Malware Analysis Report

2024-09-11 07:27

Sample ID 240527-nshahaah95
Target versions
SHA256 1d641ffc85ed4b70e06af2dbd8c02a6cc44b1a0aa41a4ba12e0999f3a196b808
Tags
discovery execution exploit persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1d641ffc85ed4b70e06af2dbd8c02a6cc44b1a0aa41a4ba12e0999f3a196b808

Threat Level: Likely malicious

The file versions was found to be: Likely malicious.

Malicious Activity Summary

discovery execution exploit persistence

Creates new service(s)

Manipulates Digital Signatures

Downloads MZ/PE file

Possible privilege escalation attempt

Modifies file permissions

Loads dropped DLL

Registers COM server for autorun

Executes dropped EXE

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Launches sc.exe

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: LoadsDriver

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Checks processor information in registry

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

NTFS ADS

Suspicious use of SetWindowsHookEx

Runs net.exe

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
System Services
T1569
Service Execution
T1569.002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Subvert Trust Controls
T1553
SIP and Trust Provider Hijacking
T1553.003
File and Directory Permissions Modification
T1222
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-27 11:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 11:39

Reported

2024-05-27 11:44

Platform

win11-20240508-en

Max time kernel

300s

Max time network

301s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\versions.html

Signatures

Creates new service(s)

persistence execution

Downloads MZ/PE file

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.2\FuncName = "WVTAsn1IntentToSealAttributeEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.2\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverCleanupPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainFinalProv" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.3\DefaultId = "{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001\FuncName = "WVTAsn1SpcMinimalCriteriaInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.2\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\FuncName = "EncodeAttrSequence" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" C:\Windows\SYSTEM32\regsvr32.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\ldplayer9box\load.cmd C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\NetAdp6Uninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf.inf C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcp100.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcp140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-multibyte-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\GLES12Translator.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcr120.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\platforms\qminimal.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\tstPDMAsyncCompletionStress.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\msvcr100.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-synch-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\vccorlib140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-errorhandling-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-process-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\host_manager2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\UICommon.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\SDL.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\concrt140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDTrace.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-debug-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\GLES_V2_utils.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\libeay32.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-handle-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-datetime-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-util-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\fastpipe2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5OpenGL.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\NetFltUninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxInstallHelper.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSharedFolders.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\dpinst_86.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxBugReport.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDragAndDropSvc.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-multibyte-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-heap-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-string-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxSup.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-runtime-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\libssl-1_1-x64.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\NetLwfInstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\ossltest.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxProxyStub.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-namedpipe-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\vccorlib140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-sysinfo-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxAuth.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\padlock.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-processthreads-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxCpuReport.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSupLib.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSVGA3D.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\vbox-img.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\GLES_V2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612835983966177" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AE84-4B8E-B0F3-5C20C35CAAC9}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3CF5-4C0A-BC90-9B8D4CC94D89}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E8B8-4838-B10C-45BA193734C1}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80F6-4266-8E20-16371F68FA25} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A2-41AF-A05F-D7C661ABAEBE}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}\NumMethods\ = "22" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\ = "IFramebuffer" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7E72-4F34-B8F6-682785620C57} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8F30-401B-A8CD-FE31DBE839C0}\NumMethods\ = "12" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0002-4B81-0077-1DCB004571BA}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6038-422C-B45E-6D4A0503D9F1}\NumMethods\ = "15" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-DAD4-4496-85CF-3F76BCB3B5FA}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-04D0-4DB6-8D66-DC2F033120E1}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\NumMethods\ = "16" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3EE4-11E9-B872-CB9447AAD965}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A2-41AF-A05F-D7C661ABAEBE}\ = "IVRDEServer" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ldmnq.ldbk\DefaultIcon C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.ldbk\Shell\Open\Command\ = "C:\\LDPlayer\\LDPlayer9\\dnmultiplayer.exe backup=%1" C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3EE4-11E9-B872-CB9447AAD965} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-486F-40DB-9150-DEEE3FD24189}\ = "IGuestFileReadEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ldmnq.apk\Shell C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\ = "IKeyboardLedsChangedEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7006-40D4-B339-472EE3801844}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44A0-A470-BA20-27890B96DBA9}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057d-4391-b928-f14b06b710c5} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9641-4397-854a-040439d0114b} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8}\NumMethods\ = "28" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3618-4EBC-B038-833BA829B4B2}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5637-472A-9736-72019EABD7DE}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8a02-45f3-a07d-a67aa72756aa} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ = "IMediumRegisteredEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FD1C-411A-95C5-E9BB1414E632}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5409-414B-BD16-77DF7BA3451E}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3534-4239-B2DE-8E1535D94C0B}\NumMethods\ = "13" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E191-400B-840E-970F3DAD7296}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00B1-4E9D-0000-11FA00F9D583}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057D-4391-B928-F14B06B710C5} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D612-47D3-89D4-DB3992533948}\ = "IHostPCIDevicePlugEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\AppID = "{20191216-9CEE-493C-B6FC-64FFE759B3C9}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E}\ = "ISessionStateChangedEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-32E7-4F6C-85EE-422304C71B90}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7071-4894-93D6-DCBEC010FA91} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6FA-430E-6020-6A505D086387}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-32E7-4F6C-85EE-422304C71B90}\NumMethods\ = "8" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-BF98-47FB-AB2F-B5177533F493} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00B1-4E9D-0000-11FA00F9D583}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 206388.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2968 wrote to memory of 3844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\versions.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa87d3cb8,0x7fffa87d3cc8,0x7fffa87d3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,10840868976620066263,3251379546623352223,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,10840868976620066263,3251379546623352223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,10840868976620066263,3251379546623352223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10840868976620066263,3251379546623352223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10840868976620066263,3251379546623352223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10840868976620066263,3251379546623352223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,10840868976620066263,3251379546623352223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10840868976620066263,3251379546623352223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,10840868976620066263,3251379546623352223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa8f8ab58,0x7fffa8f8ab68,0x7fffa8f8ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3572 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4388 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4072 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4884 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4500 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4796 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4244 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4816 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5132 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5124 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5376 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5860 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6260 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6376 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6544 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6556 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5916 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6936 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7188 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7352 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7668 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7492 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7540 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7556 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7572 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7520 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7356 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7800 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7816 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7832 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7844 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7852 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7860 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7892 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8012 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8048 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8072 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8080 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8088 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8368 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10796 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5860 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6020 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6008 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10404 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10872 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11044 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11172 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7868 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=5872 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9904 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9868 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:8

C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe"

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1252 -language=en -path="C:\LDPlayer\LDPlayer9\"

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=655924

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\F8E42495-388B-4084-AF06-FF3C21BD8E5D\dismhost.exe {E0B7B3E6-A849-47DF-ABEB-8EFFDCC43E31}

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7356 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:2

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\LDPlayer\LDPlayer9\driverconfig.exe

"C:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa87d3cb8,0x7fffa87d3cc8,0x7fffa87d3cd8

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\\dnplayer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004C0

