Malware Analysis Report

2024-09-11 05:58

Sample ID 240526-s2vdmscc22
Target https://www.ldplayer.net/versions
Tags
discovery execution exploit persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://www.ldplayer.net/versions was found to be: Likely malicious.

Malicious Activity Summary

discovery execution exploit persistence

Creates new service(s)

Possible privilege escalation attempt

Manipulates Digital Signatures

Downloads MZ/PE file

Executes dropped EXE

Registers COM server for autorun

Loads dropped DLL

Modifies file permissions

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Drops file in Windows directory

Drops file in Program Files directory

Launches sc.exe

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: LoadsDriver

Runs net.exe

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Checks processor information in registry

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
System Services
T1569
Service Execution
T1569.002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Subvert Trust Controls
T1553
SIP and Trust Provider Hijacking
T1553.003
File and Directory Permissions Modification
T1222
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-26 15:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 15:37

Reported

2024-05-26 15:55

Platform

win11-20240508-en

Max time kernel

599s

Max time network

601s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/versions

Signatures

Creates new service(s)

persistence execution

Downloads MZ/PE file

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\2.5.29.32\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2221\FuncName = "WVTAsn1CatNameValueDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2012\FuncName = "WVTAsn1SealingTimestampAttributeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\2.5.29.32\FuncName = "FormatVerisignExtension" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.4\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2004\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free" C:\Windows\SYSTEM32\regsvr32.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\ldplayer9box\VBoxProxyStub.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxC.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxCAPI.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxPlaygroundDevice.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxRT.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-datetime-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxSup.inf C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxNetFltNobj.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-debug-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-string-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\SUPUninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxGuestControlSvc.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-interlocked-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxAuthSimple.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSharedFolders.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSVGA3D.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-heap-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-util-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\EGL.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\NetFltInstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-timezone-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\SUPLoggerCtl.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-processenvironment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\host_manager.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\fastpipe2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-multibyte-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-interlocked-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\msvcp120.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\ldplayer9box\msvcp140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxTestOGL.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\USBUninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\vbox-img.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDDU.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSampleDriver.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\dasync.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcr120.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxSup.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxAuth.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\libssl-1_1.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\msvcp100.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\fastpipe.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.inf C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-multibyte-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\GLES12Translator.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\SUPInstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-math-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-errorhandling-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxStub.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\ossltest.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-profile-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-conio-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf.cat C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-rtlsupport-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-synch-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\libssl-1_1-x64.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxHostChannel.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5PrintSupport.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcp120.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\libcurl.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-heap-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CurVer\ = "VirtualBox.VirtualBoxClient.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C60-11EA-A0EA-07EB0D1C4EAD}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3188-4C8C-8756-1395E8CB691C}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3e8a-11e9-8082-db8ae479ef87} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E254-4E5B-A1F2-011CF991C38D}\ = "IVirtualBox" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D4FC-485F-8613-5AF88BFCFCDC}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-d612-47d3-89d4-db3992533948} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-762E-4120-871C-A2014234A607}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\NumMethods\ = "15" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E5DB-4D2C-BAAA-C71053A6236D}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\NumMethods\ = "58" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5409-414B-BD16-77DF7BA3451E} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-48DF-438D-85EB-98FFD70D18C9}\ = "IMachineStateChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7193-426C-A41F-522E8F537FA0}\ = "IUnattended" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EBF9-4D5C-7AEA-877BFC4256BA}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C9D6-4742-957C-A6FD52E8C4AE}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6038-422C-B45E-6D4A0503D9F1}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0547-448E-BC7C-94E9E173BF57}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-04D0-4DB6-8D66-DC2F033120E1}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0547-448E-BC7C-94E9E173BF57}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44de-1653-b717-2ebf0ca9b664} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox\CurVer C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8384-11E9-921D-8B984E28A686}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-34b8-42d3-acfb-7e96daf77c22} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5FDC-4ABA-AFF5-6A39BBD7C38B}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C60-11EA-A0EA-07EB0D1C4EAD}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\ = "ISnapshotRestoredEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7997-4595-A731-3A509DB604E5}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0547-448E-BC7C-94E9E173BF57}\ = "IHostUpdate" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-735F-4FDE-8A54-427D49409B5F} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\ProgId C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CC19-43FA-8EBF-BAECB6B9EC87}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-659C-488B-835C-4ECA7AE71C6C}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3534-4239-b2de-8e1535d94c0b} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\ = "IEventSource" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4} C:\Windows\SYSTEM32\regsvr32.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 157710.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3940 wrote to memory of 996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/versions

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff973053cb8,0x7ff973053cc8,0x7ff973053cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8204 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9096 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8420 /prefetch:8

C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1252 -language=en -path="C:\LDPlayer\LDPlayer9\"

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=655848

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismhost.exe {3FED78D8-63C9-4B4D-A6C4-DE522EDA88C0}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8852 /prefetch:2

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\LDPlayer\LDPlayer9\driverconfig.exe

"C:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff973053cb8,0x7ff973053cc8,0x7ff973053cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\\dnplayer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9636 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F4

