dfd00a3f91840c71cad2c30f888efb5da92ee4

SHA256
6ef7b66ad0c9d2b6474f3d85d2ec5a31212e6378f0a4fc53017803ac1818b337

SHA512
14ab491cc0dc15791cf8a11f6a98c2135f9345e65c5f69663162480788dd2891f419c3e941110a6ae57cc78647625cdb2190ce689335710fdbc04b91a0e80d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
27KB

MD5
f497fa65e25d1fddcd629778717957d0

SHA1
166ed9ceff836efb14cbfd9b26ac215ad01fc3fb

SHA256
3f0b6e9042bb443850a77222a39021b915195b84edc05c12531d2c9d5940bd44

SHA512
dd60b0546ccb98a7419a81c679abe55dac2e27db90eac081e572f342846204e2806df458856bbcb75f9c8a85b3b2e65f00f6b4e5bc7cccc875236bf050522e4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
28KB

MD5
cb63caed3b9b762300b0ac3efd256497

SHA1
74c18fc985d96241cb253b3645f94b304df0d14e

SHA256
da39a9bf7dc842746a78741f47da1f677e3914a8d84a28304c39a46d0fd187ba

SHA512
6905041ee280d1a5078cc9ddaa028c0c42592f883e44698873fec2bbe38ece646ad50ae3af624e6a6c6e4b6ca2a765e324129e33847e41630bbe67ecd99bb047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bd7194cc218bd814d5c2bd07c369345a

SHA1
d2a9849fc4ffb965fd7e8d120a15f89d9b81dffb

SHA256
df3f4f659ce8c1239f558c2a155e960cfa2af8f083468a3cf2fd3938cfb858c4

SHA512
829207234b81206f4a9a1396008144935bffe95f79f88bf79b628104160100ff441e320565b2c057f0029ad839eb5e3c06fef543cae429cd52de09b416b1d3ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b00dac01827e21292b44677ebae0ac77

SHA1
8ac8b42fb4f41b2c8d9f11dd5fed53ef8de0a278

SHA256
2354abd0c34731d55cca8e9f6f98ba68065e0124effce0dbd2499d8a435f35d1

SHA512
bd3c6add82925a835f988e72050aef1def6023482eba4120d2f016f4910d5be5c61341784f0619ec81f9def2a47a494d2f2c1970fdb2701005af052eb7df05b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
59af39e81391fe4911cdbc8ade6cddf0

SHA1
cdd1a6a651e5c36434b81edd1f60107a960533ae

SHA256
827709d02ab3f8e2addf358d1b9225ba5e4a8042bcceb27828da2bc131307539

SHA512
2d82eb6e12b3da22cc7d30397e2f0b436ca8bcf5b6ca93022754ccd368e72ff396d7bac2f1b600aa8709239b6d48956e9bd02d9e1548bbd06043cc3029f275bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a689d757bcedd9434c9c602b4b7e177e

SHA1
5291a942291403172e3c86d33e7b2c8c504eb95b

SHA256
3fac224e3b3ee4e0c55efae893305957981f8e1f2ced1e78cdc93c4efcb1bc00

SHA512
35c16498cb06e312335030e3dc48af41f5dd0a67344cc435f3d9c04f47f7e0fc3224ed7fb03412fa607119adb9f5e5e1b145d6b0cc42a98eb3edb0f41c1c7b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e037b2409f655b093def2581818552c7

SHA1
3dc7624b9ddf4cc03987dc058ed6e8c0aaee3bbb

SHA256
44ed24a759292a4866fdb136575090ef91813a1e06be870ec4be28f3d1450270

SHA512
40eae28c1861f7e0d708c3a82d19fd7474b4a9dcc6c661cc131d4506102b83ffa0113d1b117e87f0e3fdca7932f8b94f3223c2d066a169788ceffcfd2ea4b7e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
65a74cc28c8f138ab08e694bda7fa752

SHA1
251be713e732db155bb83553a08ae9110f09e75f

SHA256
4ddf2d9caeb03ad82b37430aed8cc90d02a769d49d27271201e82e4643dafc3e

SHA512
d5e1ab727b4e02cb69896c872769ec0cf722647fcc08d79aab109c591149558fe8aa95874e199daf0e3bb9d6918a4e576036f12983b6ced7b7c03e4a91a6adce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
95adab75dc0dccfc1f5e9e203b38722b

SHA1
6b8ad92c19955d38e739dd5c3114b16af711cd9d

SHA256
993c009650c27f44cd8f0594ce0c9149deaae6422b008c0d522bd622178ed49a

SHA512
26e1458a3c2459be1150247abf605f5006ff1b1092bae3a8bedfcf4cc82048558bf00d15a4af855c9d3291336d714e721bd5395e91472c699f5e23d7a681afe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0320ec3c14435f2afd21592ebdafa7d2

SHA1
d1a059c022c5e828b493a3eb83927704c370dfb7

SHA256
70c3beb819ea159d9d8b72f375d8dc62dfaee593c66fe04939906ced159fff09

SHA512
324f93825ea08d6e2ab0f062596da41a4e18f09b5e05fa38ac46145c2c2a64a713c4a365cccba7822e7cddad313f1a41dba5a22b97788e7f26a6faee1481cbde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e770e4c47122b45b105bf6b1cc27e5f1

SHA1
1cc4f1693e2213b7b9ff8b14b6d2870f469174f6

SHA256
f2419516a170f13c6d8f2b26431bafff35a47e7451413811925f17f3abe8f671

SHA512
a27186495c74380f5808b182807f0dcc6548ca6f1521e8d123ad13900a4876412be9861cb55cee20ecb91fc9b07d9b0edfade19465201ef6c5ac7b23e145a795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
dc0946aae9649b7b49044203e174edcd

SHA1
0256a253cc5ebc9f9d162de7df3528e82df74c97

SHA256
1e34cf876e33743a216a3cf3e4f742c1fd7c90982ad15411be0abc08e8222b23

SHA512
58f2b5a2d26c7cc9cc36b260626725f4bfa34702caef8b6f9e14e0991778cd217ebddf9b591b0cdc91e7ae1e4d71606d8a953d94ec24c329ae9ccc31a5b1f67b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
259f4175e143e7a296379e8c3ef7d9dd

SHA1
07aed4c0bbe56484e82afb4875b43b5a060e82ac

SHA256
c03cdd66bc54e03469eb7f02734a8290b2db3f55eca372ac8c2b4f1b6801d84a

SHA512
a81fcc6fb2ee3be1fef9f1814aaba4f2ee66cb1c496d8038b874764f8b03eb37008b8c4dcd082b4e0c569d105bc61a944d10d6cd0f3fa688c91ee030e2edf4b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2fe59e8b64cce6f9b9b028a74cc47951

SHA1
2f2f7b808327c57d8f3c6ca0bc272ffdcbd46a68

SHA256
31f24063e4f756cc529ef77da39bb41b4314a643b59dc963b8daf987f7eeb35c

SHA512
021b9b8358e7d45856f7da82065b0c3112ee9203de9271449d467251e2024f4270899fc7f18d65ef7e3858d6067efebb8948c79f7224bafba33fd288c6149226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5133f55cc529d6b83ba32a78cc8ca3f5

SHA1
6b51ec2d3fd36a3bbac7867ac747afcbf80debdb

SHA256
a587b5aa5d2d26933e09dcbf223696cae1db8e18335cb1faf590ac8ba37a5da3

SHA512
23b867f3e8c4f8899081b3ada5b9ef7ac1f2f1fb1938ec61e5023993597a74c928ffb458504619ba9cd2d5ced741acbd790252b252227e4cf449a4097cffd1eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8ce7039b910b6d97466325f2d3ca6d4