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=2732 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=2680 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=3392 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=7960 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=10036 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=2700 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa87d3cb8,0x7fffa87d3cc8,0x7fffa87d3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=1500 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=10020 --field-trial-handle=1796,i,2892853089509179568,7920367509836264117,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8692 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15636121442502155904,2859823737988442866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2388 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 cmp.setupcmp.com udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 18.239.208.87:443 cdn.ldplayer.net tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com tcp
US 18.239.208.87:443 cdn.ldplayer.net tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 87.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 22.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 104.18.30.49:443 stpd.cloud tcp
NL 23.63.101.152:80 apps.identrust.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
N/A 224.0.0.251:5353 udp
FR 172.217.20.196:443 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.174:443 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
FR 216.58.213.78:443 www.youtube.com udp
FR 216.58.213.78:443 www.youtube.com tcp
FR 142.250.75.246:443 i.ytimg.com tcp
FR 142.250.75.246:443 i.ytimg.com tcp
FR 142.250.75.246:443 i.ytimg.com tcp
FR 142.250.75.246:443 i.ytimg.com tcp
FR 216.58.214.78:443 www.youtube.com tcp
FR 142.250.75.246:443 i.ytimg.com udp
US 163.181.154.238:443 www.ldplayer.net tcp
US 163.181.154.238:443 www.ldplayer.net tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 18.239.208.87:443 cdn.ldplayer.net tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 18.239.208.87:443 cdn.ldplayer.net udp
US 104.18.30.49:443 stpd.cloud tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com tcp
FR 142.250.178.142:443 apis.google.com udp
FR 142.250.179.78:443 fundingchoicesmessages.google.com udp
FR 142.250.74.234:443 content-autofill.googleapis.com tcp
FR 142.250.74.226:443 www.googletagservices.com tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
US 18.239.208.67:443 apien.ldplayer.net tcp
US 18.239.208.67:443 apien.ldplayer.net tcp
US 204.79.197.237:443 bat.bing.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 178.38.239.216.in-addr.arpa udp
US 18.239.208.67:443 apien.ldplayer.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 18.239.212.129:443 c.amazon-adsystem.com tcp
US 18.239.208.5:443 tagan.adlightning.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
US 18.239.212.129:443 c.amazon-adsystem.com tcp
US 18.239.208.90:443 config.aps.amazon-adsystem.com tcp
US 18.239.207.196:443 aax.amazon-adsystem.com tcp
BE 74.125.206.84:443 accounts.google.com udp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 18.239.208.2:443 tags.crwdcntrl.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
IE 18.202.122.123:443 bcp.crwdcntrl.net tcp
NL 89.207.16.210:443 proc.ad.cpe.dotomi.com tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 2.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 123.122.202.18.in-addr.arpa udp
US 8.8.8.8:53 210.16.207.89.in-addr.arpa udp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 104.26.8.169:443 script.4dex.io tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
FR 185.86.138.123:443 prg.smartadserver.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 104.18.34.178:443 mp.4dex.io tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
FR 185.86.138.123:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DK 37.157.5.133:443 cm.adform.net tcp
DK 37.157.5.133:443 cm.adform.net tcp
US 104.26.8.169:443 script.4dex.io tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 104.26.8.169:443 script.4dex.io tcp
US 34.98.64.218:443 eu-u.openx.net tcp
US 34.98.64.218:443 eu-u.openx.net tcp
IE 52.212.96.238:443 ice.360yield.com tcp
FR 149.202.238.101:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 18.140.106.185.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 133.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 34.98.64.218:443 eu-u.openx.net udp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
FR 216.58.215.34:443 cm.g.doubleclick.net tcp
FR 216.58.215.34:443 cm.g.doubleclick.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
DK 37.157.3.26:443 c1.adform.net tcp
FR 216.58.214.161:443 a9c00a4ae97cea6fc1eb49bbba2c1826.safeframe.googlesyndication.com tcp
US 34.149.40.38:443 u.4dex.io tcp
FR 216.58.214.161:443 a9c00a4ae97cea6fc1eb49bbba2c1826.safeframe.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 216.58.215.34:443 cm.g.doubleclick.net udp
IE 54.216.114.27:443 rtb.gumgum.com tcp
DK 37.157.4.29:443 cm.adform.net tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
NL 46.228.164.13:443 d.turn.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 63.215.202.140:443 openx2-match.dotomi.com tcp
US 52.71.51.230:443 sync.srv.stackadapt.com tcp
IE 54.246.18.125:443 pr-bh.ybp.yahoo.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
FR 51.68.39.188:443 dsp.nrich.ai tcp
NL 178.250.1.9:443 dis.criteo.com tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
DE 159.89.25.223:443 node.setupad.com tcp
US 216.239.38.181:443 analytics.google.com tcp
US 216.239.38.181:443 analytics.google.com tcp
US 8.8.8.8:53 27.114.216.54.in-addr.arpa udp
US 8.8.8.8:53 29.4.157.37.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 140.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 125.18.246.54.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 230.51.71.52.in-addr.arpa udp
IE 52.16.234.114:443 ce.lijit.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 34.149.40.38:443 u.4dex.io udp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 34.96.71.22:443 s.company-target.com tcp
DE 18.192.200.108:443 match.sharethrough.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 51.75.86.98:443 onetag-sys.com udp
NL 185.89.210.122:443 secure.adnxs.com tcp
US 74.121.140.211:443 sync.mathtag.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 163.181.154.234:443 ldcdn.ldmnq.com tcp
US 163.181.154.234:443 ldcdn.ldmnq.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 172.67.40.173:443 mwzeom.zeotap.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
FR 51.178.195.217:443 rtb-csync.smartadserver.com tcp
FR 51.178.195.217:443 rtb-csync.smartadserver.com tcp
DE 3.121.157.160:443 rtb.mfadsrvr.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 211.140.121.74.in-addr.arpa udp
US 8.8.8.8:53 217.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 160.157.121.3.in-addr.arpa udp
US 8.8.8.8:53 147.128.46.52.in-addr.arpa udp
US 8.8.8.8:53 116.158.57.154.in-addr.arpa udp
US 216.239.38.181:443 analytics.google.com udp
DK 77.243.51.121:443 uipglob.semasio.net tcp
NL 193.3.178.4:443 sync.e-planning.net tcp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net udp
NL 178.250.1.3:443 static.criteo.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 193.3.178.3:443 u-ams03.e-planning.net tcp
NL 193.3.178.2:443 s.e-planning.net tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
US 54.164.199.225:443 cookies.nextmillmedia.com tcp
BE 2.21.18.175:443 eus.rubiconproject.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
SE 104.73.92.198:443 ads.pubmatic.com tcp
US 151.101.1.44:443 trc.taboola.com tcp
US 3.231.143.27:443 dmp.v.fwmrm.net tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
IE 34.241.3.170:443 dpm.demdex.net tcp
DE 3.65.80.227:443 aa.agkn.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
NL 89.149.193.105:443 sync.smartadserver.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 54.85.88.207:443 i.liadm.com tcp
US 50.31.142.31:443 b1sync.zemanta.com tcp
IE 52.16.125.180:443 obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com tcp
US 8.8.8.8:53 2.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 175.18.21.2.in-addr.arpa udp
US 8.8.8.8:53 225.199.164.54.in-addr.arpa udp
US 35.186.193.173:443 cm.ctnsnet.com tcp
NL 193.3.178.4:443 sync.e-planning.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 34.193.171.116:443 pxl.iqm.com tcp
US 172.67.138.13:443 adxbid.info tcp
NL 145.40.97.67:443 sync.a-mo.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 34.96.105.8:443 tr.blismedia.com tcp
NL 34.91.62.186:443 um.simpli.fi tcp
IE 34.254.84.230:443 match.prod.bidr.io tcp
US 18.239.208.15:443 s.ad.smaato.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 180.125.16.52.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 207.88.85.54.in-addr.arpa udp
US 8.8.8.8:53 31.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 13.138.67.172.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 116.171.193.34.in-addr.arpa udp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 186.62.91.34.in-addr.arpa udp
US 8.8.8.8:53 230.84.254.34.in-addr.arpa udp
US 8.8.8.8:53 15.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 eb2.3lift.com udp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 104.19.158.19:443 assets.a-mo.net tcp
NL 63.215.202.169:443 pubmatic-match.dotomi.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
NL 134.122.57.34:443 match.adsby.bidtheatre.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
SE 213.155.156.168:443 d5p.de17a.com tcp
NL 35.214.185.183:443 csync.loopme.me tcp
SI 195.5.165.20:443 core.iprom.net tcp
IE 54.217.19.5:443 cm.adgrx.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
FR 141.95.172.216:443 green.erne.co tcp
US 34.128.133.112:443 ads.avads.net tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
DE 52.57.22.80:443 sonata-notifications.taptapnetworks.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
FR 146.59.148.16:443 pixel.onaudience.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net udp
US 34.128.133.112:443 ads.avads.net udp
DE 52.57.150.20:443 ps.eyeota.net tcp
FR 142.250.201.163:443 www.google.co.uk tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
US 8.8.8.8:53 216.172.95.141.in-addr.arpa udp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 80.22.57.52.in-addr.arpa udp
US 8.8.8.8:53 16.148.59.146.in-addr.arpa udp
US 8.8.8.8:53 20.150.57.52.in-addr.arpa udp
US 8.8.8.8:53 163.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
DE 3.69.181.171:443 1f2e7.v.fwmrm.net tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 198.47.127.20:443 image4.pubmatic.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
US 8.2.110.113:443 as.ck-ie.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
IE 54.77.107.197:443 ap.lijit.com tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 188.42.189.231:443 ads.betweendigital.com tcp
GB 89.187.167.8:443 vid.vidoomy.com tcp
US 104.18.38.233:80 crt.sectigo.com tcp
US 34.111.131.239:443 idsync.frontend.weborama.fr tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
US 172.64.146.152:443 capi.connatix.com tcp
US 18.239.208.55:443 live.primis.tech tcp
US 52.72.151.87:443 sync.ipredictive.com tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
FR 146.59.148.16:443 pixel.onaudience.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
GB 89.187.167.4:443 vpaid.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
US 18.239.208.87:443 cdn.ldplayer.net tcp
US 18.239.210.27:80 ocsp.r2m02.amazontrust.com tcp
US 18.239.208.97:443 apien.ldmnq.com tcp
US 18.239.208.87:443 cdn.ldplayer.net tcp
US 18.239.208.87:443 cdn.ldplayer.net tcp
US 18.239.208.2:443 tags.crwdcntrl.net tcp
NL 193.3.178.3:443 u-ams03.e-planning.net tcp
US 20.114.190.119:443 x.clarity.ms tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
US 216.239.38.178:80 www.google-analytics.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 20.114.190.119:443 x.clarity.ms tcp
FR 142.250.201.163:443 www.google.co.uk udp
FR 142.250.179.110:443 google.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 18.239.208.121:443 ad.ldplayer.net tcp
US 18.239.208.98:443 cdn.ldplayer.net tcp
US 18.239.208.98:443 cdn.ldplayer.net tcp
US 163.181.154.236:443 en.ldplayer.net tcp
US 18.239.208.98:443 cdn.ldplayer.net tcp
US 18.239.208.98:443 cdn.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 18.239.208.98:443 cdn.ldplayer.net tcp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 162.159.134.234:443 discord.gg tcp
US 162.159.134.234:443 discord.gg tcp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
US 18.239.208.121:443 ad.ldplayer.net tcp
US 162.159.138.232:443 discord.com tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 18.239.208.98:443 cdn.ldplayer.net tcp
US 18.239.208.58:443 encdn.ldmnq.com tcp
US 18.239.210.27:80 ocsp.r2m02.amazontrust.com tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 18.239.208.98:443 cdn.ldplayer.net tcp
FR 172.217.18.195:443 beacons3.gvt2.com tcp
FR 172.217.18.195:443 beacons3.gvt2.com udp
US 8.8.8.8:53 195.18.217.172.in-addr.arpa udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 147.75.84.158:443 prebid.a-mo.net tcp