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8156 /prefetch:8

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff973053cb8,0x7ff973053cc8,0x7ff973053cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff973053cb8,0x7ff973053cc8,0x7ff973053cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15553793571515904224,8891342016419577620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10528 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.ldplayer.net udp
US 163.181.154.235:443 www.ldplayer.net tcp
US 163.181.154.235:443 www.ldplayer.net tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 235.154.181.163.in-addr.arpa udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
US 104.26.4.6:443 cmp.setupcmp.com tcp
GB 3.162.20.39:443 cdn.ldplayer.net tcp
US 104.26.4.6:443 cmp.setupcmp.com tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com tcp
GB 3.162.20.39:443 cdn.ldplayer.net tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com udp
US 104.18.31.49:443 stpd.cloud tcp
NL 23.63.101.153:80 apps.identrust.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com udp
GB 3.162.20.121:443 apien.ldplayer.net tcp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
FR 216.58.214.66:443 www.googletagservices.com tcp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
FR 142.250.201.162:443 securepubads.g.doubleclick.net tcp
BE 74.125.206.84:443 accounts.google.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 18.172.89.23:443 tagan.adlightning.com tcp
GB 3.162.21.19:443 c.amazon-adsystem.com tcp
GB 18.165.160.56:443 config.aps.amazon-adsystem.com tcp
GB 3.162.16.219:443 aax.amazon-adsystem.com tcp
BE 74.125.206.84:443 accounts.google.com udp
DE 184.30.211.26:443 secure.cdn.fastclick.net tcp
DE 184.30.211.26:443 secure.cdn.fastclick.net tcp
GB 18.172.89.8:443 tags.crwdcntrl.net tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
IE 52.48.217.227:443 bcp.crwdcntrl.net tcp
IE 52.48.217.227:443 bcp.crwdcntrl.net tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 219.16.162.3.in-addr.arpa udp
US 8.8.8.8:53 56.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 8.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 227.217.48.52.in-addr.arpa udp
US 8.8.8.8:53 26.211.30.184.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
NL 63.215.202.146:443 proc.ad.cpe.dotomi.com tcp
US 163.181.154.233:443 ldcdn.ldmnq.com tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 142.251.116.120:443 csi.gstatic.com tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
N/A 224.0.0.251:5353 udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 104.26.9.169:443 script.4dex.io tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
FR 51.178.195.208:443 prg.smartadserver.com tcp
FR 51.178.195.208:443 prg.smartadserver.com tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
DK 37.157.6.233:443 adx.adform.net tcp
DK 37.157.6.233:443 adx.adform.net tcp
US 172.64.153.78:443 mp.4dex.io tcp
US 172.64.153.78:443 mp.4dex.io tcp
US 104.26.9.169:443 script.4dex.io tcp
US 104.18.23.145:443 cadmus.script.ac tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 89.149.192.197:443 ssbsync.smartadserver.com tcp
DK 37.157.5.133:443 cm.adform.net tcp
GB 2.21.188.239:443 ads.pubmatic.com tcp
FR 142.250.201.162:443 securepubads.g.doubleclick.net udp
FR 216.58.214.66:443 www.googletagservices.com udp
FR 216.58.214.161:443 a13ba6116fa8c6c002771d796776f318.safeframe.googlesyndication.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
FR 216.58.214.161:443 a13ba6116fa8c6c002771d796776f318.safeframe.googlesyndication.com tcp
US 34.98.64.218:443 u.openx.net tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 208.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 18.140.106.185.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 233.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 197.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 133.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 239.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 161.214.58.216.in-addr.arpa udp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
US 34.98.64.218:443 u.openx.net tcp
FR 216.58.215.36:443 www.google.com tcp
US 34.98.64.218:443 u.openx.net udp
US 34.149.40.38:443 u.4dex.io tcp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
US 34.149.40.38:443 u.4dex.io udp
BE 2.21.18.175:443 eus.rubiconproject.com tcp
US 52.116.53.150:443 8proof.com tcp
FR 216.58.213.91:443 storage.googleapis.com tcp
FR 216.58.213.91:443 storage.googleapis.com tcp
FR 216.58.213.91:443 storage.googleapis.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
IE 176.34.130.130:443 ice.360yield.com tcp
FR 216.58.215.36:443 www.google.com udp
NL 178.250.1.3:443 static.criteo.net tcp
FR 172.217.18.194:443 googleads.g.doubleclick.net tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
FR 172.217.18.194:443 googleads.g.doubleclick.net udp
US 104.21.48.215:443 adxbid.info tcp
NL 145.40.97.67:443 sync.a-mo.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.185.183:443 csync.loopme.me tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 64.202.112.191:443 b1sync.zemanta.com tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
IE 34.255.48.153:443 match.prod.bidr.io tcp
GB 18.172.89.55:443 s.ad.smaato.net tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 104.19.159.19:443 assets.a-mo.net tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 191.112.202.64.in-addr.arpa udp
US 8.8.8.8:53 116.55.17.81.in-addr.arpa udp
FR 216.58.213.91:443 storage.googleapis.com udp
NL 79.127.227.46:443 c3.a-mo.net tcp
NL 79.127.227.46:443 c3.a-mo.net tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
FR 185.235.86.85:443 ag.gbc.criteo.com tcp
FR 185.235.86.82:443 gem.gbc.criteo.com tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
GB 195.181.164.16:443 vid.vidoomy.com tcp
US 172.64.149.23:80 crt.sectigo.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 172.64.151.101:443 ssum.casalemedia.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
GB 195.181.164.17:443 vpaid.vidoomy.com tcp
US 35.186.253.211:443 rtb.openx.net udp
ES 212.36.83.246:443 a.vidoomy.com tcp
IE 99.80.184.135:443 ap.lijit.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
GB 3.162.20.39:443 cdn.ldplayer.net tcp
GB 18.172.89.51:443 apien.ldmnq.com tcp
GB 3.162.20.39:443 cdn.ldplayer.net tcp
GB 3.162.20.39:443 cdn.ldplayer.net tcp
FR 51.178.195.208:443 prg.smartadserver.com tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
IE 67.220.228.200:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.228.200:443 aax-eu.amazon-adsystem.com tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
DE 51.89.9.253:443 onetag-sys.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
DE 51.89.9.253:443 onetag-sys.com udp
NL 89.149.192.197:443 ssbsync.smartadserver.com tcp
US 34.149.40.38:443 u.4dex.io udp
DE 37.252.171.21:443 ib.adnxs.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 89.149.192.197:443 ssbsync.smartadserver.com tcp
DE 18.184.248.131:443 1x1.a-mo.net tcp
US 8.8.8.8:53 49.4.219.8.in-addr.arpa udp
DE 18.184.248.131:443 1x1.a-mo.net tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
FR 142.250.201.162:443 securepubads.g.doubleclick.net udp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
US 216.200.232.253:443 sync.mathtag.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 216.200.232.253:443 sync.mathtag.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 104.22.51.98:443 spl.zeotap.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
DE 18.157.153.25:443 rtb.mfadsrvr.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 80.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 25.153.157.18.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
FR 172.217.18.194:443 cm.g.doubleclick.net udp
US 80.77.87.163:443 cs.admanmedia.com tcp
FR 51.178.195.208:443 prg.smartadserver.com tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
IE 54.75.53.9:443 ap.lijit.com tcp
IE 54.75.53.9:443 ap.lijit.com tcp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
DE 159.89.25.223:443 node.setupad.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
US 34.149.40.38:443 u.4dex.io udp
FR 216.58.215.36:443 www.google.com udp
IE 52.17.69.168:443 ce.lijit.com tcp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
IE 52.17.69.168:443 ce.lijit.com tcp
FR 216.58.214.66:443 www.googletagservices.com udp
FR 216.58.214.66:443 www.googletagservices.com udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
FR 142.250.75.238:80 www.youtube.com tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
FR 51.178.195.208:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 34.98.64.218:443 u.openx.net udp
US 34.149.40.38:443 u.4dex.io udp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
FR 216.58.215.36:443 www.google.com udp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
FR 216.58.214.66:443 www.googletagservices.com udp
FR 216.58.214.66:443 www.googletagservices.com udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 162.159.130.234:443 discord.gg tcp
US 162.159.130.234:443 discord.gg tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 162.159.137.232:443 discord.com tcp
GB 18.172.89.40:443 ad.ldplayer.net tcp
GB 3.162.20.81:443 cdn.ldplayer.net tcp
GB 3.162.20.81:443 cdn.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
GB 3.162.20.81:443 cdn.ldplayer.net tcp
GB 3.162.20.81:443 cdn.ldplayer.net tcp
GB 3.162.20.81:443 cdn.ldplayer.net tcp
US 163.181.154.237:443 en.ldplayer.net tcp
US 163.181.154.248:443 advertise.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.248:443 advertise.ldplayer.net tcp
GB 18.172.89.40:443 ad.ldplayer.net tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
GB 3.162.20.11:443 encdn.ldmnq.com tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
GB 3.162.20.81:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 163.181.154.233:443 en.ldplayer.net tcp
GB 18.172.89.34:80 apien.ldmnq.com tcp
GB 18.172.89.34:443 apien.ldmnq.com tcp
FR 142.250.179.78:443 www.youtube.com udp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 3.162.20.11:443 encdn.ldmnq.com tcp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.186.253.211:443 rtb.openx.net udp
FR 185.86.138.124:443 prg.smartadserver.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
FR 216.58.214.66:443 www.googletagservices.com udp
FR 142.250.201.182:443 i.ytimg.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.18.195:443 p4-fmwji3ok26p3w-mf357e5xflkkqkvs-if-v6exp3-v4.metric.gstatic.com tcp
FR 216.58.215.36:443 www.google.com udp
FR 172.217.18.195:443 p4-fmwji3ok26p3w-mf357e5xflkkqkvs-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 182.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
FR 172.217.20.193:443 yt3.ggpht.com tcp
FR 142.250.75.230:443 static.doubleclick.net tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com udp
FR 185.86.138.124:443 prg.smartadserver.com tcp
DK 37.157.5.133:443 cm.adform.net tcp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
GB 18.172.89.34:443 apien.ldmnq.com tcp
US 8.8.8.8:53 b35af9cb9f78ac56b8ace5e05cf64b10.safeframe.googlesyndication.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 34.250.113.16:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 b9ae629e4ab1381f38d5b59187ca8ccd.safeframe.googlesyndication.com udp
GB 18.165.160.115:443 setupad-tagan.adlightning.com tcp
FR 185.235.86.85:443 ag.gbc.criteo.com tcp
FR 185.235.86.82:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
IE 52.48.246.250:443 match.prod.bidr.io tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
US 35.244.159.8:443 u.openx.net udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 34.96.71.22:443 s.company-target.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
DE 57.129.18.113:443 wt.rqtrk.eu tcp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 250.246.48.52.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 113.18.129.57.in-addr.arpa udp
US 8.2.110.113:443 as.ck-ie.com tcp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
DE 18.195.126.233:443 match.sharethrough.com tcp
NL 81.17.55.171:443 ssbsync.smartadserver.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
FR 216.58.214.66:443 www.googletagservices.com udp
IE 99.80.184.135:443 ap.lijit.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
FR 216.58.214.178:443 p4-fmwji3ok26p3w-mf357e5xflkkqkvs-259255-i2-v6exp3.ds.metric.gstatic.com tcp
FR 142.250.178.146:443 p4-fmwji3ok26p3w-mf357e5xflkkqkvs-259255-i1-v6exp3.v4.metric.gstatic.com tcp
N/A 127.0.0.1:6471 tcp
N/A 127.0.0.1:6472 tcp
US 104.18.31.49:443 stpd.cloud tcp
FR 142.250.201.182:443 i.ytimg.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
FR 185.86.138.124:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com udp
FR 185.86.138.124:443 prg.smartadserver.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 44.195.98.69:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
DE 91.228.74.159:443 cms.quantserve.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
US 34.96.71.22:443 s.company-target.com udp
NL 35.214.185.183:443 csync.loopme.me tcp
US 3.229.202.201:443 pxl.iqm.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 46.228.164.11:443 ad.turn.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
FR 185.235.86.85:443 ag.gbc.criteo.com tcp
FR 185.235.86.82:443 gem.gbc.criteo.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
FR 142.250.75.227:443 p4-fmwji3ok26p3w-mf357e5xflkkqkvs-259255-s1-v6exp3-v4.metric.gstatic.com tcp
FR 185.86.138.124:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
FR 216.58.215.36:443 www.google.com udp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
FR 216.58.214.66:443 www.googletagservices.com udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 81.17.55.161:443 prg.smartadserver.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
FR 216.58.215.36:443 www.google.com udp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
FR 216.58.214.66:443 www.googletagservices.com udp
FR 216.58.214.66:443 www.googletagservices.com udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 81.17.55.161:443 prg.smartadserver.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
FR 216.58.215.36:443 www.google.com udp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
FR 216.58.214.66:443 www.googletagservices.com udp
FR 216.58.214.66:443 www.googletagservices.com udp
US 35.227.252.103:443 rtb.openx.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 81.17.55.161:443 prg.smartadserver.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
FR 216.58.215.36:443 www.google.com udp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c1c7e2f451eb3836d23007799bc21d5f
SHA1 11a25f6055210aa7f99d77346b0d4f1dc123ce79
SHA256 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800
SHA512 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