SHA1
4ad96657e199ae2c6a6fffe3258f5b6ebcece901

SHA256
b7263f224bd1599c3e1cc057c94cb7cd07afef7bf0eade3a913b52bebf6de827

SHA512
8777cc70762a148badbdb04659560088365b73f769a7cfb2c85140d3a49c2bf4006b01b2a2c8f01f0a66d31b13da6aa02408b5d0fce2357460c5df34c3ff815a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
809f45ea2329407af41974af53c85752

SHA1
3adc3e9850690829957bb92085f4fccab278f024

SHA256
c11ef2dcba50472dfe3afc8857ab82fecd15bd523475de75241fc9c95d1324ea

SHA512
1809c30db1780cd8d1711794a749dbc82a212f7aa091d78eaa183c36e8abede02bbf768b679782039af267d89422d64a6a1808404a639aa3cf2cc44c6cd7150b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0bdb9add79458c4b8ff0370ed7128d54

SHA1
f7344346765542c22b3c725cf92a1c5f3bce5eb2

SHA256
8917d2ec0d5239b397d8d1334e70a7795c475037f0e24a56885709d9edc2cc94

SHA512
11b66e19900bca56d2dae408022302e2065cd56102e88c46eae565212677b2d5b96458f71e49c11217f1805dba131d42ce59ca019eeeb2450c3f77424530b79b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c16fe84df63673a83b8587390fcdc4b2

SHA1
9f6eec784e07bb13b1fad7be1758d4228b70d3dd

SHA256
94ea1995dd882bd76dfb6f4a0b68d12e054028d55a759a5a07bf441d04e8d009

SHA512
cc1d4de41220b3bec7d9240281c1607de11616bb8307c944a4060fe8d0cdcae27ed9318f2bfa2ea8710fdae28c6057982d41718f7c152b915172acc4dc8d8272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3da26276e4df1b57f2cb45220492e4d

SHA1
220de7e5d3a6730a4f6a33615dcd4ecdd7c254d3

SHA256
807e1d49762ec672e474e2f29849a98094261b01b21257694a33494d50f3c738

SHA512
33d10036922752efbe78ca3a611593e25439a3e895ea336d6256c3a9aade03012ed92cc80d11cbaf7b5a3e7947394e1101abdf2db73e0da1b217a7096b90fdfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d4fff1680ffe778cdf9ab201b93ca1db

SHA1
debd024c41d08390ec07ffa478b100bb77f713a3

SHA256
78a130aa4b5a639510e2c7650640470d009fbe24988c84b74e8b9c05eb0b29a6

SHA512
082321608f9b174f443c23bc79f84d12c962471986b8dd811e92b46f49099ed517bc9d1dd7c2c36cedb29373d60ddb939e66c27fe0046b8e24af9f8ee78cefd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
100b8a5b7ab6778021d593b015134a33

SHA1
5bd4ce7013044dddb5a27ba8cb004e8fb540077e

SHA256
a18182e5464c22ed2efa42d7e4d95912dc3a84d596fa83e98cb396a6e8cdc79c

SHA512
d1349172e6b09dc7b6a6a02e95d2e07ab8c1ae02a8bf1b613cb9e8e3071fd96661269089f04262d18927538771145d7b54756e36f59161616037e40fade76ca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
120aa8d0b714d6864e0557b879bef045

SHA1
e180f9eb2ce64ffcc0df785bff22db6772f08540

SHA256
7d191f83372607f89d606d88c954f12d07f3cbf19f7d776217de6f7fe505e482

SHA512
58a2b60d7e10f215e4eef983b8c262a8a1a3aa69d1c2388148727aadaa04e17904176c4d3184654100b10e3941347bfdeecdbd55f802e8fb5fadf2466add1d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c93d7703bac1705e2b2aa49fcf53a3e7

SHA1
39a88b63a3bd909c94dfddcccb56e70001588fb4

SHA256
4cd6d1a468630dd8bb9a85300c5023518c1cb8b025ed3d2f362ffeceacaddfa5

SHA512
6c493983adc76f65bd8af83ebdf54716469e4c15206be03d0725f3fd75d0ad94a90874a13f6d8ad8cb7bf50d9df5d270e21de0419eda8ef017b0d0a6d01e2581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7689dc8e568876d379aecfce496432b0

SHA1
45276b5ecf082444ee417e711e9968901d736c2e

SHA256
a5260fd6629de8061d81771dd8bbea258ab57891b9bbbc079f0689ef52bce146

SHA512
c6f0906db0edb73406bc42f4678d71221447e8d8753d1a5e59a5e35f542d6e290139af73fc1d138819a267030a213c3649f081053787794a2fc611d0df00d73e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f5fb955dea4b7e9aefa8a17548c1ec23

SHA1
16d24119146842a2f03075c2599e80644b146f5e

SHA256
b4ed7c7b7ca1c5edb5e6324af30cfef6913f20030fb4d1cdba1633ae58289181

SHA512
a715439ff4df45f9d8ac4c0d6a6c5c3c3094f3c4f0d4e8d9e28487ba7d1f1a1b4ba3030b2b312fcc267ae2e56db0381fdaa28b11a36364391c02bd23cb405615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0e40cc6428ec6a251890211838eb33c3

SHA1
54cf277ee4ad0e0e661d303761215414d4a412b3

SHA256
898dcd9155bd548d861b65cf7fd88bdb12fe1f3b397441d74b7cd3170e07fe04

SHA512
9d27d18514b52fe88aaac803ed6370bbc031289b7d11f8fb6b62f0f82bce0224b9f5feeae87b73491f8879e6bda8e9c8c3e12a259a2f6919d51944777358ee51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a44d8eb1c4514e8950459835e82a388

SHA1
7b81e38912bc2b3318c74e13b71e868b2853f046

SHA256
cbaeea30bf294118310ea6a257bfdb8b29fc9714686bd1cbe1ba4eceb445fa58

SHA512
fb565c9e6b8d760db81bfb41955fe4cb32bca286bc847e1db616f6985126c897447846d9e0f160fd5b828c54a6bb1097037e8cfa8bd5725cc434ba9a062a0067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7a0ea10bc4a885c25e5d130252c1d418

SHA1
009f44675d24c8dfd12edeac18fb847d38ed7da0

SHA256
1423d469098068a0262739c4f1b914ba897a75dd076bf9de9286f020770bda82

SHA512
1a7087eaca215bd3a6ce05477cbbb84318d4f3411d9831c43c43010908307b70c0048cdc11bd37b3b84c2be006cf30059dfcbb6a035dcdaa763ab40ab6295708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d580845c25ac752a7105bb2975c80288

SHA1
3f8214a54dcb661befa3928b47a85f333130890b

SHA256
86d72f6e2923a7021d3bdb388d955ed9e42f25e6afe6a51aa929df4f6221b5f9

SHA512
0f077d2af0291d429add87fa00fe0b6843869f5eca7bf5838a923d4f28af84eb76bdff1f718965883967ae020c8b1f2223f3e17a44d7e3c7e146c81eb472c2c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1bb19073c2a4bfc136006d4ce262c775

SHA1
3651c2366ec9d2b7f7130b4df4a8eda30ad44ee4

SHA256
ca80a8c7507b90aee93a264f477b67d8e2e37cc7e23915c23f89a4dd5e9a9bf7

SHA512
898e1a99ce21f3929f6149b2a260b522a71e61fe695fda094dcc17d4e58c29eb590b33ea926d1d36dd0d995a68256c01ba294a95452f601ef3afae1bc877b3d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aab629bf307b6ef7dc9447e588a95cb0