FR 217.182.178.225:443 prg.smartadserver.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
DE 37.252.171.21:443 secure.adnxs.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 34.149.40.38:443 u.4dex.io udp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 52.210.242.228:443 match.prod.bidr.io tcp
IE 18.200.82.199:443 rtb.gumgum.com tcp
US 172.64.151.101:443 r.casalemedia.com udp
FR 5.135.209.100:443 ssbsync.smartadserver.com tcp
NL 63.215.202.140:443 amazon-tam-match.dotomi.com tcp
DE 52.29.54.89:443 match.sharethrough.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
IE 54.195.158.29:443 pr-bh.ybp.yahoo.com tcp
US 18.239.208.57:443 s.ad.smaato.net tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
FR 216.58.215.34:443 cm.g.doubleclick.net udp
DE 51.75.86.98:443 onetag-sys.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
JP 124.146.153.162:443 tg.socdm.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
US 8.8.8.8:53 trace-eu.mediago.io udp
US 50.31.142.31:443 b1sync.zemanta.com tcp
NL 63.215.202.137:443 stx-match.dotomi.com tcp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
US 34.98.64.218:443 setupad-d.openx.net udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 104.18.24.173:443 a.tribalfusion.com udp
JP 124.146.153.162:443 tg.socdm.com tcp
US 54.164.74.54:443 sync.srv.stackadapt.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 18.239.208.64:80 apien.ldmnq.com tcp
US 54.163.32.160:443 sync.ipredictive.com tcp
US 8.8.8.8:53 199.82.200.18.in-addr.arpa udp
US 8.8.8.8:53 100.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 89.54.29.52.in-addr.arpa udp
US 8.8.8.8:53 29.158.195.54.in-addr.arpa udp
US 8.8.8.8:53 57.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 198.233.247.34.in-addr.arpa udp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
US 8.8.8.8:53 80.168.214.35.in-addr.arpa udp
US 8.8.8.8:53 137.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 162.153.146.124.in-addr.arpa udp
US 18.239.208.64:443 apien.ldmnq.com tcp
US 38.91.45.7:443 match.deepintent.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
DE 57.129.18.111:443 wt.rqtrk.eu tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
NL 185.89.210.122:443 secure.adnxs.com tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
DE 3.121.27.153:443 ps.eyeota.net tcp
IE 54.77.89.252:443 ice.360yield.com tcp
FR 54.36.150.187:443 cookie-matching.mediarithmics.com tcp
US 52.116.53.150:443 8proof.com tcp
FR 142.250.201.187:443 storage.googleapis.com tcp
FR 142.250.201.187:443 storage.googleapis.com tcp
IE 34.250.160.0:443 pm.w55c.net tcp
DE 159.89.25.223:443 node.setupad.com tcp
NL 193.3.178.4:443 sync.e-planning.net tcp
US 54.196.96.93:443 cookies.nextmillmedia.com tcp
IE 52.16.125.180:443 obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com tcp
US 18.239.208.64:443 apien.ldmnq.com tcp
US 18.239.210.27:80 ocsp.r2m03.amazontrust.com tcp
NL 193.3.178.3:443 u-ams03.e-planning.net tcp
IE 34.250.113.16:443 bcp.crwdcntrl.net tcp
US 163.181.154.236:443 www.ldplayer.net tcp
US 163.181.154.236:443 www.ldplayer.net tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 18.239.208.87:443 cdn.ldplayer.net tcp
FR 142.250.179.78:443 www.youtube.com udp
US 104.26.5.6:443 cmp.setupcmp.com tcp
FR 142.250.179.78:443 www.youtube.com tcp
FR 216.58.214.78:443 www.youtube.com tcp
US 18.239.208.58:443 apien.ldplayer.net tcp
US 18.239.208.58:443 apien.ldplayer.net tcp
US 18.239.208.58:443 apien.ldplayer.net tcp
US 18.239.208.58:443 apien.ldplayer.net tcp
US 18.239.208.58:443 apien.ldplayer.net tcp
US 18.239.208.58:443 apien.ldplayer.net tcp
US 104.18.30.49:443 stpd.cloud tcp
FR 142.250.75.246:443 i.ytimg.com tcp
FR 142.250.74.226:443 www.googletagservices.com tcp
FR 142.250.178.142:443 www.youtube.com udp
US 18.239.208.67:443 apien.ldplayer.net tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
US 18.239.212.129:443 c.amazon-adsystem.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 18.239.208.5:443 tagan.adlightning.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 172.217.20.196:443 www.google.com tcp
FR 142.250.74.234:443 jnn-pa.googleapis.com tcp
FR 142.250.75.230:443 static.doubleclick.net tcp
FR 172.217.20.193:443 yt3.ggpht.com tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net udp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
FR 142.250.74.234:443 jnn-pa.googleapis.com udp
FR 172.217.20.174:443 www.youtube.com tcp
FR 172.217.20.174:443 www.youtube.com tcp
US 18.239.207.196:443 aax.amazon-adsystem.com tcp
US 18.239.208.31:443 config.aps.amazon-adsystem.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
FR 172.217.20.174:443 www.youtube.com udp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 18.239.208.102:443 tags.crwdcntrl.net tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
FR 217.182.178.225:443 prg.smartadserver.com tcp
FR 217.182.178.225:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DK 37.157.5.133:443 dmp.adform.net tcp
DK 37.157.5.133:443 dmp.adform.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
US 104.18.34.178:443 mp.4dex.io tcp
DK 37.157.5.133:443 dmp.adform.net tcp
FR 217.182.178.225:443 prg.smartadserver.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
IE 34.250.113.16:443 bcp.crwdcntrl.net tcp
IE 34.250.113.16:443 bcp.crwdcntrl.net tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 104.18.23.145:443 cadmus.script.ac tcp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
DK 37.157.4.29:443 dmp.adform.net tcp
NL 81.17.55.123:443 ssbsync-global.smartadserver.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 104.26.8.169:443 script.4dex.io tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
NL 193.3.178.4:443 sync.e-planning.net tcp
SE 23.32.84.225:443 ads.pubmatic.com tcp
US 8.8.8.8:53 u.openx.net udp
US 34.98.64.218:443 u.openx.net tcp
FR 216.58.214.161:443 24820e20fc766f983f6b7c6b0990dafe.safeframe.googlesyndication.com tcp
DE 52.29.0.150:443 1x1.a-mo.net tcp
FR 216.58.214.161:443 24820e20fc766f983f6b7c6b0990dafe.safeframe.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
US 34.98.64.218:443 u.openx.net udp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 172.217.20.196:443 www.google.com udp
BE 74.125.206.84:443 accounts.google.com udp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 123.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 225.84.32.23.in-addr.arpa udp
US 8.8.8.8:53 150.0.29.52.in-addr.arpa udp
US 18.239.208.68:443 setupad-tagan.adlightning.com tcp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
BE 2.21.18.175:443 eus.rubiconproject.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
IE 54.77.89.252:443 ice.360yield.com tcp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
DE 51.75.86.98:443 onetag-sys.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 185.89.210.122:443 secure.adnxs.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 172.67.40.173:443 mwzeom.zeotap.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
DE 18.197.7.178:443 rtb.mfadsrvr.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
FR 216.58.215.34:443 cm.g.doubleclick.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 34.149.40.38:443 u.4dex.io tcp
US 34.149.40.38:443 u.4dex.io tcp
FR 216.58.215.34:443 cm.g.doubleclick.net udp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 172.67.138.13:443 adxbid.info tcp
NL 35.214.185.183:443 csync.loopme.me tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
NL 145.40.97.67:443 sync.a-mo.net tcp
NL 145.40.97.67:443 sync.a-mo.net tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
US 18.239.208.57:443 s.ad.smaato.net tcp
US 34.193.171.116:443 pxl.iqm.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 34.96.71.22:443 s.company-target.com tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
DE 52.29.54.89:443 match.sharethrough.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 104.19.158.19:443 assets.a-mo.net tcp
US 34.149.40.38:443 u.4dex.io udp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
US 50.31.142.31:443 b1sync.zemanta.com tcp
DK 37.157.3.26:443 c1.adform.net tcp
DE 79.127.216.47:443 id.a-mx.com tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
GB 195.181.164.15:443 vid.vidoomy.com tcp
US 104.18.38.233:80 crt.sectigo.com tcp
US 104.18.36.155:443 ssum.casalemedia.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
GB 89.187.167.9:443 vpaid.vidoomy.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
IE 34.240.192.124:443 ap.lijit.com tcp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.2:443 ag.gbc.criteo.com tcp
NL 185.235.87.16:443 gem.gbc.criteo.com tcp
US 163.181.154.234:443 ldcdn.ldmnq.com tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
N/A 127.0.0.1:6471 tcp
N/A 127.0.0.1:6472 tcp
FR 217.182.178.225:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
US 18.239.208.68:443 setupad-tagan.adlightning.com tcp
US 18.239.208.68:443 setupad-tagan.adlightning.com tcp
NL 185.89.210.122:443 secure.adnxs.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 54.164.74.54:443 sync.srv.stackadapt.com tcp
US 54.164.74.54:443 sync.srv.stackadapt.com tcp
IE 34.240.192.124:443 ap.lijit.com tcp
IE 18.203.106.185:443 ce.lijit.com tcp
US 34.98.64.218:443 setupad-d.openx.net udp
NL 154.59.122.79:443 ums.acuityplatform.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
NL 154.59.122.79:443 ums.acuityplatform.com tcp
SE 23.32.85.88:443 sync.teads.tv tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
IE 52.210.242.228:443 match.prod.bidr.io tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 23.20.26.217:443 aorta.clickagy.com tcp
FR 172.217.20.174:443 www.youtube.com udp
US 20.114.190.119:443 x.clarity.ms tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 142.250.201.163:443 www.google.co.uk udp
FR 142.250.179.110:443 google.com udp
FR 217.182.178.225:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
NL 193.3.178.4:443 sync.e-planning.net tcp
IE 67.220.228.200:443 aax-eu.amazon-adsystem.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
FR 172.217.20.196:443 www.google.com udp
FR 172.217.20.194:443 googleads.g.doubleclick.net udp
US 34.98.64.218:443 setupad-d.openx.net udp
US 34.149.40.38:443 u.4dex.io udp
DE 51.75.86.98:443 onetag-sys.com tcp
DE 18.197.7.178:443 rtb.mfadsrvr.com tcp
FR 216.58.215.34:443 cm.g.doubleclick.net udp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
NL 35.214.185.183:443 csync.loopme.me tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
GB 104.86.110.113:443 tcp
NL 23.62.61.176:443 r.bing.com tcp
NL 23.62.61.176:443 r.bing.com tcp
NL 23.62.61.176:443 r.bing.com tcp
NL 23.62.61.176:443 r.bing.com tcp
NL 23.62.61.176:443 r.bing.com tcp
NL 23.62.61.176:443 r.bing.com tcp
GB 51.104.15.253:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp
FR 217.182.178.225:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 172.64.151.101:443 dsum.casalemedia.com udp
NL 89.207.16.137:443 casale-match.dotomi.com tcp
US 34.96.71.22:443 s.company-target.com udp
NL 46.228.164.11:443 ad.turn.com tcp
FR 5.135.209.100:443 ssbsync.smartadserver.com tcp
US 34.160.19.107:443 dmp.brand-display.com tcp
FR 172.217.20.196:443 www.google.com udp
US 47.253.61.56:443 gw-iad-bid.ymmobi.com tcp
NL 37.230.131.21:443 dm-eu.hybrid.ai tcp
DE 52.28.118.134:443 match.justpremium.com tcp
NL 81.17.55.97:443 sync.smartadserver.com tcp
US 23.23.73.21:443 rtb.adentifi.com tcp
US 8.8.8.8:53 134.118.28.52.in-addr.arpa udp
US 8.8.8.8:53 97.55.17.81.in-addr.arpa udp
US 20.114.190.119:443 x.clarity.ms tcp
FR 217.182.178.225:443 prg.smartadserver.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net udp
FR 216.58.214.78:443 www.youtube.com udp
US 104.21.68.128:443 mmentorapp.com tcp
US 104.21.68.128:443 mmentorapp.com tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 204.79.197.237:443 bat.bing.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 20.114.190.119:443 x.clarity.ms tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gvt2.com tcp
US 192.178.49.163:443 beacons.gvt2.com udp
US 104.19.230.21:443 newassets.hcaptcha.com tcp
US 74.125.250.129:19302 stun.l.google.com udp
US 104.19.230.21:443 newassets.hcaptcha.com tcp
FR 217.182.178.225:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
SE 104.73.92.185:443 cdn.adnxs.com tcp
US 13.107.246.64:443 adsdk.microsoft.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 185.92.73.104.in-addr.arpa udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
NL 185.89.210.244:443 ams3-ib.adnxs.com tcp
US 8.8.8.8:53 www.google.com udp
NL 23.62.61.162:443 www.bing.com tcp
FR 172.217.20.196:443 www.google.com udp
FR 142.250.178.130:443 googleads.g.doubleclick.net udp
NL 23.62.61.162:443 www.bing.com udp
DE 159.89.25.223:443 node.setupad.com tcp
US 104.16.80.73:443 cloudflareinsights.com tcp
US 104.16.80.73:443 cloudflareinsights.com tcp
US 20.114.190.119:443 x.clarity.ms tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8294f1821fd3419c0a42b389d19ecfc6
SHA1 cd4982751377c2904a1d3c58e801fa013ea27533
SHA256 92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a
SHA512 372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