\??\pipe\LOCAL\crashpad_3940_EGJFHUYOADCZLMDC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6876cbd342d4d6b236f44f52c50f780f
SHA1 a215cf6a499bfb67a3266d211844ec4c82128d83
SHA256 ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e
SHA512 dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2cb6aa5077b9c6a1f374a15319c92b60
SHA1 ddc4105373feaf89566480f69a3a9ef1c432bd4b
SHA256 33c19eb4596cd70e8922c7afb2842bf763639172d8bb9981d1fbf4074da0b98d
SHA512 6a31ee839882de98a926308ae387f3529a69eb9a200666eaf53414950435fe25c05436a02c9b49f0c8c6ade773eb19dc3ac90554e3c465cfa028bc7cc27523b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 1e9d4ac9707f5aa982915200c87b9932
SHA1 94b6aa1c5f9d5514bbc14623a6561071ad6e730d
SHA256 a614d664e472808e22f14f27ed3a1dbda2c9055a09546b2e4b371d73a7bb5a60
SHA512 7d03f0c19ea69fd509a9dbfbca87dff8653cb3653d0e08280c302ef39e683bc75b3340180010ea83bcc5ac67aac7d618f5281596fff1744cd43ab6b2777c984e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 05e9679509b61424a07cc4d4efb7247f
SHA1 db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81
SHA256 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b
SHA512 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e9ba999baeac27076c8ff996b79e1d03
SHA1 7cf5f89b6455c90a3c411fbc722f3aad8314a469
SHA256 ce25e0914f98788df1ced0be46fea2750b4a55edd8e02e01343a70294cd53d7a
SHA512 9a1ac813d7c745d5894bab646404d7fe0d7ff1f606dd4b01a41ebfd07afa9c61528a75d3c4ed37dc0865fd2be5be8d33256320e4612308ade82d6a2ea3204add

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cb3e9862ee6afb719152e6c5078f584d
SHA1 59b367624539d81599767919918d45d37c3ef946
SHA256 550b6459b1716c36bf6672f79ae8b838c04aaaf11a0b275c22737ee93fc27b5b
SHA512 553d254253c15a5ff966338dcbb98c43241de2464754ed4a59a70b5eda02f9083a0ed034d2dedc747a5c125a9fa2990741bb4cd0f695200290143cc5a79dab70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 249b5e08938ed2b4d1fdb5abc862f98c
SHA1 b36ec41b366da5a23064dea80f8c8d20f00f16ed
SHA256 1d92ca5c36faafb862d629e406972c9177cb18fdbe755c3d484d447a356ad245
SHA512 8bc18be9a29cb7b79e7dc4b59a651073a2dde398e83726ca712e55a1f9dc0e09967e547433408d5fe598d933df300b3a0e728104e6041fe497d76312fb0ab1e3

C:\Users\Admin\Downloads\Unconfirmed 157710.crdownload

MD5 85ca940958ea59dfb3788186d06ee00b
SHA1 2e8dd1aecbee61ea56dd6bc011f2b319d70cfc09
SHA256 c6bc9dd1221c9b6145160f67680d1b620d91f112844dfd5082d2766045a9fe34
SHA512 4a8a4144e1221463e9c45c12402cef71b9fb0867ae4500abf02f6c41cdbcdfbbf591dd537449107a6c2728457c454905bd149ea7a978fc51000b790194d85718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\30451d9a-22d6-46dc-8306-6fd4f59bb34b.tmp

MD5 cb766cc371bdbf3d1003fbc008ccf46f
SHA1 00c7c23e455f6aeaa24434d0cfefc113987f08dc
SHA256 9e9b96c875933019e791b3b027880195a5514e4d8f88ed9ee8dbc6e05287df96
SHA512 e726dee24c57566849ef92c431777ea4ebdb845a67ab50cb5dcac477e5ed6110a60f35509034fc86097228f7537fa725acdcc78a9fc361502bfa64714ace320c

C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1d1acac3e85359fa7953c19e66022fb5
SHA1 267c956cd9d4cdefb2a825ec6d4bf3ff2f602d69
SHA256 a8fc6119b3dc1b0c96e9f205ffd9432137c8a7ff2a9f409c4f6011875eafd864
SHA512 604cae8a943745dcfccc6ffca0d5a8989ba385a5d73ec889bd1fee7a24f1d02acbed5a6da8d15a326a231e77d03a0dac31d6a8b493d39654a1f258722ba23262

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c0b0.TMP

MD5 ec02f23669a51e247e7877f25bac35fa
SHA1 1e8524556713ac73c20a92e7f289be0f1192b160
SHA256 177fcf44337c761064fae73423d96d0acc7d0f413f5606b29be57d75e55158df
SHA512 b423a5b9a2f4db52c2e2436912b7fccead858711f0e02ef54ff73b2435da525e6473824d7ef29c8b1aa70a60c3839e45b10d2060ac1e7c025c468b6bd3552ad8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9bc390bfd3d0d3385c20304c33407177
SHA1 5f3110a758dd6fddae3d43d997dd841a1249b9fb
SHA256 082aee5ebccea7b7e068f68b2a867ac926657d6841d67aa4dfe5fa0b63cf649e
SHA512 44f20a52542bdfbc1c3e601fd5038d8a9c1256772e255a176fca1d1988ef9eb41e93dde7f284a0337d97489551d7f9de67e23a68dea083aa6d78375a959011a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 577d863cbfeb99f1f819a0b30b9a239f
SHA1 843dd21ab5fd069aa7be3b415401d68a54bca7fc
SHA256 b9cd311edc0d26f49604e5db94240a75e0b3f20c2f09bee3a1fe76ddd52762e2
SHA512 95c244224bdf3b1019454b80026ac2ecad0d98ac8f4ed6d8c19215cb0a65601dfe893d8ff544c99b6f6f2594c3fdaf4aabcc3eae9bba5385c043175bcfbbc492

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 5b22922d17dc38deafac1a1ee815c0d2
SHA1 42a942370ae90173e7c6de2639127f6054f47bfa
SHA256 ba53491ed9b9d3c651a9c0e333c8ef58d176962d6454b6f41d77ee33187a40a7
SHA512 8166f203a48843e8780a676185596110eef5282282abc5f7c493c9bd6a65bd7b0f945283583d87c4f85b57aadce4287ce22cc7874af8b97600d1cc965df51d56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 4555103c6355ff2acea624c732c126b1
SHA1 05c96ff1ad750575e03481088d0ef70ca013549b
SHA256 3403177bfae5be178602cfab8b9c25eed17901ef50c5bed316c7364d91a9ab25
SHA512 8858ab7a116aa6b8aa54ecb9c635b82ebfb498814360cf77337996545dfb2b24d7c347edda6672d76bf4bee9e66d077ae6eb564b7c0e7b9453fa18cd6b02a603