SHA1
592c6b70b6dc8e9180f054b7dc1816b5006b9e16

SHA256
41f148367a68ffb628146df5242e26aed690a856eb3bed7f280ead87b5a8e08f

SHA512
51156810ff13295430c1e8eace0a08441d97a2dad46c367545134e9c5ede3336d4339caa9efafe75f35d388d3c385e0e396065196bbb5c6296a91ca9fb3907ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa00a67b6cf5518be13b7387a397be8a

SHA1
4572639e5a26aa7b5b11b0e24f9d8446bc48acb6

SHA256
1bafe7eae855b7e45d1ee33a62efff5ff0bca2006c7014c5c7d2b40c4f98331f

SHA512
0a46d931493155f690035ef0a19756cafd452c444ce91814dfa8141e6e1a31fb486f63bca2d7ad3c3760962137271c442113b6aedfbf860c8b850d22a438d462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8f4274d55b223c12a52063153f3affba

SHA1
4ef9887cf6db11d58776ce5dec10780eee014445

SHA256
0d816b218a05c87f50ee81434df455b6c8af4807cbb274f4c30086f5bc9e4af0

SHA512
4aaab52f3b348cdab7f734603a2545d41d7f879b29300db3545d91198c095093cc086098c323bb937d6bd23f117f7939cafab61a83aeb80d31d718cf40135ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af2fe6ddb5f57bd12326cc76b7056376

SHA1
c102cb9f894719747f88f0794cacd540f2253f3b

SHA256
db3f2f2a18582755915af70f809c34f64e16e92779a044007c5d49363957cfe4

SHA512
b59adcfcad73faaf8602b13e9db28c183bb6afbcd1e2dd17e27cc605adc0368fc96336ec82ae1f12f442678e92912f952403d66e2935f7d447a0cf6271994665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3d54a52ad5a2ab3873977e2ea7de202c

SHA1
7a1701cbbcd14830d0dc6913bfce9f4569039f43

SHA256
3ede9c1c337f11b985c5403505f7dfbec6ec0cbe470732c8fca2b5583594694f

SHA512
afaa76d55d471ea5540bca02ed55a35d1fa9c0b246cc0b55a07457a037758af2183c808151e31fc816c2ff31c24a4676939d8743187c36527b96234d35030de6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cdcd1461aad193bb21a5ee965d2816a8

SHA1
d04243db1816e2ccb071332d7641809df4647f2c

SHA256
75c3d018d24945f56e9f473b7989f184fdf813f40fd6e8dc9789696f5d56a729

SHA512
55a52e4261387908f4d941b588b8ea4c7635ff8661466311d33a2d810e629e2b4f1138f636be4b65025e220ac71b52297ec3bc5175d83ec9813a18b005e41d8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1e26289d0c063aa1ed206fb1ba803d8b

SHA1
716f22687cb9db31b5a7451bb14145534bc35de0

SHA256
f6cb5033252be61de373ba05611a5f06fd13a55275f20dc22ffb10886c0b2001

SHA512
8a9b44eaad2152d89986cab2dbe4a01a3b4236fc1b1dc1b7747582bbd067d7c72113e6056c472892925cb238538011027285cbec1d3290561a25e4109e24afe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c7f7a78ad1187cc541c5efd68ea7a99

SHA1
dff25cf739763883a8b5e9656266a6da7dc3ea5c

SHA256
87d6d061afa1f2b789855cc1060fd271a24c76af47555e588e334f39d70a7254

SHA512
68449472a95e91559828ecf3dcd3ee4c4f20b3e9e357f9d26a725f1f2f58737ba4d9ac7817b2be87019bc429360e5afcdd0ed04f42f35bb4cae9afe6898fb75b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8a617bd14582e4c90b8890e650578be

SHA1
ca90735d51da69989aee3c162aee7588b370355a

SHA256
0d309bfa9326bfac30c1079963c8277550baeb05517479ba04f0c3bd04c2470a

SHA512
f9cd22b76c226a71e37fd83c0c6e8fcd02af6263b28ef6a90b9a15dd9233b8b7d8505ff5139203e0128f7ef069a87a3ad6682e3ec7ccc1d0d50f2e11f8f1d300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
db565d0e3863c5bf8b002601878e21d1

SHA1
2eec6f3b9571d447ae1290d4d518669cd8884525

SHA256
a2d8352c5c2565458036ff67da25942ddf614bf070a4738b832816bbfb63dcba

SHA512
fea26a1d3d781ae84dc8d0b40ab931d32e5d178d48514ee63baa4376374dd6c55890a6fb52ffa8fb0cad1f8d95b8f40ff7aff7c574c57263351f11494e4b5d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d48149afb9a8df1285ce34017db2ed13

SHA1
d2c55ded5b08e987c930c192eae5131fa641ddb4

SHA256
bc4787a00951b97afbdcf220db29b5f06a64daefb2900558542974d8dfba2ebb

SHA512
8605fa0da1a9ec8431091bef088fd87145866b7d9d59e9a7472d9b6aca9d3632bebc1eb43086c6f1ca34d591011b427e32c58964e51929c9fad78da20bf8c7e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f89c3f4ed3250dab0f351a3498b45ce

SHA1
36e4e7a75f6d7cac4b48d5489349f59c44865354

SHA256
8d81e8dbc89b16dd4e35a2dca20274b66e77a54ac89ee751fa1c97873a6b59d4

SHA512
b4fef074f18aa0c8baa3aa8450892e8230f719466130c0979445315917750a098b8e557da285fb0d2b1ac4da9c85edd3d7c8a81bb12a31daa1a42a39d7efcc3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
da124275315d3f129e727238d46bc6cf

SHA1
abc8a86f86b833c5aa7b27229c3aacdeff0c7b8a

SHA256
bdb12f082ce309be2201fce78dfa9723df610eb80cd36e91658e6e2741ec676b

SHA512
134fe062b0d58dd8cc60ff0d43caace5575905010492e8050dd98f3682ada7868679c77060641d951f219544d3566a66560f2ec5c37507803fb11bc63294ffde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b5cc94323aea3011d3b418431a2e782f

SHA1
8d7bb6fa28891c8377e18e2db1682f17336c36e1

SHA256
f915044a0e7005c462a804920ec3ea258743502451d6bb361fd59606880e63e4

SHA512
d7d8efd9cf28c7cd463822459fba7d56afc563e714f4792f42382666cb00e46d80f8aa4bf66ece5da2be0d03abb1aaaa139720280067e42accab4bd494baba60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1cb535605122142799bd463f1f75c6dd

SHA1
e2177701f9cde137afa1f5c95e3fa6a7df827a59

SHA256
33635bc65a11809394f9e1b11fb600e8e742c7db11db915b72db7c682256ed74

SHA512
4b0af4a5a41aa4a5909e94ed0312f09d4d2b0e62bb328b2b2c41a954c86020dc469702a698ab4a1d531eca52cc6b61081c5f60dc10b48097acbb2a0b7ad72f07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
508f55ddf0479aa5c13012ab465d4fda

SHA1
d68128d11b16162857ebd57e83d7f4fe91c3de20

SHA256
410575f0933eee8a11ee78c97a4125bee6d976183c3bd7664cc0b8b5629e21ca

SHA512
605b907b2b7a3466a113e76afa1470100917adc85db92ad088996c40f6577244d21de96d6005587a1f8933a0c140c295511e7645b182a2792d86a13a8f17f9b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a86b2804d105af4fb112d8a9c637f9db