\??\pipe\LOCAL\crashpad_2968_SRDGNDPWAJVPSMOS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 390187670cb1e0eb022f4f7735263e82
SHA1 ea1401ccf6bf54e688a0dc9e6946eae7353b26f1
SHA256 3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947
SHA512 602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0635a97d652c0b14f20a1e398f6576c5
SHA1 f48fd8fa8ea490da32e9f311d65c19af93d11a05
SHA256 ae3a0d8d0fa295cb6710f20fe0fbc693e4c54bcc12d9c7ac8e6bd0271e1683e8
SHA512 67b1e43b7c86f07170289571cad59cf80ba2113a5e56ed6e89c406c16c71876496a9211e94bc975b7ef3bf7c88bf7a6f93a53f4483a046b85a356c6ea191e50b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 1e9d4ac9707f5aa982915200c87b9932
SHA1 94b6aa1c5f9d5514bbc14623a6561071ad6e730d
SHA256 a614d664e472808e22f14f27ed3a1dbda2c9055a09546b2e4b371d73a7bb5a60
SHA512 7d03f0c19ea69fd509a9dbfbca87dff8653cb3653d0e08280c302ef39e683bc75b3340180010ea83bcc5ac67aac7d618f5281596fff1744cd43ab6b2777c984e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d39bbdb8b136c76a87c2b2e7348a634
SHA1 649eade77e7e63739ef2431a218563cf0299d475
SHA256 483ae1bcf076ced9e1f5b1f3d113a324d050396695640b5dad2ee547b526c36c
SHA512 b6084fc86a95c16bd12aab5ec54fcef203dd057623aa075fe6f20f4c0801dea7966c2103f336d265fd17590bcc4673caeea7b790f4a0b96566be86b813a309ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f75fe692dd9a73df9570a99f79eca946
SHA1 dfd0886c598f429f340e1d63a6f7ae8c1265b4d9
SHA256 036d26ef8723ee209a0189f5af66a069fe371a9f887c3df62515134f3805ba62
SHA512 21eb0b21099aeedfdcfce003bc5a4ad91e2424ff6ec5b1e0002376c6ef50b2550a4457095df88ea8bd22729dda6724108e99dca16186b4e08d281673ff4583f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 388fc039ca28d2506e022b90d3c8d819
SHA1 2295901f49a7c65cec3e7b26dfa822c2ec93b28c
SHA256 b75139b2c1801c9f21adf6f70ac5af33e58ea9c76fd0c15c2c03cdf8233a1b1c
SHA512 380fc9bfac1406e8ee9c9ae69fba8064c7412ac4a8e23406dd5c36fda20f38e2d51aa6ccccc9aff154d7b1326e1d9339c1966618f5298a47ae0c7bef2d832884