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 75575eeca1b44a1f929ce985f7f2f4f8
SHA1 346937041d0240e99979bafd5d1935badaae30d1
SHA256 5dc7e611e38e4097eade769cec6dfd0fa57d20df235b40d99373e58e65c47b70
SHA512 f724be37e1fb1b6fa956d27801d91222f7272ef5799e14a34549836f0549b18b489f30b7b5d4ba791f3155b9969a1fbaec13800aefea9934298238e3fd379b7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 6e2853cb6b7874ab8d30798a69d0ae52
SHA1 872f328195cc56b4dd1942ed85de68408e6a1d9a
SHA256 d3c0194a74c8c7a26716786bb681298d7a9c39442ee552f4eed12aae5ec2d00e
SHA512 fdd96064cd46cb8791e18814f64099563c9d44fab4c6201249707da656745575ec32309dc025c5a70d7b6a928e25c0586a518ce38e177bd4486ac2fd87830e54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 aead7772d12d3c1c8490b745c0f649a8
SHA1 648c47dffee4cafe0712b0d40d2da24bcde333ce
SHA256 0f5ccc5b61fafeac44e5650747dfc7a96208c3d5a871b1e514e7721025a76d2e
SHA512 b36ec76421b4e37e84490458e45150a24c728abab178d5338e2b3714c7f561273200b5537c6490708685acd7d29d3ab95369d29addc762986b9c5bd77195238b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 323ab7cd652dbb26ee67170ee85400e9
SHA1 7fff1e2efc3c8b1a7548adec05162c5d5c518996
SHA256 c222c65e1ad83ca4ac69eda11f517c944c36ad91f19bbb2341ba5c2d396069c0
SHA512 d6dfb7e554627fd73fd5bfce8df514ee3d04f6d9ff81b0f168c12a35e34b11c7048bfa436515f559f92f0ef9a32241a4e57a13410b1eba614ef5205436a49cd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 18615fbdbbcd9eea297cbe5b66938099
SHA1 8d1748c72962b013cb252d37bc2cd5b7286c2329
SHA256 bb9cbd954cea787242bbacd83e06efc039ac57b85226cffb55556cfebf90a95b
SHA512 4a787fd31d8d6a1917c377901efee74000b333168a5ea34bdf3177c960cbc74b3ec7c07bbbc9e91a3307a1ac354aaad4673458bc9e746744a3a4de34105cf6e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 4f3c6ed3fe956b720c83ff7244a9a0c5
SHA1 c60d6378c3bede4bfb64df9b868f11ac0a8eeb30
SHA256 a22cd6295a867a8ffc8a7262adf86aa6d4740824690f53dcea957eb4a577d351
SHA512 15c5f3e5326cd273a237b8bf55f6a1d0a7e8266dc3c9395d1264ce507c718ac371302366f85d48f53b0914f78b9327ee48bc3d88ad86ceb1bfd22e97c729f6dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 800064bfb386ae31c7eaaba7b9abf1c9
SHA1 b43d5614c6cb50d7900ce9047e0994a8b2b48ed8
SHA256 30a72245c58d53dc084a6078961596c38772375ab9458c922a47d41a6fe004f2
SHA512 9e11e56da8f01d4112dbe4ad6cde54c7833bf57005ccaa19b34980050a59ef2ddbf3354fb567cac8e16edb59e9da73bc0a0400e08a3e7b5bc782e6b7f8d56221

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b475902715ed86d3bfb74abda30f5d5c
SHA1 cbcd09263935293dec69b467789f32db0e537e50
SHA256 e1b533ce90026ed9724a25cb7f10905f5bab033acfd64169a4bab08bb12d4640
SHA512 719cd8369efd8e4a274532a288f0224eb3818f141ebf470d95fb72f9b7739520667034450a6f3dfba8a4b1d162f78061ad89ee0e791024b309ef97b9b691d5b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e8f279441d58554223f343d9bbbf7cf9
SHA1 8e8f2881f72a2daf419932bb2291c86c1e49fc9b
SHA256 e34a704491a356c7bb08798c766ad832344348ab3b1eb8951fa151b800ff822b
SHA512 5278b720ffe4ed7c78736dc25618a01dee7ebbfe17e66da4bcee235f5269aaf6cad57973024efae096de3a5edfa9f1dc6bac707f1b411f77fc1c77af3ac64a66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ccf7d896ffd9a328ce9284251453eb02
SHA1 71c8b7c0570286f3d6ad3e75eeeee2c8ad567ad0
SHA256 b25466f061d859a6d8dca57d6e27aaf65965776687945149052f00245b018da6
SHA512 5eca19e4da8a66ac1e76a36005fc09a4757905e6ab723178421ddaf24edc7e6c2537b58da81ea18add62ac4fd6367b7d8fd6adb85158e2ca75381483647e1c76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e5be29c0f6324ee09286bf312ec7e84f
SHA1 f9a22f3398a77f5be6581f95d22fe005ad7be51c
SHA256 2b462a95e07c1fec59650ae0047d1b12c0551723576ec0e133734155da06257c
SHA512 a6021016f77a8fcf82ab0288fdd98858c1049fb9bec955492b6698c63f10e1cef4a1a3d7948216dd268d091f6d5b230c9796ae6363398a3caae4a1fea1a7bc4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4bff713db6c042413733f782b009f4ed
SHA1 6d223d2bef69eedac40f83f18c1692762ae7f9e5
SHA256 2646075ea234a3db755965c77e830f93e803aeed824f41aaa5be56a0c640521a
SHA512 efd5744a68c3a04f220fde979a2476d4e8127a1016a4a5111dec838c81facdccd0086da27f1c5387f7e0886e3d9c1574a31f1519e5b81cc150f32d472e5f0daa

C:\LDPlayer\LDPlayer9\dnrepairer.exe

MD5 a04a36948ab451c5344aed3ed9a3f9aa
SHA1 c429b59db40462069c75706059d37348d4d8d6c5
SHA256 4879f7caca2ff3cda2bc551fc895ea24b06b6b61767659e8f55fb6317a28fb5e
SHA512 c549b03cd85de0b7be3e2783a6ee9fc09622a60750f43903a4a98f05f0d975384ddbf68ffcda5575c68cde2a9e8aa84bdc05e15174931ba5dd45dc5053f33056

C:\LDPlayer\LDPlayer9\MSVCP120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\LDPlayer\LDPlayer9\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\LDPlayer\LDPlayer9\dnresource.rcc

MD5 70058f2d60daef1ccc7bbcba210f0ace
SHA1 ef214ade419a724272ac82e9de5233d7c0afa64b
SHA256 43b26f40e04ae6854569a01803541245abffcd130f1345191afd8bf6b0ca7873
SHA512 a0b3ca59ffad882fbff69012023eaa8aadb77d3ff1252562e5480e7dc3c9336afb3c5f58fb435246ec48c758d3c9d17ae9ea8a28f9d4766fad1a4c672cbf9b9a

C:\LDPlayer\LDPlayer9\crashreport.dll

MD5 7d2b7e50bf352bcacd36ace10744bb75
SHA1 8e30304a46431422f8f980141f674416e554fc8f
SHA256 14bff3e96d291118952ed06f7f475f882b2c1ecc1eac9823c508c63c02fc9da0
SHA512 deb21e0633c48959ff20e7ab1884230e00f1b97d1e156a41b967521221f2e29412be040ddff649db9e03a5977654df744f1bb974091a7e5cabb2c859bfc869fb

C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

MD5 bc31fbd8ae50f9d2f3560343a926fabc
SHA1 9a887773c141debf20a99d560ac525622fc07f61
SHA256 bcdf981720826a36224104f555a535dec85848f74e15d9efdc926d082c4fa8f3
SHA512 6ce79aca6197c1d2a47a2b47179d053105b3edb85c17bb9362f2240689966bd19acc97f3f36fee203eaf6e349df4fb036ab7167d95917c933ebfaddc774eadfb

C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\DismHost.exe

MD5 17275206102d1cf6f17346fd73300030
SHA1 bbec93f6fb2ae56c705efd6e58d6b3cc68bf1166
SHA256 dead0ebd5b5bf5d4b0e68ba975e9a70f98820e85d056b0a6b3775fc4df4da0f6
SHA512 ce14a4f95328bb9ce437c5d79084e9d647cb89b66cde86a540b200b1667edc76aa27a36061b6e2ceccecb70b9a011b4bd54040e2a480b8546888ba5cc84a01b3

C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\DismCorePS.dll

MD5 7f751738de9ac0f2544b2722f3a19eb0
SHA1 7187c57cd1bd378ef73ba9ad686a758b892c89dc
SHA256 db995f4f55d8654fc1245da0df9d1d9d52b02d75131bc3bce501b141888232fc
SHA512 0891c2dedb420e10d8528996bc9202c9f5f96a855997f71b73023448867d7d03abee4a9a7e2e19ebe2811e7d09497bce1ea4e9097fcb810481af10860ff43dfb

C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\dismprov.dll

MD5 2ac64cc617d144ae4f37677b5cdbb9b6
SHA1 13fe83d7489d302de9ccefbf02c7737e7f9442f9
SHA256 006464f42a487ab765e1e97cf2d15bfa7db76752946de52ff7e518bc5bbb9a44
SHA512 acdb2c9727f53889aa4f1ca519e1991a5d9f08ef161fb6680265804c99487386ca6207d0a22f6c3e02f34eaeb5ded076655ee3f6b4b4e1f5fab5555d73addfd7

C:\Users\Admin\AppData\Local\Temp\D7873ACC-C588-4956-BA1D-D9B7DEB2AC31\OSProvider.dll

MD5 e9833a54c1a1bfdab3e5189f3f740ff9
SHA1 ffb999c781161d9a694a841728995fda5b6da6d3
SHA256 ec137f9caebcea735a9386112cf68f78b92b6a5a38008ce6415485f565e5cf85
SHA512 0b18932b24c0257c80225c99be70c5125d2207f9b92681fd623870e7a62599a18fa46bcb5f2b4b01889be73aeb084e1b7e00a4968c699c7fdb3c083ef17a49f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 d595aeedb6ab5955252895140cd33b2d
SHA1 54ec38264ca7194d6df71d5a5fe4b7dd5b4b5130
SHA256 94449a2e74b33178a00cbd79505d9251a0fcdff8ee1a0ac24352a6779ca34fb6
SHA512 439d8d57c0e938f28804e4500f6549569090b7e52c9d4048ac8ac266e7732669eeb017b7a32ba027abd590ebd39658a443baefe3a125f28fc5ad00176efa7bab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 36c9caa1478083bd6ecf7c07649ff6c3
SHA1 a44d0b10ae53f6ea46bc450acb5798c159a1e412
SHA256 c5aae61399b871202548f1f2df7af726b6ca8b8026600c6ce1cf9893ad0d80ca
SHA512 2e15e8cb6776985ad7d30f9ed750052334027e4e38adf80ee6f46f3cf9f9b2b79a9df1913b8f854ce81f39c9228313c2b7faf597cf19fef5ef0b127ae3b2b1c6