SHA1
eac97e9c9d314391ad6b323a6c33f6cf5512e022

SHA256
9963a5e59796cb6040a3b145fa864b7b5b5af87a98684447d48063120146eb78

SHA512
516999839709687b3cb32a8f56ae0fa6e3109db74a37ee06624fcf6c5c0a101e50ffe6bb261d336b7d9b4b0119f89b38c44e317c8778f9371fad6dbecb3022e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3c7cd4701afa584f1c6bf5f562e05894

SHA1
129f20b4037a72d755ba46d75bbd1d88627e18be

SHA256
5f1fc214cdb4bb49d6f53443012edfe6e45286ac1b38a893c6fb2a32710e1c96

SHA512
34aef9599b5b1376b60efebe137f908b5fc64bc855c0592fda53da0fa60d6abf8062935cbe337423fab1d296038f861a0098041e35e6d63e0cd700e95144774c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e615cd11d7d9a537aebe8d66611e902c

SHA1
ad7392017c3868e36c93fa975037bcccb73be314

SHA256
abb09a6f920ec5dc9f73e963483843a2f935697ac0f02a785d43d039e243bb77

SHA512
82640e342c7c8a0025d1879a94ace499ad5da65b7a9558993193aaacd2a1e19ea163db44d5f611e426427a2ad487b34ce8b291f53be59d7d14db50d2d3187341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ac458a81f82d8880a60802d34b93f8e9

SHA1
c027bb3ba77a6d8c13b9ae48316e6dcaaaf2da95

SHA256
62ccb96de3c6983d41f02202e3f6fcb8488c7ac8f044eda0b442473ba623a4a3

SHA512
9bcb1625315df202ac6df2daf38aac04588e21952d5faad9a39431e8ab2c00ade9aad0fd62d1109d8176d80ceb0d4df130ffd7f8480f9e3084c903eff20d27e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
257f11e6cca99ec56ddfddff44f0439a

SHA1
ca87df80556aa1471a27498bbbebc9bdabf230f9

SHA256
70b75da58c3273851dee6310d96d9cca030b8d4a8bf7e352a9c0f04b718b069b

SHA512
763995fd00fe9fef52e9e81c5e2dbf19faa37170a0d7e04998aa0b6d67e56214271a32073d6f187172d1d0526802e2c6d46ae861c49472c12754f255ba2b23db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bc61a96775540e97616cba66ab2b5a00

SHA1
dabaabaaebf1821e4b2e17647b345389ecc46b4a

SHA256
d5e32543abf0ffbdc1686ef35a8f4bb1eb93d9dcc4a67e17a1fd0c852b9002c3

SHA512
4218a564446c4cfdcb3f0db5535ef6acbe0d44b28480b56c242a0b11f03dc174dd9a1bb41443af48364c9e6f0df54d666de3865f329ad55531449fe06b64f473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e26a818945a978d35a223cc1c7dfdb74

SHA1
bff28c8a51d192047a162e3e137dc5f19aeb5b29

SHA256
9813b696361d97d76a7ece6120991882352c001c494ad0d5fc60d0c471f9c699

SHA512
b5fe1dd169079d9605550e36c55a8c3c43965920de53c231013ac589bfd89d69aa28a0e6b0cc1a5a01c803a15b1712857a917b4681191081512291ecb88e05de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
697cc5cf4e6bf81bea0baaacca790b30

SHA1
2d9ea9f152e67585ac25d8274c124b260fa235e9

SHA256
2d96207cb1b0547148b37bdfcbdb5ffa40feed3332c7e286432a4976a7af7093

SHA512
05dd6a16da6983681177bb914341f6f7692d58c1e26b5c50f1394fe38d86e0cb7a4d82cbfca30516db92f54bb02575736306e2b84e772b9d500cf8a4231e5d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
818233fee91a780cb2b90e4a9f92a3a3

SHA1
97624a803b60e3788744deb17f0412ce056d05ec

SHA256
f93f49c1b180abee85fef2b89d48cadfe61cdee331d65da8b8f162a57153848d

SHA512
2e3837abb39bbe57418488f6e8ae7695b44281e45e5285def19a80f3d76468c4a6b9d23ca90d7df15dfa2528f915e328542a210ef1ab4244e5f87b032150d05c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
98539f59c19fae15949b83989b5f31a8

SHA1
0b4cc21da72a94773e17c5d09db56c210231c9f2

SHA256
5859e1e10c2c156c217475f2099592b9764b9c24b80c3f6502772f78d9cd79dd

SHA512
3a42229e8e801dd82d84ee9ddb22b5c22cf528502c3ce4b914383fbecdbf33b96546dbc19fa6e0c5f7f7ea841ab9177d1fed8b464e4db9de3badb4213bbd88bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1fbc39724aa2becbd45bc09daad073af

SHA1
c576a270c8ea5357221e17cc79ca30aafaeaa8f9

SHA256
4069b029f34e1f8e27b7ccf14ec92d97f9edf50277c0a45026ac8d271e38571b

SHA512
5381d74edd69a2b28e9115b74094246d8c91ec5a454250d049b884f6293db9bce37292f6b45b9b1ee538ab3374044005a0268329091da4bbb0b76a7065e6f84a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c29f587c-1f79-4b98-aef2-e73074d0c5a6.tmp

Filesize
231KB

MD5
b8f2a32f0c0e5814efd48e9a9522f6d1

SHA1
6891abc9f29792a5adf13d0e9a278877de115636

SHA256
84529a317f5132f3c7931d4c376b6c981f94819154cbfaeb5c19f78b3643c498

SHA512
22ab4e88636f5cf2651da45502fa91de79adda512873403534382fe587998405f2c1d5471afbceb4022b8b8c76de14c8a99cd6da264a21244213ad780a77bfa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
25d81a86f347e1cb0121d5db5ec9f4b6

SHA1
9a73320b71249f92c68761426cc73a284e88748a

SHA256
5d5bd53be8d1a2b10c365e1a025ef19b5ab40c9ebed7eddfde924aa635266b37

SHA512
44a64a73c879c249d27b0d06fdf74309fb477e8b7adb227acbb14a8acb8c07b7729b0ca84eb531fb25d8bef20ab703ccfe1952dea8b1f4138b668770f3119602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
05e8266c7da504f736e2856c998c65fd

SHA1
b2f4f5178b44096c5ad9932491c0f9ea33e32275

SHA256
28e6398962fcffac7098a6743a7669a3ac762275331618435486320c299823a9

SHA512
e2521f11d939eeb8430a9a5d5b16ad54e657460e292111d9e2296d5514eb1cd92f7219112612a686660bcda6bb5f6dc8cca17102740e7eff9da8cc1454ba5758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\79dd8c0a-1e15-49b2-b472-9588052af17d.tmp

Filesize
12KB

MD5
672f67abfc5845e9a7208ad26596ba28

SHA1
85375e977a1ee1d765623d598552a7910560ff1d

SHA256
9e4972d2e479716ae5accfa86305b2310d5197d9aadac1b71815f9e84fcef1ee

SHA512
8640c255ce9c3243856728be9864892768e269f8ec65b4bb2a91fad86da979076185eb715605a762756052c1fe35a08f1ce141142d70161ad427610f1a2be786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
99KB