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 54b9b3a023b0e85d4f97e92a5676a4ee
SHA1 b77f9d87e9dc4681dd897be200ccaa1545b285cb
SHA256 c9c0e1c1e60f66be90fbfa2118bac33a74c90e2a3ba41b7fa80d4110ea591599
SHA512 ee92b98956ac036b3ae462722d1752689fe47071b6e033b0718e389804b703731a2918ee029d711f05fe8c6f389eac14d15cde7714459d65dcc7e8dc9fc4f440

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab0ba1188fa96759ba54f297503f5329
SHA1 868a94baa740372f347dcfc52b6fd6691e9da04b
SHA256 baedb2ccc517b153d2767dff42c1e31eea98a41822298d29b7353152748de38a
SHA512 b622eec411116a141ad90106381aeffd302e957c061b7c4457c75a88fe395223fd8063bf85798c489d7d550c73fafbefc4c8c85b643c154aac7ab9e82762a120

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c905145c9bb005d2c68fc185c6fa5120
SHA1 79a50cec08931b7323943d2e585e1d803882c632
SHA256 007536ea0814fa34c73d9941096cecc71af4ded76f7cfdce5bf3c5e0546b7e83
SHA512 54959456cc17109918af6ec6e014f28454f884ce7572cef23064e83afc28e16bc9c72c63047ad430df0a87e51375cda20a420b94afe1ec7b9ea3926ebf8f3c3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 9c6cfcae0a84fd18ba3251ad63c30b47
SHA1 76acbcc1bbab4ae5f829c8ded7a65370a19d3da8
SHA256 66ad88d098196e659ff3f045fbc0811b3b3749f34164e28e2140804c40ab37a9
SHA512 1975cc7e10021586341748c7370ad952b659c6d76a7bd0f66e44e41878ca6bef56c679997e5442980e6593977e69c71747d4fcba2b627458d6d7888344b9c8fe

C:\Users\Admin\Downloads\Unconfirmed 731039.crdownload

MD5 85ca940958ea59dfb3788186d06ee00b
SHA1 2e8dd1aecbee61ea56dd6bc011f2b319d70cfc09
SHA256 c6bc9dd1221c9b6145160f67680d1b620d91f112844dfd5082d2766045a9fe34
SHA512 4a8a4144e1221463e9c45c12402cef71b9fb0867ae4500abf02f6c41cdbcdfbbf591dd537449107a6c2728457c454905bd149ea7a978fc51000b790194d85718

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5460f4b6b8d90564aa7ef0f1fd375a35
SHA1 6f97fc2ccffc849009406dec6eb5965e35483d2d
SHA256 b160ad86b0f752daa42d29bccad058fa7fe3275602e62708611d6853897e52fb
SHA512 bdf4d8c272b3e0195f519efde7589038d77d35737f49acd6385e071f8faa93a4efefccf805070385b32f763b518227874ec54d076757fa895f5a9f0a5bfa3ad9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 45ac09b5eda1d594d2cb2a03c5095ad4
SHA1 37eb3aa8380bdba72207823608481d055f4d2a3c
SHA256 76c41ae8b22a3778dd57c4f9b7400322d26abb01cfecb448cae5e2c5d34e9328
SHA512 09882de6ae0fc7e0cd032a2af5e1fcd12908d7517507be259a4359ffc85bea4966ccf8ae5210cf91d9dc7c15b424f7cc0eaf08edaa16e715bff7bab151b37136

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

MD5 2b845c3bbfbcb4e28ffbd1838368decd
SHA1 4414c101a651bbc06ab2d1eced6932338278e7fb
SHA256 addd85cdf92ff6c8fe37ab271bbaf49b204ebb8f0e0782ff412959c1e9ac57e4
SHA512 c6a374402b6b038387d385b81040d0d6ae83b2a503be91335b4b641e9eaecace2696871b7ac79af7e78e526212de77f128738cd47142c8ff1494a11bc3a4548d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b43036bfc3f56696915f4ead77273a7a
SHA1 f03b047ba47552629bfa1259387ade4c1e385508
SHA256 acf9be2d39898f332fecb440772bbd10eeab2e8ca26445103a98770761f4de89
SHA512 4cc93e22a8ec57b0caf021ff8501f8981aef706a69b7989f6e3f310b4f71892024c001d106a771f2fd3969bbe9fbf68eb352af97c2fff0d6f3a18eb1202ba3bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5813d1.TMP

MD5 4a5e1f5af739c58558dcc3cf0468de35
SHA1 ca527cd782119397a89c5d1683b71423f9ca1e34
SHA256 026ecde1422a0878e8d441f8bbacda980d8bf400bfddadaf56cec2bda7b6f1e8
SHA512 9975325f34fd77c074c3b62a8f7145cc7dfc7966e24557f729d764dd798aab8f00d76a0b9df4a582c8474903ef56477602bf07e2537caeb9a5e893a0e865df02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a70e6446030df2165d1337ac3f81a6eb
SHA1 6d53471c63afa346747d9cc15d2f7d83aac9f0ec
SHA256 599fd3afb5790bc9a4bb429ad2bcb5a4f55e8d8268cef94f665afb1e3dd5f9ea
SHA512 194dabf15c809f48c9090b638b08a3f94c6574728630819ebcdc30d6ad72efbddca8c72ab189cf456ed1aad36fa2b85f5712081eac3bf9c2fd06980cc98f5e15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0328f9fd1938dec3c091bb03931925ab
SHA1 32502ed20b1f9c3f08a65b146d1fed66a29c8f42
SHA256 3b2f44e7db02cf193aece6e10e608904c604e37338200d0ef33a867c62973ae1
SHA512 13accf8cf5d8dcbc6b25076ecdbae0ded142d9515d615e7fe81750abcedccedce3e94a0b8f59998313da99814b3cc03661e3e292bd86f4704e6bd6c1d907461e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5373a9421b4912e8d1ea55f89b6e81cb
SHA1 49c9d831134f8c27fcf1f4036dee1b5052a5cde2
SHA256 611f5512e3e37aa8f646a2d31bde049fb012a45d35999e9746c0cedc08f541b3
SHA512 b9221810ff171d9e47fe21dea9ea1aa1a7a2df3552fe2389f548edf6183ebdbe4240cd802e1518b8bf6a061211b0487061c0d300ba0231706e18d9e9c69502ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d6c01814dd4c017b708b118d7e003582
SHA1 90f057da57671651fa28550b370239e12f5a6804
SHA256 484c16b5b8a07e3e50895b69c840aa17d6dd94d797aa6d344ad994d669e3319e
SHA512 7b31c6e4b88608ca70f3f6775f59f26d65f48ef3fe57ff2d6df48932c1248139c58606dd51fe8a675e9861e4688792c183fafcc43dfa6aa764dacba8b417be8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b5de60b1c31d26716c32db4ffb1c92ca
SHA1 1f7cec924616b910d7ab4188751e987284c86872
SHA256 1009ec2c0e016dbaef0fc9c7718b73645e7f08e3a491c8c636946bdf134931ad
SHA512 ab99f94dff167faab983aea7fe3afedcc5ba9da8917e85b4285fa3d6cc93fbaeea3acf45fa443e421e1adc843d9a1280b4748bc2759b44277da3b262f2411756