C:\Windows\Logs\DISM\dism.log

MD5 1a198641cbf6759574a0dec13c8fd980
SHA1 edaa77a6d4542864fb446c07af58e0b8aa49291c
SHA256 834623612b1a9cfdbe7a3c264627467956bb431786ac91a9d5fb03c0a58d5fe2
SHA512 df4ed5f2d4202ef478ecc8b7ce6e5e5ae3edea10b84534dd22561de12fd85aa1aa318ed24aa7c449f5125c9f08fd7b85deffe9495a138c0d0a7b3a93056ab90a

memory/1896-1153-0x0000000002590000-0x00000000025C6000-memory.dmp

memory/1896-1154-0x0000000004F60000-0x000000000558A000-memory.dmp

memory/1896-1155-0x0000000004F00000-0x0000000004F22000-memory.dmp

memory/1896-1157-0x0000000005770000-0x00000000057D6000-memory.dmp

memory/1896-1156-0x0000000005700000-0x0000000005766000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gnvxdqjk.03j.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1896-1166-0x00000000057E0000-0x0000000005B37000-memory.dmp

memory/1896-1167-0x0000000005C90000-0x0000000005CAE000-memory.dmp

memory/1896-1168-0x0000000005CC0000-0x0000000005D0C000-memory.dmp

memory/1896-1169-0x0000000006260000-0x0000000006294000-memory.dmp

memory/1896-1170-0x000000006ED60000-0x000000006EDAC000-memory.dmp

memory/1896-1179-0x0000000006E60000-0x0000000006E7E000-memory.dmp

memory/1896-1180-0x0000000006E90000-0x0000000006F34000-memory.dmp

memory/1896-1181-0x0000000007610000-0x0000000007C8A000-memory.dmp

memory/1896-1182-0x0000000006FC0000-0x0000000006FDA000-memory.dmp

memory/1896-1183-0x0000000007040000-0x000000000704A000-memory.dmp

memory/1896-1184-0x0000000007250000-0x00000000072E6000-memory.dmp

memory/1896-1185-0x00000000071D0000-0x00000000071E1000-memory.dmp

memory/1896-1186-0x0000000007210000-0x000000000721E000-memory.dmp

memory/1896-1187-0x00000000072F0000-0x000000000730A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 26e96401e664ed1167f65eb8bdbafb99
SHA1 19ed3363849047e8877df33fd887c60672746c3a
SHA256 10e435b7f2f805ae5c8e482720a047a14f7d7a59d116a21ff2f3f89fc68d1da4
SHA512 93107e69e74797e71feff18bea4d0f609b831c66f73223891f2be9d0775467f107557407eb7f83106f4d55f075d4d62d04d973627af3c8b4ebcf79575f298341

memory/4944-1216-0x00000000060F0000-0x0000000006447000-memory.dmp

memory/4944-1217-0x000000006ED60000-0x000000006EDAC000-memory.dmp

memory/3368-1227-0x0000000005D80000-0x00000000060D7000-memory.dmp

memory/3368-1236-0x000000006ED60000-0x000000006EDAC000-memory.dmp

C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

C:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\LDPlayer\ldmutiplayer\fonts\NotoSans-Regular.otf

MD5 93b877811441a5ae311762a7cb6fb1e1
SHA1 339e033fd4fbb131c2d9b964354c68cd2cf18bd1
SHA256 b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b
SHA512 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 f96c25bb4feee47fe4111660fa0706b3
SHA1 284126ce4f80b6bfd6037f6137dee90c941e4eec
SHA256 9b5d44c60b18b36bcc1cc0e28585ae168d92239beda197d739c3e64edb229867
SHA512 b4297728f031863ccfb50de52d18f443d6ae893322e2f6b315497e187329275fbf41828867e614b35e9ff60ac6e3e1ae77d876fa8e131336c2d6a1fb6ff7db36

C:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 a723044f1c511790dd0ee3a3fa68c4cf
SHA1 670e6f907c2557c9685ad26c26d6d8fee5139942
SHA256 861be3e240b075752d52c7b50c41bf22eab9314db4f11a20362c648198a0f2e4
SHA512 0fa7da71864d1abdff83d3aa01597f5902c01899513b0333bcc5d756a15be02b8c5293b55c1d88e556010f53412a7dbd27b57b63b1074565f1f6de8e2952377c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 22f367808a28340ff9ad2f923ba61c3a
SHA1 c9d42757e3f78fdfe8a8429f55e22f70a866865e
SHA256 7c482ee1284373d94c74f9d574628848d80020fff4441fd0006398c8facf3731
SHA512 1d84be9bc0b2bbf9dd7909a455dffee4c5ea30aec6971a2d5bd1c9542dd74f5ad82a861e4fe9a8504e80cc24fd20e529f058d36eefaeb7442f146c875b941634

memory/1608-1355-0x0000000000C60000-0x0000000000C76000-memory.dmp

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 6de0ef4a83aadebe5d7e07a64fc9d220
SHA1 f2162f30992ced0b882bfced0477ebf62b7ce186
SHA256 b7c4de833b0e2689724414802fbdda35d7cc1c4529eb95282fd0ffd175119008
SHA512 eebe007e0ece66c08138720bb46864470826a6b49a8edb1fd1593c4efade4bbf32c764d205383ef4745a738a1242f92e4c396abeb56e6ff9e785977ce8f646da

memory/1608-1400-0x0000000036210000-0x0000000036220000-memory.dmp

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f7304a46ca1a9628b392c6e8be5032ab
SHA1 e249780a2b84cfbaa7baf75f14615d63962d594f
SHA256 4d3f37c9c1983fb17c7e935b923ad3b54773a2c08c42f9256ee488ab40c66aef
SHA512 a789efa981d9b4db78a895809a555f3ccab02834d944de49905bf943442e5a5bf19ea0aacc83f7fb8a0dc6acde5f8d69565537ba9b2e7a7ee47aa74e5037dd00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e5a5ae625a17c134f00a17d12b0f66d
SHA1 83b7d6049d86a61b97f4cb33e44f451ef124067e
SHA256 988ad3a2408b1d15e653b8c969ad871ba8a18f9c4199ef64656920542f709b51
SHA512 2c2f40defdd682d8a0a0f1ff09bde101697b11dda9b568833e939f91605fb2059213f9af171c684ca37ffbf3953b3b3e11476170aa607d423dd0c8c81acfbfa8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ba8087b793f0867e9b59d1f78337988
SHA1 514971de09ee9e7425aa68475e95792934057712
SHA256 c72e05609897c286b3388c84a0ae5b19f36900b8568ad897159795c2379a35c3
SHA512 1e51bb6cb1be6f968164124d797ea29a8b2a8ceb9628660c795615fc2a10bd3c28afe359779ec0a153a7aa0ff2c9cf4b89408af2838164b23e732c64faa8e4f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 6e64a529396354c4c7315eaf773f3ee7
SHA1 4a6f76f684428b2c65a170518607b46dd479d148
SHA256 d681d16e0e71325ddfd93ad12025b3ea4d5d2a5e7b8c4bc0ba8dae7b95aca6b3
SHA512 4b1abc4bcfdafc70541e2fea60df08b13045a6270f4440979b3bee3706638a93829e49c3d5e7eb098429a0f7af6c31ca3890a71d776674a18fb4d7ada94a854e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 81f59c0b9e1efbff14d8229e2bfc7940
SHA1 263100c9e10746a2b93ddc11134053175b307e68
SHA256 dbdf636b91501693b41256a292a94fecd88233f7b7ce83f3c6ca512bc29f4047
SHA512 c67333b25474ff0d94c73fdefdc075ac8f1936c2a3c735f789263068d614f9e857907a8ecab6d8e0bf6e9c78932055c03f829e71c0907531d37e38f80bedbeaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 eeb6392ae60167476487c2992767d0f2
SHA1 5e9c075dc73c4b3c11e7431b57b8f3ace8f45279
SHA256 87428f0d32d815d6d821d594a3e502ebe01e9b2b4a8a5c68da38d19152e7d4c0
SHA512 10a38084fdf659bb2d4267b9a7fca78fd61c949ee5177e5e8dfd1d61ffe89bc6b7e2f620bc9a7e6381b8dd90c413519552d3fa3809c3b278e18bde339f07d3f8

memory/1608-1816-0x0000000070660000-0x00000000706B9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 3e65a3d288c0e4b1951c61676184f7b2
SHA1 564a605a43ece5a7f2e7e0d6295b7daf0e96580c
SHA256 3a7d6dab68a406eba55369a784dc9e2b2c5e8f73079d45df2b8041044472e1c9
SHA512 faf634d27f2422d373a1eff66c4e125de7f3474af01c2b6f419e69ba7f537224d3428f8d2cb402f5ebc9ae1d44d3e23ece01117bb156733f6abf9d8c2a0e3bef

memory/1608-1815-0x00000000706C0000-0x000000007073A000-memory.dmp

memory/1608-1824-0x000000006FCD0000-0x0000000070276000-memory.dmp

memory/1608-1814-0x0000000070740000-0x00000000707BE000-memory.dmp

memory/1608-1817-0x00000000707C0000-0x00000000721BB000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92063f2bbd648a4f_0