MD5
3ad1aabdc81a20c719c8826a93698d4d

SHA1
bec0f35829b01aa93ff7db02c977962b39539986

SHA256
9b0aaa628c79d953f0c2399804d2a4993a2fd718e9910d87e6c37ca089d8a0ad

SHA512
61bf66b7414922064d12c790b7df995d0cb71c42bea9148376f2abda5bf3269bd3b7a1769a9d9022cdb900a7a26569e88635338588948de754ad41d3323c2251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
85KB

MD5
6eb206c015f8b078693979c9803ffedd

SHA1
9065abf703240dd191750f160a7824c43ae3ce9e

SHA256
860480c527120886e89dd17a45cf2ab9ddc037759f74d6ea8e004dcf83824560

SHA512
8dac5a30b6d36068c393435c1497c59a417785d1b8fa766a793662207d407c748838b3e5621e757262160f7fc153237a025e3a8abc2cea5c3444c51b0457e7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
16KB

MD5
cfa2ab4f9278c82c01d2320d480258fe

SHA1
ba1468b2006b74fe48be560d3e87f181e8d8ba77

SHA256
d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e

SHA512
4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
65KB

MD5
8a42ba5472aa4afa3d3ac12f31d47408

SHA1
2add574424ac47c1e83b0b7fae5d040c46ac38a7

SHA256
759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4

SHA512
3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
49KB

MD5
7ca090d5f0c1a9e7d42edb60ad4ec5e8

SHA1
7278dcacb472ec8a27af7fbc6f8212b21e191042

SHA256
4039fef5575ba88350a109b2c8d9aa107f583acb6cbe2ac8e609071567c4cc76

SHA512
c4f2d23eacf74f87de8dea6e4532b120253bb9ad356341532f5e1aaf2ce90d137f46b50df7de5250bce4eca1fbfb74da088accd7c626fa853dc524abad7bfe8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
635KB

MD5
b537ca5fec304dcf3ce3171edf1e8fa4

SHA1
52665eefc08697d21f82719269fbfef687a643d7

SHA256
50b93c8ccbf1304dde0b424bafadf2fb654597bf4a35def9f29356988dfeb2ca

SHA512
81ae8df536c60aa8eb9a687625a72de559d15018c5248e0bc12ce7ed45aa7b960e999b79a8e197c38ddde219aa942ba4534f154aa99386e5e242d18a7d76c805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
34KB

MD5
6242c13ec6b35fed918ab71eb096d097

SHA1
691e6865e78afb11d9070056ba6cd99bdad7b04e

SHA256
b1c7566622f40bad557a6c5b7bc5b8ae25b4da191ac716cc7923282eef96034c

SHA512
52914b4ca7362e9ebe326ea89006f5cc096fd4d1c360cae33ca768af92fe6fdb5078d0848fb6dc092848ba0e3d3f51bfb20a292250c35e8bd2e79fd5a19dd7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
20KB

MD5
3d7688cf19f50a406c90a82941cf2714

SHA1
6b0af15bba9126d5e72bd88e3e6f90233516636d

SHA256
a2e244cdfc53faa19f51296253c975c1078c76fbe65b694e7081dbd22caca7fc

SHA512
6c96cdfa85bfd66aa4e8dafd9c9697d632d5ea61809af89b35a1ea86e0115a2d81b0ba86cefae80773ba96dee8096a8accabbcdc76890684f5de2e017b477213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\289484e9c0d2ab4f_0

Filesize
2KB

MD5
18ed2c29bd1d5d576ba76376a4827c2c

SHA1
f244ea7e57d5f3eb1ae93582de6241a1e48976ef

SHA256
43fdfd201f6f1fc3086955fe1ea600f8b4b7250b16d56699eb6130351e818ce3

SHA512
e5de8a5109ee142b5b16c6538419ffa1cedab37ea086c1a32bf1989558bf7c1f5523d6bfae771454282951d64f488f8918b5bec9de2511c31b5ffbe35aa99573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2bc943a1790841f6_0

Filesize
5KB

MD5
cb3477067fbb510cd366bccb60745a0b

SHA1
03a0bc3ee9209b7419c10fa1176596735165b8e5

SHA256
d178438fa5d100a5855ab11e3a3701ef0ae01744bdc1c01daafc3fdcd5e9eaab

SHA512
94023a1d354a375fe95db4b4127853a2f77c6063b9b0fab0d28e71fa4e65fcbaa0559d982c8d1287e84a776f76fcdbf086399206dcbda0c1fcc59359a3149736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a317ffe1c93079c5_0

Filesize
3KB

MD5
aa5b25bf9b95ec6ccf3adcb9c35f5f1c

SHA1
1a875a839941534b47def1f8092b8eb7a2f11a9a

SHA256
edcef09482be5505634b72d0ad086de80fd0da4d04b39ebd24899e0b83a2148d

SHA512
15df15acc8fbcd0ca29906a7fe43cbd5cd588d6a2e5f34feb9cbc29b15c071c73f5f375d8755723c3969463ab36d222c5c5b5ea472e87e6d58ac62ef80708793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a638543fd8211f50_0

Filesize
14KB

MD5
90ea54081d30c78e5585162f9335b61c

SHA1
748fdbf20060d14d6679a96fec4ed22b146a092d

SHA256
6d1a4e82227aa56b6197f94b0b3b06e1cd74d2b5d3939b977ec1022ca3b9b9a2

SHA512
63b61a0ad1e8635d378b80863836cbbe91afc36501bd63cce3833abc1ee11e4949e812b7d344aabb73e528988242b4eeb3cf2df9a98e7d29a90f854835b17af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9c9a2d639d72bb1_0

Filesize
42KB

MD5
b41933db700949fd4f0c3db423942d1f

SHA1
6928c3f1960efa9caaeaf7b1ab156ec5ff0080c6

SHA256
083c33e3a578acb2e001ece379225ffaf69df1f699a1ee740fb185174905420a

SHA512
6e0ffd9b0de74e94706da3931b9957b8e0be82ab19abf8da8f7d583386bc8e50bd145c8edac97e15e0f2e945cce3598af3d22486b2c508cc0a8db7064278d136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f81fdc79d3d0e3a0bedd2f02a0eefa29

SHA1
1b2ed03f666b667d9af8eda37a73e2e9e4bde8af

SHA256
bb5d6fca6e0f360b4e02a8696150b2acf128214c93922da1bf27ad8d85061802

SHA512
9a7019b6ede0bf59287e7e0c8cc5f4b9c0f3b8bd115c5b11e8ff58f87f645a1c96f47700754a6e0d49f1374003f4e11061294d8cded0bfb0515e2884d26706ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
d2333b9974a68c21a889c84b68aac0f9

SHA1
d7e2e00c25c6132125e2335a816fbc69b46acc67

SHA256
108d5f79f1888214434c7dcd3bcdb74c268c0e6aed19b22922e7c7a7a508f492

SHA512
17ceb17dc5f73a3dcc173daead2fa540961ba0d7447c34943a6192e0b7d1989587945436d64e5e2660f20353bed90d3e4f67026791ec5f513fde5f2e6d5796f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
4a5f0c286a515bdbbffec0e03d8764f8

SHA1
ea2fa80217bfb463f68b9f9d62a22b89cab6029b

SHA256
c318f4b9e2a492980f85646bc784533937a45b1cd4eeab2527ca3ef5f0f60363

SHA512
a4ce7fc26c74b2e0d3de4d1b685b32cbc4b96a3b0bf4beedf974787962d0442146fdc04d48565c218e9838b83afd5de11bf38bd2290a9bfdb6164b6037982790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
523b5018f47fc44e4428c9299783c25e