C:\Windows\Logs\DISM\dism.log

MD5 2cbcb6dab800773ea678b8d844cac79e
SHA1 59e98aaa166589b6cc7e7155c951d8eba8d22b8f
SHA256 fa8e43950c67754beb81c6ecf880a7c46bdffdf5a0b5f3cc42d87a70ce169fe7
SHA512 d9fa66e5065a721620faec2276b3a64f50d7dc2d2da361e1e4aefd44e45b8426da39096692e53b5998daab2c60012cb440bc82fea953a66cd196c26be48b06cb

memory/7844-1328-0x00000000027F0000-0x0000000002826000-memory.dmp

memory/7844-1329-0x00000000051F0000-0x000000000581A000-memory.dmp

memory/7844-1330-0x0000000005120000-0x0000000005142000-memory.dmp

memory/7844-1331-0x0000000005A10000-0x0000000005A76000-memory.dmp

memory/7844-1332-0x0000000005A80000-0x0000000005AE6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_orn055ck.nnl.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/7844-1341-0x0000000005AF0000-0x0000000005E47000-memory.dmp

memory/7844-1342-0x0000000005FA0000-0x0000000005FBE000-memory.dmp

memory/7844-1343-0x0000000006050000-0x000000000609C000-memory.dmp

memory/7844-1344-0x0000000006F60000-0x0000000006F94000-memory.dmp

memory/7844-1345-0x000000006F310000-0x000000006F35C000-memory.dmp

memory/7844-1354-0x0000000006FA0000-0x0000000006FBE000-memory.dmp

memory/7844-1355-0x0000000006FC0000-0x0000000007064000-memory.dmp

memory/7844-1357-0x00000000072F0000-0x000000000730A000-memory.dmp

memory/7844-1356-0x0000000007940000-0x0000000007FBA000-memory.dmp

memory/7844-1358-0x0000000007370000-0x000000000737A000-memory.dmp

memory/7844-1359-0x0000000007580000-0x0000000007616000-memory.dmp

memory/7844-1360-0x0000000007500000-0x0000000007511000-memory.dmp

memory/7844-1361-0x0000000007540000-0x000000000754E000-memory.dmp

memory/7844-1362-0x0000000007620000-0x000000000763A000-memory.dmp

memory/2536-1365-0x0000000005E30000-0x0000000006187000-memory.dmp

memory/2536-1374-0x000000006F310000-0x000000006F35C000-memory.dmp

memory/6268-1394-0x0000000005A50000-0x0000000005DA7000-memory.dmp

memory/6268-1398-0x000000006F310000-0x000000006F35C000-memory.dmp

C:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 a723044f1c511790dd0ee3a3fa68c4cf
SHA1 670e6f907c2557c9685ad26c26d6d8fee5139942
SHA256 861be3e240b075752d52c7b50c41bf22eab9314db4f11a20362c648198a0f2e4
SHA512 0fa7da71864d1abdff83d3aa01597f5902c01899513b0333bcc5d756a15be02b8c5293b55c1d88e556010f53412a7dbd27b57b63b1074565f1f6de8e2952377c

C:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\LDPlayer\ldmutiplayer\fonts\NotoSans-Regular.otf

MD5 93b877811441a5ae311762a7cb6fb1e1
SHA1 339e033fd4fbb131c2d9b964354c68cd2cf18bd1
SHA256 b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b
SHA512 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4

C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc

MD5 70058f2d60daef1ccc7bbcba210f0ace
SHA1 ef214ade419a724272ac82e9de5233d7c0afa64b
SHA256 43b26f40e04ae6854569a01803541245abffcd130f1345191afd8bf6b0ca7873
SHA512 a0b3ca59ffad882fbff69012023eaa8aadb77d3ff1252562e5480e7dc3c9336afb3c5f58fb435246ec48c758d3c9d17ae9ea8a28f9d4766fad1a4c672cbf9b9a

C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 f96c25bb4feee47fe4111660fa0706b3
SHA1 284126ce4f80b6bfd6037f6137dee90c941e4eec
SHA256 9b5d44c60b18b36bcc1cc0e28585ae168d92239beda197d739c3e64edb229867
SHA512 b4297728f031863ccfb50de52d18f443d6ae893322e2f6b315497e187329275fbf41828867e614b35e9ff60ac6e3e1ae77d876fa8e131336c2d6a1fb6ff7db36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 91ea4b7e5cc4bc9e95091d08a2f70916
SHA1 7615975e94023a7092967ea3db68f00881a67bc9
SHA256 71bb384a3a2defe5414244e0e3e629fef3c8ec0bfd6e38403ef4801e26904ae4
SHA512 89abe1c8ee6db9efc71d2bb6e3dee785524385808195e89f91e6df4440e39761eb3dc803f38a1ab98278b99ce9255e70d6991c82160f66b6c983f13721bceea9

memory/7728-1521-0x0000000036A90000-0x0000000036AA0000-memory.dmp

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 6de0ef4a83aadebe5d7e07a64fc9d220
SHA1 f2162f30992ced0b882bfced0477ebf62b7ce186
SHA256 b7c4de833b0e2689724414802fbdda35d7cc1c4529eb95282fd0ffd175119008
SHA512 eebe007e0ece66c08138720bb46864470826a6b49a8edb1fd1593c4efade4bbf32c764d205383ef4745a738a1242f92e4c396abeb56e6ff9e785977ce8f646da

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5751530e-576a-49fc-a938-8e3cf9e06fea.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5543bd156185a7b6f5d3a02ad338b108
SHA1 09a8e594611da7c145990326eebb41800260f3f3
SHA256 d16dd0e35ee3af49c23adaf0121febd0395b24f5f8a23fe98b4c39fc47ed3c46
SHA512 66b00fc984def3b83cbb4509e4ad6c3d4943e53e61615ce9c872aed4eca3b797a0d0f00ee9d8509e3986374596d5316318b87c6cfd6c5d5991f988287e7b6fa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a55bcc1242fae119ff4b551bf0feca6c
SHA1 10a4b8d71e1713df748ba1dc1910219f2a3c5fe9
SHA256 e51cabb3a7c8ec2b4038fa51a288a3934ee8da1f5e8d053842dc14c9de301dd2
SHA512 62d351f1fd39ee916c4736f8368b29dc8969580b757a866c77736d3eb8b9c56a2874cb4b1d98dfd837f91ef62d5c4ecbc573bf3df91fb80e0614a2d1b402920b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

MD5 eeb6392ae60167476487c2992767d0f2
SHA1 5e9c075dc73c4b3c11e7431b57b8f3ace8f45279
SHA256 87428f0d32d815d6d821d594a3e502ebe01e9b2b4a8a5c68da38d19152e7d4c0
SHA512 10a38084fdf659bb2d4267b9a7fca78fd61c949ee5177e5e8dfd1d61ffe89bc6b7e2f620bc9a7e6381b8dd90c413519552d3fa3809c3b278e18bde339f07d3f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c

MD5 05e9679509b61424a07cc4d4efb7247f
SHA1 db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81
SHA256 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b
SHA512 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5f2f267a69ebec8337c28b6b5f97e49b
SHA1 42f6f80b1464bd886c9954429d8201252817b04c
SHA256 6fb8aa9903f86541e01bd2075e930b1268ba004c8de2ddc7d88c56cadcd89a2d
SHA512 b6b634c2fe419dc387dcc2c0897c213b68073cfc9d100900b092cd85573e67ecdd99b4437b5899dbb9722c823cb2a909831d9f61251a76ad981f39cf75dcc012