MD5 e396e433ae53d43905b98e1c18649b63
SHA1 ba0403237820b5b39864a44dcd61a5f437f2a68c
SHA256 981970b2847d396175d307952ced61ee15eed2eeb53c4757418cfcb2c1f971c3
SHA512 c1b0f358f1ce2c0de2c471d8853659e2d62ad31e5323e579a84cfb9038c2c9649b09cc82abd4dbc7b3a9782b51ff999e065990ca19328d7ade5593182f75e54d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53b92fbc4d68952f_0

MD5 95d8628cc5decbfaf5a6daff2e973808
SHA1 134fac6f4abf7669ab6b188ee4ce15250dfb003f
SHA256 5b389546800a193d000350a1d2b5d6d835d6f34934ccc491155da2273c67d72c
SHA512 89a42c2384e2db265eb40e4771796517d1df458341f82d8f6b7137baffc507bdb690e51068ef91c0373bff7796f142cc509e21a9223d3604c83a3aa0e4efc330

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 f4e24cd183ca449d9e294b9c4ab49bb4
SHA1 3de35dec43151b72d01732d01695b464f8a6e449
SHA256 1e4a26ec3fe9babd9f8de72849952e3befe0649bbc1dca9fcdadad920a17efe0
SHA512 3a9b051826d9042c8043c2df32310615d21993726071e5f366ad1f4a94c9f6bd70f5c6b845bafa9bcaec617cbeddddbd58d9b7872abdc76425b34946e691f0b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 cfa2ab4f9278c82c01d2320d480258fe
SHA1 ba1468b2006b74fe48be560d3e87f181e8d8ba77
SHA256 d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e
SHA512 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdff3907e497c060_0

MD5 49b6dccd98a7ba39d52a6b3a2e48b0dd
SHA1 008c49decc2235223dd9f0ae75e06fe8c2209e97
SHA256 eb7faffe5ce883e731262106484b6b38b89639df0f5db00f3bed11b5494e70a1
SHA512 ba7670812d382f2416d4932e8490d6265265c77ea67ac75497d11ae67d7632e06efa622a81bbc1432fc46a8bffde5b4896e977f7327adf4b40161d9bf45dfbf3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 d453eca18d366c4054d2efd57717cf9d
SHA1 c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4
SHA256 be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc
SHA512 a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 8a42ba5472aa4afa3d3ac12f31d47408
SHA1 2add574424ac47c1e83b0b7fae5d040c46ac38a7
SHA256 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4
SHA512 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 1aca735014a6bb648f468ee476680d5b
SHA1 6d28e3ae6e42784769199948211e3aa0806fa62c
SHA256 e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 2335c53afb1602527663457cc9c69410
SHA1 8f5fc5d6c267d93a855106d908eb3e29c6b77d11
SHA256 9eace0b1569f237f159f7f0a949ba8c435b994331aea1f5c7f73c88d2383da89
SHA512 fb5c29cc151f75126a610aa2b81f05f0cc74ae3a115846ae3e0ea2ce5d233b48c3807868ea9043945de64107af790931fd44938ba28e8ceb90c0d549b0834984

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b7eb253673f83e137e10e33cecaba337
SHA1 a6f8c671ff907b9d4f31841bd97b8f93f6630843
SHA256 c36f95efe029ff4f9b7a797af15b8c9ed9aa3dbb4b06fa322fd79a0bc4ee312a
SHA512 e4d8e515d7f0eaaab1c0e73400d3331f41b8deed10a12a0d25e185f08d9347702fb4a13d483dbfde19ae1e657409267d936297da9b4b54ea3ccaf5d2658078e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8d6fd2fee1100c300014090e2a893426
SHA1 16c419c57c6128872e6a04ac2529f52fe48b7a5b
SHA256 bbbf6fc5b27cf287d330396ede5401619295b4cdeb9307d5c4013020be8fe909
SHA512 35422603c64a0f240167732bddaff318129e21ec8f9452eb6ecd5ce2f10c42e7fb4227fcabec784553d5cef824bd6bddf598a5c530c2c9952092cff71abbd495

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 45ce21751019aecdc49e10f1cd8249a6
SHA1 a401c8b4736b55f54368b8e9818b94031c91571b
SHA256 2844eef81e4f3629e242bbded7b1bf5ceb3233821ae83de2149d3f7fda993dfe
SHA512 82305a4c27f3b9477f496466642c3d5fd7949f4d96ede33cc3faa29dbe0ed77028aa994a860107be59321f0c7fefbef246c0512e33b22c6aca2b9cb5e47e66ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 395d53c14e50deda56f53617965ff95c
SHA1 78e28fdaea625841c5305f630476a800cf70556f
SHA256 9e98c076c131d60f8a7d6b71e908a3bbf4642475cbbc073205bf261cf2deaf92
SHA512 a4bdbdb3d95b8c5eacfaef6477fadebd6bc7b94f97a4aac487e1de319d2c7e07c7c32e2f8dc23306336264d190e9ac3f07bfa1bbc643ce6033e41620a9c411e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2667e55261d86d3_0