SHA1
eda85eb4fabdc6049d65e20ea9354e12ef900a3f

SHA256
16875a0cb327791b15662d699f86bb41e0c76a0dfdda48b8bf58cfdb75faec5f

SHA512
eaf528b7c54b55aed8264d61c02a8005cc096def2bafb987eef52e3a111082b881c3afb41d12033f65e9a6c8155130ce70cf7633b2879d07fcee26009b2743ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2734263abe1da56e75573963c93a5683

SHA1
679b0ea63a35081c711e6ec8ac2b57866e64768a

SHA256
cb6b81bd3e71b16af2ef8ec666a9ca2a710f5ad6a7fa50085c5fdae55d92246f

SHA512
1803e3c9976236065e77b79710c1326a1e2ce811df0a5620b9a09ac372e4783d8764ff59ff7454c993df65de9bf11d300424af38f7254c0ff53bb7bf584ff7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d63bc68469e49cd6a578c1b251a1847c

SHA1
04beeec2a3028222ebd4af70a0ef4d22a06563ac

SHA256
5860413283fd34a6eb74438f749f336944e09e266bbfa305833ff84b165b34ff

SHA512
fa02a8a1c1b9b9b43df6ebf1b183e0710308b9142003d82a7a0d463abe3f4e18dd02f372a332ea6359143033360b79c6cfc5c058a5e49d7b764d153e543e95f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5003c6b4f71e591081efb7959cf7bbde

SHA1
191abc2138cfa9b19e8b0919ac645d829bcc1243

SHA256
c44b7beda0abfdbcf7655d41b18d79af1a789e121eea1c0a3cdb3b4e342bb7a3

SHA512
9152a77ad3474f9bcd1eff833fae6b0ba2d095acd85624d72d8f4d190b9ae5ebfca864e7fbbee8e1b21414ca5519e547356d7114dbc8b3b208666d23580319e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
bca93dce2cc9a6d2fc61c7ecd1b770e6

SHA1
b35ffd2a607ff76569c7f7f3407552b99beb67e2

SHA256
c9471008196ce8782636c7d8bbb6ce2eb9ede395f73a7e4f587944e8ee54702f

SHA512
34d8a92fc9cd26d1fc2a819abd6303edfa396e013a29e929a4a1d1eecb383788a5de76d6d3c5fbdb25801ca423938427607738f763b7a66107f1d5d24cb3eb60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
497b2e044849acf2115edad752b37cfb

SHA1
28ea02af177544e670aa024956204dda42f8f765

SHA256
893ba4465173802bb978f8dd8d1a3928cf1e73686212f3b63f0a90f376ff5d28

SHA512
bc1036fe15622aeec34ba6eb763a42773995dda9266c7e1e0e3352c8526f008e23ec1bb34723bcddb3bfbbb18e170741f652d1a52a5910f92ad4c7dab7ffd333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d3a34d041caa80108ffacf28ed865bc1

SHA1
c0f6b7fb9d56407ead9bc5463b8842d759c665b9

SHA256
a85951c001395ca18edce802b3c26da76766760e03c73f4cc6ac989b7d432b47

SHA512
3b845c85057a6a0bcdbd811040c04cd36a48d2de66e9ee7776bf8b36376d736f04946f128341561fddb4a8be04c97d978d6bdbc7862b3ff9364d6d9e72bc3c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
87da9564e76cca1d21a9403dc44380da

SHA1
9fc523f5f55a00fc021d7d82ab51661244fb1f45

SHA256
d8850ab9a63b811f4e8b666673f08df76db219f073874b2041d016ef6e064616

SHA512
e445be3ff75b8de59b8ad7960203dac08880a7ba97b530aa3eb0d2f8364eb3a6cbc98dccc153451ff881b6a4e5b68015a30316a1e9656f0e6a18831d59fa4a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
1144a522b352cdf4de5d06281326534d

SHA1
b8ef6988c9ea6797b0a2ac5dc565d393e9df4866

SHA256
ca9431b0382606a31e12f1bd5bddac14bb6875776d289b690db79cffab2610b4

SHA512
78f02306feed4571f3e6ca8a54495b4c3da2617400ca01c20edbb3332a04e14f5c16486cf189902b3c8fa3e00d8907f8e6a96ab5b90c9de6807fa368ea7372ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cbc266b7-3dba-48f7-8d27-1059c423f9b4\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f8c54326-a0f8-4d90-a6b8-b48211e13d3d\index-dir\the-real-index

Filesize
2KB

MD5
688a76c050c878da1f972054247ba1de

SHA1
80c458ebc35bc78dfdade346fd5c132f5a4ee068

SHA256
7c9710e59f98b852fe4282a492c5d91193aafae9e8716c36f4cbf56c44b8cefe

SHA512
a6c29b9934c804b450af3fe18f14a68941a114f5d8be82635f03b20e7905d81b9497c0d4d5988760ff7e76b075c0aaf4b7228e85ae00baf16bf97df97fd64fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f8c54326-a0f8-4d90-a6b8-b48211e13d3d\index-dir\the-real-index

Filesize
2KB

MD5
e915c6421b29ac52b1729734dd6baba6

SHA1
d9d95972f96c0ceab46eb9e25dd2f103da05e6c9

SHA256
e3a71ab97296438d7ec10ecbe115e075988a4dfa57a44b651e16c15b934128a8

SHA512
6e32f59afb767fbb02fe39358591250aacef010355d9fa98ab2a9b1735a248418100495bc8cbf539bf364e2e830dcf2efa3861b6c82dd224f90d9fab371e171d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f8c54326-a0f8-4d90-a6b8-b48211e13d3d\index-dir\the-real-index~RFe5c3698.TMP

Filesize
48B

MD5
9d3445f122535bf9ec73d74a592f02c5

SHA1
d6cd6f5898446489a9471c3b75d74828ecb47f0d

SHA256
4ad1507e5c210c9b78d084d3bc275c3b4336674661bce501e624fce1977bd165

SHA512
3c149251afac8d068358f106a98996987cd0428b3e145425a594d753b30caaac500ba4c8848d3ecdc70351e53bdd6a30da68aa5590042bdb2ff9de46c7a32dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
6346e58d0715ed2f4e305dde69f42cd7

SHA1
f5672a43e3e86e0704eacfab231049a27aa5736e

SHA256
eed16deccc7747be41b9abd5d9da6e1b5a2ab88fc25d7c56601e1e2af93ae052

SHA512
6b50ddc82d2be1ce80827bc3f45f6c5b4425a5d564ef8e571aeb9d6df2933797f2db3df47331a4159ad4fad8ddc3ab20c37d445ef37e137513b269ea9791021f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
5e40f3055980f18534826a49bab4f57e

SHA1
4c66a6326cb9f02081d5f0e4323c77d3981e3453

SHA256
1bcc55a81e213e8794a8964f5cbd1ca615d363fe782728416c5275a841433694

SHA512
d9f5bfcc2f16a9c1974a3a9d87c0d1b3442efd02b2231d7a7030680ae1d20637748634e5885bf86ba7b4f31c4bf727401bd4ee66785cd3f36f56bdbae2413df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
7c731a7a8a41603d766b4649ee215de4

SHA1
3ee85e8c3c7549f371ed67be17b2f14e013671a0

SHA256
ac0f3405f4ca2054ee4f1d77c5e542dc773a34a13b0253d69ac4a0055d121416

SHA512
86caf2e6c6cca9b8eb45edeafac414cd0218e45af63a299529cd3ece6c35d62a705f03cca5c1d3374ee1dba830c72aa14014b2e650543c79eac58831d19dca44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
5b06c4d270121defa49bfc6be980678a