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a48c62f70e55dfbd61a3a410f57910cb
SHA1 ca34acc6fdfe987f393d8a66e0ba7b6161240ffe
SHA256 7bd12aa9aee2dcb8d3260e77bfec18abde0007ce8625b496dd4e9bacbc883b0d
SHA512 36d7a65013c5e5a12a6248547a672a73af3a31ae1d1cb08464e64db885597b6fc9f06c22dbb44ac61c0dd96d7d213250475033d66b9990b655dcff7c3b55bcf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 395d53c14e50deda56f53617965ff95c
SHA1 78e28fdaea625841c5305f630476a800cf70556f
SHA256 9e98c076c131d60f8a7d6b71e908a3bbf4642475cbbc073205bf261cf2deaf92
SHA512 a4bdbdb3d95b8c5eacfaef6477fadebd6bc7b94f97a4aac487e1de319d2c7e07c7c32e2f8dc23306336264d190e9ac3f07bfa1bbc643ce6033e41620a9c411e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 1f9487a1d9ba5a85a9ba6f1a0b6dce2d
SHA1 24a664067d228d3dac083cd17114ae6e858d73c7
SHA256 6344f9e94c014d574c99a35428fb003b97b4d16fc7b94b8cf8416f9a7c4f155d
SHA512 faacd752148d9e7afc61da24ad5435b86f4bce60f0bc3f41e3a67922aba6f4dc22b5b1a68c733f8aee2c9416ff3560e2c0f0fa90b5a588fdb0f077aeb7a7bdf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 225455497a19ae9238c1c9e3ec6d624b
SHA1 56a450c88ed98c515abf57e67f06fc39244ec100
SHA256 d3dd7dd2d51be767cb461d3b52ecad575c343db5b3d298431c498636e83f8873
SHA512 b48ca96dbf49d315dd886bcb08f38a39dcdda14bb73537c33bb15787ee71455689662b10854f1175c7911fd07345f4238c3f5f94455615fb2b10623962b05674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 dd8146db41136b800f0e8264b50cce2c
SHA1 e7e496bde73e174e0bc04c43893873a3aabb0678
SHA256 ee228de9237868dde5dbe9f0a03ba2d602675669051aeb044c75ba09cdc5689c
SHA512 f096fbe0e7679d08d709a9bbb7f2a539cbdba865aabad2784160d91f620d1771aec0096588e7830ee6b1048b0ac392845f4aff2ecfe3db3f31d9a6076e8c17e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 7120e29812ffeb53d46eda4dee3291f7
SHA1 e2edf428cc0b95d80886e09d48d94fe2d1554759
SHA256 2b3b75a40755276cde3812b34a4af3b06fd078dcde0a24a0bb7ca4246b34ac28
SHA512 bb7cd8eaa797c0b18dba8e797ea7d7c5bb76e8a021cb8f6e9e1d648d25c2084c1d3cbbf115f0a84847bc203b085e3503765de65bb4b97999b33a30b6d84eeae5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 bfa94815c24351f2e029631d01ee8e2d
SHA1 3d1a80df2bd605f137372c02fe7fed2dea41cdf6
SHA256 ce8b043eddf58405ed1abe6416f458c530b45c6b3ea26d8ca0e8da642e65e0cb
SHA512 dd4933d418061a3bd3814bed5b343b0a5447896b82b35d790dfeee2f0f09627e92cab2c0f9c8a1cdcf9b5ed06f042a88cd451385449eecc72810f39d8ef9e0bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 33efc03b4f52cfdb554ee0d192f7479f
SHA1 2d69f45840625e96051cf31a1862ffb166732930
SHA256 f8ff5ab7b9590ebacbb294ae032a5e638e051029ee6179b38883b6915cf8fd3a
SHA512 caac392554bcb9091311e66d1333b94410aeb2f89d95f70c7971c97543c93b7d7d9c05b31753fbdb73c22b4886a399a6b24f3b50880a9f243aea6e0ad7abdca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 d69b29f97c349b632ca3c5422faa29d8
SHA1 cdcc12c7297213526f4c8104c2e1df1193831dfe
SHA256 05dfb1344923a5474952325cda09de54c67decd4659b01a70c9bb49dca7bd69b
SHA512 8d0f818892ed00dd80663c1e7dd3171ae39ad83aa1478dc82f5fe506a1e16f59815cb04382e392c8e986b1c735ce3466410504a79d0962891f6539aa57d259eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 28029986c66ddce2907d62de8f7d7b17
SHA1 f82220db87a257ea0ff266db226f7ae4653f3fc2
SHA256 843c87c9dafb89c253b2043b763e8806c1a08e7f980e51fd7d223588c61217ec
SHA512 47d3f0c0d85251e7cc34970644164d940ace7e2fa2b47d5ab4748652871268cd5b59602cfde82f752d4b3d13ea4c43327cddda3ce87b4c36fbea881ffb3933fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 4467cf9788587491b82bbb68ae3ec6f5
SHA1 559c9e0c991dff84ad08fb7194adf758a7fc1531
SHA256 00b2e4784ca48e940fcec998238ea79431705d5221c702335e560a4b6c6c0c71
SHA512 3969b1ea681873f3e4476e1c9b92713cff96d97a82a5126390ec1c2775d8937e01183ab9b315583a50c3dcc1efefdc6a7c0ddd8426f4cb2d61de69743a5150fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 b19e58eb9cb9b45c642dbe0827df8148
SHA1 aea5528d7b14b5161a5acbe21f890195ba296ee5
SHA256 9d566eb63e1d471c57a9b1829b783131bb952bec88190e466e53b047faf0142d
SHA512 764d51fed96a035d3d70a8f20ce2704549739c3ecef27a45a6d0b8187d92e52dd2b55431be5f94d5ae03b6c8a0cab9c31f63d1ca66540596148cc57159d0f49f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 3c78f42e52d6de58e73ae21e2cf1ce56
SHA1 95d45f11832ea39057972909c42175448ef5c1d0
SHA256 04ba5103e3c56c29fe2b756510c0404446d3ff404924b177017b2d9ce264f455
SHA512 6e47c3af7dee53c7c1a4f06582a41cde9782a25ab6928138f16babad7570483c8c47ae3e2ccd51bd0e9e42264eb4e42a5983e3dee3f92a2908b73bad8ea3a369

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 16c0a2c82dc0ab50f23123f7ecb11f51
SHA1 fbaef7794f352126af25aedaa99f1bc22d131f71
SHA256 5749a98e9383a271b4f6cac8caefea4d86a6b40e203a750d45fda652e167583d
SHA512 0bf3c5458b647601a1f28c194ac1bcc424ecdeba91871fab9178e8daf1fdf2ee956ba55bbf61b3cd2f54cb1ca008dc894e6a54730f5caf754c61d9ba20da8244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

MD5 b75cd0ca235a7bc07fdce58cec179543
SHA1 c9e98aa5a1a3bdb114a97297dbcb36fb148cfe1a
SHA256 418f4440fab2771c57a6ed67762e7c49532023fc9edf555a031943545937ce08
SHA512 7288fb2bfd7d61e583e7c68eca47f4930a6e6df0cf0da81d7211ce08573c96ebd75d1337ab324d7b495083be8250c64898c38ba4ddbdf5dbbd994acaad3eb85c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

MD5 26088c06661d1fb4a002e2609404851b
SHA1 31293824e0579bc790426930cf73e9a0c71c0aa8
SHA256 8e9b4a4680b498db825ef610e4e7c68bf3dbfe95383031c7531f1e6dbad454a8
SHA512 3527d553940a6c91b5cef149df40bd5537e46d16442b5bce1e593e743014d3f25250ca8008d912b87b41745006e03e1c942be94a1590b36c1db72bd8ba23e12c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

MD5 cfa2ab4f9278c82c01d2320d480258fe
SHA1 ba1468b2006b74fe48be560d3e87f181e8d8ba77
SHA256 d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e
SHA512 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

MD5 1aca735014a6bb648f468ee476680d5b
SHA1 6d28e3ae6e42784769199948211e3aa0806fa62c
SHA256 e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

MD5 d84862513956cbe61aeb4ebbfdd3355a
SHA1 14ab269df17cb0333b1556ce120d587324479f6b
SHA256 a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5
SHA512 d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 905187c1a08dfdfd4926b4eaf60e2df4
SHA1 2353e16af7c231942d23650885c222ad31d833ff
SHA256 0f88059048c17613493347bec75c7b551d05d715fe90c33aea736fbe02feb916
SHA512 975c7e4117d11caca92bd571e61dda5cf157af60273218c2caa8fa64261950b2c0b06a31849d7ac145afeeb0accb76dfa0337eb2c22076cd274d5f8d5fee6c85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

MD5 d453eca18d366c4054d2efd57717cf9d
SHA1 c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4
SHA256 be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc
SHA512 a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ce82f0554575eed906b55d4c57a6f7c
SHA1 fd2ca4fc499812d0104c3543e921761dc1a53cb6
SHA256 a840f8abaed59269dea49057c727beee34bf76eb929b784cff58e52cee9bf949
SHA512 4466ee7f411eb30537f5fb9601b283f29b171eba7537fb110f21b68b9c77a36acc2557b26bfa59ba08825bf0f4aea2517129f0d61cdd208ab762cd0a7325cf2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8d09b82e860c6acb81ed1e65629746de
SHA1 e96ef3d1a6589d2ee99e0f190e144761712e3c3b
SHA256 0d31ad249d63b2f2f956394e83b8380e0764d60bba77b81f102a08b592b86df6
SHA512 31708c5078c43dbce42dd7d19f131a0557cd1311048f8588a3043f45c73c003806be1e933b2561912eef9e78e7557aec8f2a1abcdebe3e6447a2d5cd8a38ab59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8de151030363cc7550c2a1b7e6881195
SHA1 1620f33811461e1df1bc350a5788171adc0b55d8
SHA256 c635d85f3f512b2cfd19b346a72fc5178e18cc0008f00c7ebff8c1c6654f6a08
SHA512 9899ca1d4ba3dba9ed81489d761e5c1d4a3dd66011427c7f9a67d33687893c3748215dfa0ae150224ab86e0a24bdfbacc8049b1508d7b252e5d4ac7ec098dae7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a0560.TMP