MD5 2f6a78ccde57b2561107712790acb696
SHA1 5d0d83b906348f38eecb43b3a39e16028c1a8304
SHA256 49c856424528e76ff12b6f91f03336c477b222f1ef507ed727d0f6ba5454d0a9
SHA512 4ea4da46e80d55aebd6951ed2473c3a9f397ce89c1514bdbb37f125ffc1e53c4fda82577abd6daa48239f7de541b8318e83bafaea750082f22a24ce86fa9c6c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 5cd1d20818393ed993027d9e857fa2a8
SHA1 76def0cf54f7a4023c8960491e4db1588fe59cf1
SHA256 3dc6018e57f0c098704b86ea8ec833368e884cd441d3592299635a90dc64cd3e
SHA512 a970d95778af2471c0746caa064fd861b98e5a3c63c6c4aedddb39c58e38d4b2c181ecc77616ac04cbdd7efcfaf48a2e7f9977a98533b03ff7fef4fb6720b1ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 7e0c63feb5542a4153be991109f1e054
SHA1 d14e1ec893be61199a2ee31464527f4555b7540f
SHA256 8eee3ddcc5aaadde67b0a8fff833b241874770124185338e37a1a06bfac83755
SHA512 b10eb4daee09a9d429492078b218571f02ee7a5c2e0c677a1e8baf8650791223cb03009e6ffbd1fc2da868f8bb8c5d6a066cc29e6d8776e6992827a9f04a968d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 33efc03b4f52cfdb554ee0d192f7479f
SHA1 2d69f45840625e96051cf31a1862ffb166732930
SHA256 f8ff5ab7b9590ebacbb294ae032a5e638e051029ee6179b38883b6915cf8fd3a
SHA512 caac392554bcb9091311e66d1333b94410aeb2f89d95f70c7971c97543c93b7d7d9c05b31753fbdb73c22b4886a399a6b24f3b50880a9f243aea6e0ad7abdca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 4467cf9788587491b82bbb68ae3ec6f5
SHA1 559c9e0c991dff84ad08fb7194adf758a7fc1531
SHA256 00b2e4784ca48e940fcec998238ea79431705d5221c702335e560a4b6c6c0c71
SHA512 3969b1ea681873f3e4476e1c9b92713cff96d97a82a5126390ec1c2775d8937e01183ab9b315583a50c3dcc1efefdc6a7c0ddd8426f4cb2d61de69743a5150fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 bfa94815c24351f2e029631d01ee8e2d
SHA1 3d1a80df2bd605f137372c02fe7fed2dea41cdf6
SHA256 ce8b043eddf58405ed1abe6416f458c530b45c6b3ea26d8ca0e8da642e65e0cb
SHA512 dd4933d418061a3bd3814bed5b343b0a5447896b82b35d790dfeee2f0f09627e92cab2c0f9c8a1cdcf9b5ed06f042a88cd451385449eecc72810f39d8ef9e0bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 d69b29f97c349b632ca3c5422faa29d8
SHA1 cdcc12c7297213526f4c8104c2e1df1193831dfe
SHA256 05dfb1344923a5474952325cda09de54c67decd4659b01a70c9bb49dca7bd69b
SHA512 8d0f818892ed00dd80663c1e7dd3171ae39ad83aa1478dc82f5fe506a1e16f59815cb04382e392c8e986b1c735ce3466410504a79d0962891f6539aa57d259eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 28029986c66ddce2907d62de8f7d7b17
SHA1 f82220db87a257ea0ff266db226f7ae4653f3fc2
SHA256 843c87c9dafb89c253b2043b763e8806c1a08e7f980e51fd7d223588c61217ec
SHA512 47d3f0c0d85251e7cc34970644164d940ace7e2fa2b47d5ab4748652871268cd5b59602cfde82f752d4b3d13ea4c43327cddda3ce87b4c36fbea881ffb3933fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 b19e58eb9cb9b45c642dbe0827df8148
SHA1 aea5528d7b14b5161a5acbe21f890195ba296ee5
SHA256 9d566eb63e1d471c57a9b1829b783131bb952bec88190e466e53b047faf0142d
SHA512 764d51fed96a035d3d70a8f20ce2704549739c3ecef27a45a6d0b8187d92e52dd2b55431be5f94d5ae03b6c8a0cab9c31f63d1ca66540596148cc57159d0f49f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 7120e29812ffeb53d46eda4dee3291f7
SHA1 e2edf428cc0b95d80886e09d48d94fe2d1554759
SHA256 2b3b75a40755276cde3812b34a4af3b06fd078dcde0a24a0bb7ca4246b34ac28
SHA512 bb7cd8eaa797c0b18dba8e797ea7d7c5bb76e8a021cb8f6e9e1d648d25c2084c1d3cbbf115f0a84847bc203b085e3503765de65bb4b97999b33a30b6d84eeae5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 dd8146db41136b800f0e8264b50cce2c
SHA1 e7e496bde73e174e0bc04c43893873a3aabb0678
SHA256 ee228de9237868dde5dbe9f0a03ba2d602675669051aeb044c75ba09cdc5689c
SHA512 f096fbe0e7679d08d709a9bbb7f2a539cbdba865aabad2784160d91f620d1771aec0096588e7830ee6b1048b0ac392845f4aff2ecfe3db3f31d9a6076e8c17e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 1f9487a1d9ba5a85a9ba6f1a0b6dce2d
SHA1 24a664067d228d3dac083cd17114ae6e858d73c7
SHA256 6344f9e94c014d574c99a35428fb003b97b4d16fc7b94b8cf8416f9a7c4f155d
SHA512 faacd752148d9e7afc61da24ad5435b86f4bce60f0bc3f41e3a67922aba6f4dc22b5b1a68c733f8aee2c9416ff3560e2c0f0fa90b5a588fdb0f077aeb7a7bdf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 225455497a19ae9238c1c9e3ec6d624b
SHA1 56a450c88ed98c515abf57e67f06fc39244ec100
SHA256 d3dd7dd2d51be767cb461d3b52ecad575c343db5b3d298431c498636e83f8873
SHA512 b48ca96dbf49d315dd886bcb08f38a39dcdda14bb73537c33bb15787ee71455689662b10854f1175c7911fd07345f4238c3f5f94455615fb2b10623962b05674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 53e67bb21679ab970e4f7a531354f84a
SHA1 f5e07f442ab72fbfc196244eb6e96a60aa213e8f
SHA256 6205bc5f81bf669328d15552e20cf77eaaf636c8d7f79739bf56261471d85e05
SHA512 69d7516a9acdacea59c789f31e8bcc09ace10d6069e36ee5ba12993b216613048b72f5499a5a046061657b010a619ae479a6f2dfcb98db46f05763711bd583c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 30970f26f7a6da34ef1ab0e060dd6551
SHA1 5068c7031d51124a03bdbf1ca884a97101d9d78b
SHA256 dc5ef65c88f515151352cef5f8cfede3d5afdf089561874da703fa74b8c39858
SHA512 72735f40212c893fdcacf53309370726c8a5c290cf3c65aace225c7b474cf5859844968e87f16b21245bb0b75b3b81f901de58a3d4b47aa010b359659e0d314c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 3e278232b923045fdb147ced2de48ff3
SHA1 50147909ffaa89b12dabf791713bc9f432a2584f
SHA256 7651fb801c085f984488083c5489cb6b94414e4e5c20e32f5507202642c6bc8c
SHA512 a6e78cedcbac1cb58a178a9bcb024b3d6f595013c9bc162a6bbab714cbda057cc40248768d7baa69a85827e24ed81e4d50502bf6b3c7f671b48a80d7ac1c8fe3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 7a750eccd64bcb7c0e63cd91332760a7
SHA1 5f2011e1fae2c39e8d31be418abcc70b0db602f8
SHA256 3e20cba32209388ea78a2bc727f5cb6d9bb9adfe9885dc625ca29bce0b439f41
SHA512 885c81364d57037a5c071c0c771e36c77405104f03f712baa7f339c7ecbc94fb7291009be144e23ab9290a08c174c841b1fb60e6d811aa790504ba67f1939932

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 fee0ac7e403d9fd8f509edf7647c5fc7
SHA1 9e40b873608d674c9d3c15138173117d6211b68c
SHA256 19de13cb19b4cb28d3b5d2a8610904dfa325849811fa5ebb76c5cc510ba52ab5
SHA512 85460561d1cb7df7d95da0010637e5a70828f84298e525bc7f54a8aa83b57d6ef4ffebe61aec9cdc36cb3a6f166c356625a3d38dfbf98df5362509f34d248fe5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5e462886ef605a2db9b680df09f940fa
SHA1 e985e838c3dba46e9e58da86d01f85d1c4d115cc
SHA256 463dfbc2a630dbaf3cdcc4ee520dea11abbcb29b2409e9d2848d36947b1e9b8d
SHA512 9b4c82d9149e2646a0954f4b049be38babc17e5990c76ca9ac257937ea5bfecc5a1607677f10e80fafe21c9789fa58a1913eff45e806276940b8be5de01903f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9721246760112449_0

MD5 184d074160a7589494e7bd6ddedcb5a5
SHA1 0969c9de06b76a7c4059f50d52ba9e1183082b1e
SHA256 900723d8d81ae47fee5c4f62031b07297afdb209df132cc021526e2e5773db5b
SHA512 5b5aebb5231f8910fb56d1a314a8c2786e6941aeb15317de054dda2ba58e541f5e873214095ecfed14bdfbb710b25a031005aef7bfa67f1f83ecd20637f47e94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c644062b95acf88_0

MD5 7429ef1fdf035f6435ab1a6fd45488b3
SHA1 2c9c107833976bd6db44a843a850c645f8afa3b2
SHA256 4878aba130ccc13cd0ffa1c3771aa6b06dea91483ae37f52e323be23b97b5e02
SHA512 8ad6851b0f3dfafe565063633128da3dbdf15a549083885c9f0cd4250d7a948b2fc06cf40a66915dfb2b0686c2edec4f779ea90ebe0a2f770ef043727d1bf510

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 31eaf0ea91946301104a8bd648e1a1a6
SHA1 030e3beca075dbb51aa68eeeae29a0c48aced8a8
SHA256 5d2f9ce41d261ac4b48967456dcbf5ee3b33bcccbf1bd5f0b48dfc13498fcf59
SHA512 42526bf2539504ce1dadff463ab58045bf45e89a4ede62f855fabfbf57dda164d6eb571b0b7cf5673e189cd7ee7b0c4aaa51bbb2590833f037be2410da0fdd9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 9094185efe8a85beb600c5b3946869ad
SHA1 6a66fa9fb9932f946d27055660acaa72b1c7f668
SHA256 c2fae62b0e0985d291acc304d958cc13de36839f5b0f54a8cd3ba208d938e072
SHA512 beded72be6b00be5cfc5dbb5effa8cec0e89163a7eeb5d19e560a1b872ac6f8218bada89e4a661ff28f4e257c11be51554417b38b0e5064de3cb30fd33758db4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3355c555ad5e31aa_0

MD5 33813af368c328e1017241c97b81cee9
SHA1 b3a24c36597576017d80fa4857084b1a761eb43f
SHA256 bb003a2939154e5e586284addc7a1b5ab4925471bf5e1f8402a94cf61605be0c
SHA512 64e001429ab9d20c392f049cfc57ae9f90e99b8745913c37e1db57e4a505d42316985e3ce461c00a4a6ad4b6cf2a76b4a570c77e3a792408211d8bbc614f181e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9dce68c4ae104c0ecbc7a0b730f6acea
SHA1 182c58889cd4ad469255ded65b9fcbbb48f5b2ad
SHA256 9d913bcd5adc11c48b3df9127b879be25674f0b861a564a07d5b91446f333efe
SHA512 db3e9d2aad99c96c67b09c8088f60f85a7e296650352e5a447ffdc93416a802658c72a2c344bd2b3052dd554159b57af415db4df69672d9bce3ee9de5819f847