SHA1
10826288176bff841b47493f8005ea9cd405d967

SHA256
8783d18b65318b687476021f07e49eb4ba74308b946ee4eaacf35c7561b9ebe0

SHA512
e560c0b9a44bc9051711ee4db6d3c1f63d65b753e5a28acd403b837498214df960bc1b77a4f969739df8c74d934f731a7c4a5901fca7e0c9b6336c9be49fbe9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
c0ef8eca237763b40c7bf3e74953ca50

SHA1
529448d3015e0bc1764d85db3bc7035de5aa2871

SHA256
07150eedde712e7516c45aa85d84407592621b50306dada74df9f5868e454733

SHA512
04822cff5bc00b5b4279558d2cbce7700171cc7def52e005465ee99a051c735c4546fc156ae45e64d7d0f0ce1c06e538518a6f3d51d2066ec4915e4d6c3d89a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
f106762c1644c553e69b11edf96b6ec1

SHA1
13e79f966beb2af8c9d3cd1f8ea51eff83e52c55

SHA256
43af9c0910c32331855ae04fd396e3c18cec55373418549cd764640fb3d34f22

SHA512
1e51c99b5dff6786d4044e8ca7f321d9c2f3ffca548202fcc300959dc301d7fb033321c67e01d99cabe7729f0eabba06d3bc8ab4be9919475c318944adfbc5a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
a1928fd24711a49c9b160f42a6270555

SHA1
86d61d246247bc7c2b2f5fe70e627e5556c1d9af

SHA256
d606690effc4b6334baf1c03e2ab3ef745d9898a80c6f9ce17d615dce01e86b8

SHA512
390cc0eab38df8607edb06a87bcce96acca30257734f2fc36d435de2aff54f518608d31b11a766d4ae321e7f23c2a28755e48d53e985228dd7e37c1229fd407c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
232d1e85da2e07e119fce124577b3e8b

SHA1
66aa7104388f8b6b8ccf7166595316d6981d9426

SHA256
f7735becee6524cc5e6708034e36f907076a12e6c1fa9b4b5890ab8337ea2bab

SHA512
7565c6f7befbc78657fa9aa0d2c2d814c8ff136a72d1b7c450325727dfce2f3810bfd273beaefd51550a2b12986451e576c94081fe604e73031cc8d42822de8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c76ae.TMP

Filesize
48B

MD5
a22359f7c442427a2736d0f0abe256f4

SHA1
ffa0857432d06b77af4f2bf02df4e899a3fb13a6

SHA256
402566aa203400349f1197c0072401ec9b25cc854b0d3cc793f723be2dea4af0

SHA512
0ec19759834e05ed1d87f277cb4c75b1feda2d1dc113bfbbfb71a36374f470ce46a754a30a046f0c330c034d0f9a602fc03911e03ff5cf27ba683ce1f8d62494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
23f09ee1cf868e3b096ca29ac11a9aa3

SHA1
778ec29dfe78aaf91bc844a71ec7ad262c811f13

SHA256
785e2d2efd49c1624c340c0de962f28fa4dab86e0761d3da06933f3a108c4bc2

SHA512
419beb01cc012193fb204bb472a56e54595bc48b20515ef9179327055f5d852397d16517a802581df5d4d5a5e8af651db38eb9789e5c9384b6bc4078f90ca8a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5e737c2f0ff57011a4a99739efc3dafc

SHA1
893e1d1ca39804161c2b5f8ef889fa3dbe7328be

SHA256
2da7b8a28f84f284f8adc0e58fd69054d9535552620d2ab4a5c7c0f476019615

SHA512
eae52eb10a93322dbb2aff03d4ab4d82ec0adadc929a73a0ad029339d5e15150fccd342ae1df8fb607328e2de72da50a5f5d2c580cfd07b2fd03ec67cf5aa654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c9c4af3ae8400e61136043f0296e383c

SHA1
20d517182cd29784c782710af63aaba4d0b2702c

SHA256
5ec70b7f83148ce34edacd1608bf6ff5711a236bba2bbe20263ddc2781f39e8f

SHA512
cacb6b3e4d0145e6f2f4972afd1b3d573bbdc36c9c6743d7dd6eb15c424961e08070c492f496fc35ae052d7d520af6e1964b48dac05043c7bdd3c724459c14c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d7fea0fdfee04c8ca43e1e415ea05c7c

SHA1
2f397d9eabf99c8d7095c9c466a85d566cf5c310

SHA256
be9690b01ace3516760f3384538e0c72e3c6a8b81197e8edd1496973085570d9

SHA512
e205dae0968b5823f8766eb40099f96f0632c54653b4aac2078bc477f770ce5f373cb051c3874aaa88b902f08d3db440e174164d588b47851d2a859052e8f5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bbc140dc94d9b5c07c8117079ed34b08

SHA1
e244a1af80225a3963953bd891f0eec6a2d81e88

SHA256
496665c494910a18e162d3a62a056854a9cc1fe2a635fa0aace7165d1600de24

SHA512
35decf07cf7baf72bae5169aaf7da923199c35c32a5c4e2dc115134220a80289ce4affb799f4d08c223f2e8bdc0ac061ca2eb12f1350bb591b5838814662ffcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c0046.TMP

Filesize
873B

MD5
f0e92bd006b10db4eeace2580d16bbfa

SHA1
99f57bd07de5cbaf7bdcc9e658d37974527f55e4

SHA256
a4874b85e8159f879e85b058540036325f3ffd2d5f8504077a93d98cb8f1a000

SHA512
20692e5bb0bb8c238376894c864d678b1c38d96a1edb353269bc37e3540f59e13ba27364ba81d2475ff92bf525c35b5b4813f454a317825c8b1bce863de526fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8a50498e509842a8e89578e13fb7c202

SHA1
3d4b9d7395c2e08dcdf9bf197c89291629c64cec

SHA256
b9076ba3cfa9d321d2714848d98f7c9cf8e4efdc3050c4926969be1568249430

SHA512
437c7fdc4523ae18d650328880dda1c52bf2efdf9908c1ced2f33f291af7bf7bb7648deddf1db8db7190f36f98ad2126884e461502bf78fd5901fe544abba6f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
58db8ff8cdc94772f6f8bd24a90ef7d7

SHA1
66f541d9a4ae3b80096229440068f464f31c8106

SHA256
7227533d939c543370d9e485315d0b0c74889596fc192a459ae60db57d9bb798

SHA512
fbfa6cd320889a4bececf47d89c498972a561e7d11c7c06b337a0ccef58cb25828063fb0de58f8a769ac5d4b68e2a603f2fcf50de8fb2bcae5e4b3e0a162203f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bd2b403120007ef081f291cd6fc1efbf

SHA1
ec2f83990475b53fa4b0721b25a7c788fc18ad7b

SHA256
5663ca754622e02e594ab8e7194d4171b29953dc72be6b97e7120f1b413d86ff

SHA512
3b6d18b0abd46f93192897ea2d4c31e757f9740335c485f96c3a55ccdcefd001a03c5f40b244b86b5c471395072054655b6c07f711c6e45cfe5faee7156b76f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
898c39d649912ac992663d24d342e931

SHA1
eae17bfdfab5ea8a09f4d63cf5fc1f28a8836686

SHA256
d11ea29a1f73238fc81eec4520a38ec679c054e741ee3041bcc8864074a6e96e

SHA512
7a173a940190b525fec1c949cb101fe6a95b0a2ecafb50dc160326866fd812055bb06a60f86587f7cb1ab17881e4850143636df700e41167cd185c472ae9680a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\1f7d6730-1b2d-4560-8aed-fbe751a44a00.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\63D789BF-F8D7-4170-9C2E-6D265F61D290\DismCorePS.dll