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 32d04919368910b5cbf1084f3a1fe144
SHA1 e801202ad0b17aa1fefcc767b03305d0a57f5194
SHA256 f03e40debdbc77ca8082b7f145373feed20d5f927981aa7410e155789b1e8170
SHA512 57d24ccbf79ec38c8c72ede06fc5cee0008e8bb839941b7d04578e34c771c0c3e61bf875cc397c36fe8dc6e47ab2751758e4efe5b4c57a943af8a16fd096b7fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 34569cff170587c69a65eb67bed97d17
SHA1 6f42ea270ba3dc5a8fac0f45418aeb2d34d21711
SHA256 b108201f484d51c77af9f3f03d4e2a05d144186d2cf3b8e116064aad8f504892
SHA512 d0250514fec4caf419da74bcf65dc9bc4e14bf44850886524268087fcf90358a6b2522e797a9b9fe1aacb93d330bc61659dd18ad7fcbf3c97c7ccf3adf9a4319

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3c177e7d865d3e745424d747b3414e68
SHA1 a0e731ddcae7726b3acd33d941b3375c6bf34c60
SHA256 ee24ff5fce6c5fb85b2ff168785e3ba72249b4d7b697187aa4dcac248732fc17
SHA512 5bb0fa11f8695feebd7bcd432a42f03a8ba343e09921509dc4b01152b789267134960f9890c6ec7fadb69421112f6c33b6af546fb1fdd97c73db6d551ab1f53b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 68a993f64d566159304b81749629e924
SHA1 437fcdf1f2541dcdd80f4d52fac337c8fdcf7d7e
SHA256 51bb0210af93f883c53925e13068980e64cd3a18cbb3c5fb98eab480ceeee810
SHA512 9289ed965d1c8f93c881f9c7e782573568535e09f8b3ee14d8bcd010e443a476f722b0dbc2adf19976fa9748b1deed2db657ae7b977785e010692c301ec9cb99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b7f74b0f26d52e711618d28de271f9be
SHA1 79523ceb94aab1f0f552a963c6ec09ad2f7e13c6
SHA256 d59aed696ae8577b0e6ef011725454d8a1909c6f278124577f6cca7bc83833db
SHA512 39f8e01144011fbd3c1e16b218950a36568c2b3d25e2a36a26aa3d6a5a11e13efc48bc1248988db8114695dc819eab7f995137e38cbfc1f287d4ad9985fc1b8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7c977e6b49afeb779a4efa62666ecb22
SHA1 df61b6d60af1fb124cb38c633578d65842192ab5
SHA256 3792862745996c818e8f122333349cb04903f462700ca3aaef06323d21007134
SHA512 299d96bf4bf00b48cc8d1945f00218df426880fed40477cddb544792c9362e359f471237b6101fd66fe36609c0b1c3309053446bbbdcb74a5224bd7d25282793

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d07875059311b4eb88d3bff1e4db7d70
SHA1 f86050fd8e299d5491afa8b28865a20edaf5364e
SHA256 d6056a14fbb54855d6db4e98c4678e05480b4074228e7dc02c3d7dc7aed4b2fb
SHA512 4409a6b0e208fc86749598eb57f5e106aa2fd7a408ddbfc2e45f8ddca7f91e5a32e30bf02c16fdc789c577544b93281cbf04398db9ce6f1b4d61b0fa6cb93dc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 15abf0ff3812233c7465814ec501dbed
SHA1 63447db41e41184b781ccef509992e67f33c3e0d
SHA256 ec3837f8b746384409f1ee19151500981c2cb3036b45e591fcc8f9044899c574
SHA512 08ffbbd5fb7d974ad78893bdca3b6818f7c3adf47623cc5200cc67d5c427b1129da03272c6f5116162aa29341b5c5093702055795d58aab89869f3570eee11c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9233fc334c57ebda_0

MD5 a491e36f975a04dcca70d53e86e1dcae
SHA1 aead91fb8300cbae23fd340162f64e8ff4b0d0cd
SHA256 fce09f896faf3e7f9df300fbf9bc3dfbc237240e6f53dd356dae82eb3a4d335b
SHA512 a089eb5b90dd19b1abb9436f8da2fd5ef9a6f2390361c94f79bb5abd7a4b1404ad35099b53bd0b102a627b8acc96d364499e73280c1747f8b6f432b657be1cfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a2cb5e324bd8aab_0

MD5 4cfbd94bb3c75694bfbe76b4172c6ffc
SHA1 0ec5769e709c76dd5334bf5ac0e0be9f314affb3
SHA256 187ff15fe9711f4049aca2e5251ce2b61966f1cdd2c557b06db7cf5828cbb7e5
SHA512 40e8db46e0f5545cc58a166cd821610ba64dbed55d192dba7cf312377ab5df3869ce167f99e78517099acb7850ddf71a1f60c89177e934874165056cdde69205

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a39dd8d7476a721_0

MD5 7dccc72d523768ed7a1e47c501662a06
SHA1 52919430d13b0761b4ef986e78c4e89ca4584013
SHA256 59aec4e3ab442642578632c01734294b98486dbd7c32136d567b706a5d6c838f
SHA512 75e19d572f9663595782476e15afdae019e3a7cfd2b440afc0aab93d59e3015ca1486a782843318e53ce5c26fa1b7d5ee67e23df42fd5c7beedf2955397b36a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ab947303f582a79_0

MD5 fee7f7dfb5eb40995a746d9357b07b05
SHA1 df3ba587a4239dd3f56704458194a15ed16c4f33
SHA256 da4ca5db2996a9a8af5b6be43f9ad4912237e878f6bfcd5f2c3a951082864c9f
SHA512 8a073be2b93b638a3f48848525fad23c4638060c4c5218cd7c1e7a96bd07812e8641d2f1547cb1abdb61ed8c6c8179ff05e308835638d25d8fcb8d6ecc714ad4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d30f9cedb1cb68_0

MD5 40b41418a14f5522c35dfe083c6f39bf
SHA1 07037270f8173a459a3bf585d0a51db2b19c90a3
SHA256 ae9e342c3a7e8c641f8dd1660d16525ca3433e7f7d7142caad93bb4ed0640654
SHA512 f5233d7f19dc7cca267f4f633da41fc30a2876d19b01b633d3c460d1028911a39ed3e7d5b475cb595eec47507a42921d08edb81e44a93114da581b2054c7d55b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\43d474a5541c61e1_0

MD5 095fbc8403475fa1e96a9dad19ae8576
SHA1 ae9fcd120704be5f4ab884ec37cfd9947ea2a713
SHA256 01c39408edd2072afa6fdf582f7167414f63d59157e1e7225f423dce1a8a626e
SHA512 1756770187c65961cf9a1d49c55aca3906341f992f1dfdbf211752349c00bb2475633d91b5ec15fa0a1313672f9d8cc0e1515c330fa2223c51e87fdb6670c8fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 06ba7b0d9edc74326b4ec5cd313268a7
SHA1 564acde97d8e96ccaf708a4f4eee67f035e49778
SHA256 465978cc425c0d7286da2dd92739454c7dffd52c189be1741d94ee889759c39e
SHA512 c990afbdfa31a44dd8f7b331c35ba5b5a181ae1e96b9614209c79119865d03e3b37dbdc46e489e8e880a4d59372b1d8fa4e172045b03962124436916c84173d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 937d03fea3725268ec0cba462451d115
SHA1 739c0dc78a3b34114134e0778188f5fde6242d4c
SHA256 b1c1f993e64db315360cb61cd74d69989f5618604a04d1f1a69a0aac21d799ee
SHA512 1db1a245aee85f75ac7a6edb828a464cd8ae1030efe15ef6487c3945d1b8703fe6b9d3b8ed1756e9505a593085a17e3c55f5ac47b28a72b370dd44b374e352a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 537fed682e34f6b6634d87b31e730fcd
SHA1 914b0d70d700ce15e406b1f5f1280fd7c231d5f5
SHA256 d8ec6abde07368a33f30da1b4daca12ba5fdb8148672ef3daf70366a1acf3267
SHA512 858d11368e010b9987fcf38321a920a06ed8ad9547bf46e461e75cdc03d41f39e2744f7b93ebee4caed44dca84b39a1623ca79bce81dcf9bb22fb9ccb376f0fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cd71e76556ded75d8f5ff159d0c2f482
SHA1 6df2c6193633284b3a73dc2dba0adc09d47cbcbe
SHA256 770978ec72943bec04b8d8d606f1c61e450596edb82e57d6e7936fa83970be12
SHA512 853d3093909fc961f82fcd5bd0ba48e309395ff1256fb1d393385aa0b9a663f76fd19e2c2b6284845ee0aad55efe79bd980babae2462f56c41639d06a3783161