Filesize
183KB

MD5
a033f16836d6f8acbe3b27b614b51453

SHA1
716297072897aea3ec985640793d2cdcbf996cf9

SHA256
e3b3a4c9c6403cb8b0aa12d34915b67e4eaa5bb911e102cf77033aa315d66a1e

SHA512
ad5b641d93ad35b3c7a3b56cdf576750d1ad4c63e2a16006739888f0702280cad57dd0a6553ef426111c04ceafd6d1e87f6e7486a171fff77f243311aee83871

Download Submit
C:\Users\Admin\AppData\Local\Temp\63D789BF-F8D7-4170-9C2E-6D265F61D290\DismHost.exe

Filesize
142KB

MD5
e5d5e9c1f65b8ec7aa5b7f1b1acdd731

SHA1
dbb14dcda6502ab1d23a7c77d405dafbcbeb439e

SHA256
e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80

SHA512
7cf80d4a16c5dbbf61fcb22ebe30cf78ca42a030b7d7b4ad017f28fba2c9b111e8cf5b3064621453a44869bbaed124d6fb1e8d2c8fe8202f1e47579d874fa4bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\63D789BF-F8D7-4170-9C2E-6D265F61D290\DismProv.dll

Filesize
255KB

MD5
490be3119ea17fa29329e77b7e416e80

SHA1
c71191c3415c98b7d9c9bbcf1005ce6a813221da

SHA256
ef1e263e1bcc05d9538cb9469dd7dba5093956aa325479c3d2607168cc1c000a

SHA512
6339b030008b7d009d36abf0f9595da9b793264ebdce156d4a330d095a5d7602ba074075ea05fef3dde474fc1d8e778480429de308c121df0bf3075177f26f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\63D789BF-F8D7-4170-9C2E-6D265F61D290\OSProvider.dll

Filesize
149KB

MD5
db4c3a07a1d3a45af53a4cf44ed550ad

SHA1
5dea737faadf0422c94f8f50e9588033d53d13b3

SHA256
2165d567aa47264abe2a866bb1bcb01a1455a75a6ea530b1b9a4dda54d08f758

SHA512
5182b80459447f3c1fb63b70ad0370e1da26828a7f73083bec0af875b37888dd12ec5a6d9dc84157fc5b535f473ad7019eb6a53b9a47a2e64e6a8b7fae4cddde

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4m1byog2.eyv.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4244_1304590586\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4244_1304590586\d586419d-e421-472d-8a0d-2b8b51dc303d.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

Filesize
130KB

MD5
183ca4d9be5b539876eb367d2deb06c2

SHA1
634048a2aefe143b5c7aaa88838d9a8340f101af

SHA256
33ce7cee95941ec5050ad594fd8b7bd2c2ca0f7d5dcc3ecf7bb145ea796e87f4

SHA512
8d9353cd6e1ce3ef01839312a0b95c6a98326230e291348351c44e7d5fff8ab68fdaf6a43f88cdc39d8da8b92e4b4312b1760044ea28d2450a298c8466a83702

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 928573.crdownload

Filesize
2.5MB

MD5
881c61873a75748f9374c63a035afecc

SHA1
6e410fb4733044fb131946184fe1fec1bcd68336

SHA256
0ba02eb39f93e0b5b408d77ee9937847f4de2244120b3af3f41f8e3425c9281c

SHA512
aef9c5343dddf39b94e388691d54910069b2b5b969ebbb0b51b67f6c156049b755169ca19cd4757a0af28622b16672740cff4489d5c90f9a8498e9d449689711

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
2.2MB

MD5
8e082d071cc8323151ea6ebb907609c6

SHA1
feb8c50ffebb92bb532f8b729f110a7b66e90a16

SHA256
28e6792251583a5640c09f75df0b404a141cf1177b2e005bec47fbcbaab527d2

SHA512
4565800d573de683f6e83f828e549bef709f9105f0c3d20f645a7db540aed211407df304575924b4b90477d5f05352d10c9e5332a024419b889f7949111e1298

Download Submit
memory/1556-2601-0x0000000066F80000-0x0000000066FFA000-memory.dmp

Filesize
488KB

Download
memory/1556-2609-0x0000000064EE0000-0x00000000668DB000-memory.dmp

Filesize
26.0MB

Download
memory/1556-2603-0x0000000067080000-0x0000000067626000-memory.dmp

Filesize
5.6MB

Download
memory/1556-2602-0x0000000066F20000-0x0000000066F79000-memory.dmp

Filesize
356KB

Download
memory/1556-2600-0x0000000067000000-0x000000006707E000-memory.dmp

Filesize
504KB

Download
memory/1556-2423-0x0000000036340000-0x0000000036350000-memory.dmp

Filesize
64KB

Download
memory/3424-2229-0x0000000063FB0000-0x0000000063FFC000-memory.dmp

Filesize
304KB

Download
memory/3424-2228-0x0000000006740000-0x0000000006772000-memory.dmp

Filesize
200KB

Download
memory/3424-2202-0x0000000002860000-0x0000000002896000-memory.dmp

Filesize
216KB

Download
memory/3424-2247-0x00000000077D0000-0x00000000077EA000-memory.dmp

Filesize
104KB

Download
memory/3424-2246-0x00000000076F0000-0x00000000076FE000-memory.dmp

Filesize
56KB

Download
memory/3424-2245-0x00000000076B0000-0x00000000076C1000-memory.dmp

Filesize
68KB

Download
memory/3424-2244-0x0000000007730000-0x00000000077C6000-memory.dmp

Filesize
600KB

Download
memory/3424-2243-0x0000000007520000-0x000000000752A000-memory.dmp

Filesize
40KB

Download
memory/3424-2242-0x00000000074B0000-0x00000000074CA000-memory.dmp

Filesize
104KB

Download
memory/3424-2241-0x0000000007AF0000-0x000000000816A000-memory.dmp

Filesize
6.5MB

Download
memory/3424-2240-0x0000000007370000-0x0000000007413000-memory.dmp

Filesize
652KB

Download
memory/3424-2203-0x0000000005320000-0x0000000005948000-memory.dmp

Filesize
6.2MB

Download
memory/3424-2239-0x0000000007350000-0x000000000736E000-memory.dmp

Filesize
120KB

Download
memory/3424-2204-0x00000000052E0000-0x0000000005302000-memory.dmp

Filesize
136KB

Download
memory/3424-2227-0x00000000061B0000-0x00000000061FC000-memory.dmp

Filesize
304KB

Download
memory/3424-2226-0x0000000006180000-0x000000000619E000-memory.dmp

Filesize
120KB

Download
memory/3424-2225-0x0000000005CE0000-0x0000000006034000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2214-0x0000000005AC0000-0x0000000005B26000-memory.dmp

Filesize
408KB

Download
memory/3424-2215-0x0000000005B30000-0x0000000005B96000-memory.dmp

Filesize
408KB

Download
memory/4052-2260-0x0000000063FB0000-0x0000000063FFC000-memory.dmp

Filesize
304KB

Download
memory/4052-2259-0x0000000005C50000-0x0000000005FA4000-memory.dmp

Filesize
3.3MB

Download
memory/5528-2282-0x0000000063FB0000-0x0000000063FFC000-memory.dmp

Filesize
304KB

Download