MD5 6166da62c98a704567f778519eef3a08
SHA1 3ed48d79cafc75ed63eca558cd0b57285334aeed
SHA256 bc59519ae015c5815947d904c7ac662b51a1803a8c27e7f1ff91fc6b55e9f311
SHA512 a7d74f096a980c1c987616392b1c03b93d2dba9c91a1d8d09c39e7215394aded89e801632ec0f444dfd1399fbd688138a87523c6017e77dedb898d50d7923b88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aa6450d33c09ad481fcd6a69c869a2b1
SHA1 678c0756194e47631e48f9f1aefc38339dc996f4
SHA256 0f52047a1347314ccc979910d2b4670a8a470dc9941197d710f22d287756b591
SHA512 c47026526c0e89eb2dc7558bf6457cf4ea9916ada98f116467aad918e7a7ab63f1781e2f17e653e67fa7d0670a383d2a7adc00acacb71faa3a7c8c39ae5515bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 468d17334ea019c15882931ad3e1eb7a
SHA1 c2117ddb05bba49fc1b01ff40cfe530543f142ea
SHA256 98936a6171580821f3e3f4547b5983a064e5849018e08e606f3defd5e95a739a
SHA512 99c4f50264f38c230d6b6d987c943185da0acdb38c32fea3ac219eca01ca99923455a70ed1b824f4c64793d32be0c55391e220cc5d66ac70b28208aa0e1ab123

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9d90ad133315b75c5fcccc4f026f36fe
SHA1 7768356f4131526c408f621578bdb23fabbf7760
SHA256 15f11c0b758c8e62895e730827e802093628f313078837721fbe1b46d95ff8d0
SHA512 c5d27de6d91903fe6a14e409284913df562c1d76d49cd825ffaab780fbb9b432da138fb28df8ff2ec9924eda824927735da875f49c6a01e0fe88417b736c4980

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5ccdc25ca84a19fc4361718b060f4070
SHA1 6da687d84eb7ce9454f4348ea9a148a3eff160a6
SHA256 e251fa93d72ad722751aa6b1c1a630ca5ac6160b18ac0880e5bb682ef00f480b
SHA512 9c50842650d9c3cdc402b65ab31f122f815ad8b8144c7d19de5831ae71d693c42041e74b1e806998d73172f109753ea522ce42f45984f011f8e0545b62702370

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5ff39e4e65086d501e95ae2eda43156c
SHA1 ebe7828e138c32a344524263c9b783afb5bb3b0e
SHA256 5bd310bee567453c4e5e1ea3c6a955a628f62d5bcc466d204fc7dd2f33928edc
SHA512 fb88f70a29f688c48d9300b31d8832a170bf3938e917e9000189ce85e3b0e555206ae8102d0e6a23aa236d7662be32164a9287c6fc52d534c6628f32efd85ba2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f1cc8291fe7dc416d8ceb2abc8babc95
SHA1 7257fd33adf0aea08d4c11ffaed833538bc6374d
SHA256 95f3e109b4136fdc2cb50a3ef8a8aecd9ecdd7dde1669e1dbc997fed05141cd2
SHA512 9847032eaf6cad6a8b1f038e09c54cc614a534a66d23978dda1b9ce4d1829d871b8a99fbf4ed8832092e5c1cab7fb9b793224111aa882077c6aa86e61d3b0c23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

MD5 806d1273f2a7702b8be593e82a71ee39
SHA1 189c8aac0f5c610949d81cc1f6e9ab72d47d36f4
SHA256 9e064a173bbfa4092fea520c8f39cba4767336400388792d52ea2d2084020b39
SHA512 14605c165d26e1a58dfb23aa1c59455e235d0d59b0cd3b8be2157962e364c4211e296c203ba19ac520df62b86f3a6c2822d828bf9dde090b8888dd43aa74a548

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 2e023a843ea2f5b2040177e389a852f9
SHA1 71d94ce3f9164ceab5bf7236ef71d527ddcee100
SHA256 63cde3a79566b37a672fde354b720d899536ab8269d7afb2ae2fe60179509e0b
SHA512 e7667a4d46a41332aba1ea4d5867143ac6d43be54532ff009a8a7d8bdc8e284488657619fed6db9f9c03b15e955eab53066350114f1db0b34be830d3fd4e3786

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d2a79c5c3b7c33bc54590ec6ef432c60
SHA1 fa30deb81b3832ad04a58d7c0ece11e80f02c43e
SHA256 4d7cd037f73518fb2420b1a38b4d61a35c58a96949eb48a30afac3dacb24b704
SHA512 8b9c83ec00c7c896f5368024aaff5b873610a4a671cbd0f568defa1aeb74fdf8c5d2029f42d6e7ca0bc67f268b833c221c727c3175442ff86b6620a62ca3c0b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83c47da22fb3b074f69bd84b0ff27f54
SHA1 d0f8207bbad601eb5eeb6266ff26cf169038fbb2
SHA256 31f239576db5d4fd23035af663d29d28e197c64af5963ae4908ec2d228ef5e31
SHA512 50705fcba239f0fb6cef867336c6757c6f4759fd16ed7857758b292f9dd611685bbdd75bedb4328540f8818733c5f5dad337d97aeda38bb7f3e4e0747e32b4ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ca693fc35f4d6ab7ba5e612ef3f6cd52
SHA1 cd133d1ef2f9abf9d50f9d81d7d878c20a893622
SHA256 ee40acb5c0f704c0bbf71c4b44eba868bb76ab58f81ff8949d54a0ed7afba237
SHA512 542ec13d56db86ce707a67e64bbc187a7f7f4f795c6486484f206849ca72fdd2161c9bf7847051a6f61a4332f8dceb34fd5233823aa31bfeeb1d4b7f36086178

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 19ec21f00308e0a2354cae24bcc0ba82
SHA1 1c9efabacbcc93412f4347f8c10c6a370814f568
SHA256 5d5584bab24aaac7f84d2494ec4c022319dc882454bfa802bad7f66649302cd0
SHA512 d38852caed1bd7dd19b4144b808712c12d0af3cc5c48a5895bc13dffc82f4b8ebfd93410667714509b9d57072660f0e843714beaa7ebee6e7db3485b85b2e24c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ea49be3f5d780e9744874e197bc9eb86
SHA1 3fd5b01053a478c1cc78144790b69a3fc138dc5f
SHA256 5a8b6b6da515d7fd4e4fd941cc7b8cb49951fe5b307d048fdb60f109a8d2d176
SHA512 7136915e17e21be214d382f98792337779a1cb2cbe19b47e1712ab6f03c744e8b4763ffcb7473ab441fe07630dc80952ebc66e92600f5da33a1f215669c81efb

C:\Users\Admin\Downloads\Unconfirmed 206388.crdownload

MD5 4403cb3b8b299528d40a2555d8395beb
SHA1 52971b252d0e259808f158872db478eef4ed94e4
SHA256 cad92559e7848f000ca084aa6e5434a2eafedd2bc2e5ff06a13b724bfd447359
SHA512 a1bd42758a68499dbce08cf99d6da6cd526914032a8129869da40c28f6daa4006b26b24047d40d0e4e11e325c97cef603172d5029bfda4756d5b94f0454fdb18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bc67ffbf962b28ca19b2a0bfdc8fd523
SHA1 8dff01e3bea566ac09b07fc77aeaf429de54f1a9
SHA256 f8042603f97b24dd4a9a136664a54629ee0affeadd33971a4254a5154a798102
SHA512 171160a753ccf9088c07eeaf130654b19bee5b5956cd48c12bc8251518abd7205e389af970b00afe9f0e3070c8733d7c4357236b6effc87c1ba4df9f22f734f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea74053aee1cdcf926a5e092af3f674a
SHA1 2e49a04ab34ca9996ac2607c275566de4d74ee5c
SHA256 c2d532e2add23fbf628e1630bf682c03128250e41d6fe8c7088c1a3bc0210f2b
SHA512 1c1d118009121083a22f29b59910b123414093cf5e5fbd98cf88cf7c8d972d38a6acbdb3d38ee05adcb24b014fce143ed049ea66593f68081912b67ccc2880e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 510a92f2c30b6734b536db6f47556a7e
SHA1 0394e8589870bd8149e94607e4d0069f63425ca5
SHA256 820a1900a3559b6f0782709c86c6009456ce49594c14effebe5969d2dacf281b
SHA512 fffa8dfb45852fdfa39e912a0f45867ef8a4a476211a916ea87ee6b81b5df1f9902ec10830e8d3b3b6e6021f1e9dc7316ad04886a845f2195dd5ac4bd2c96da9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 83cb039729308e415be2490ef822ace2
SHA1 03a99c027026113a7868c6c9913404314ad7a80a
SHA256 3ed2037ae3794deb738f0c01b58b33e48570f6566d62221a34b9888c0ecb9183
SHA512 e316bb4b8570bdf1fd2ef4bbcef81e24dddeb0b862474eeeca43aba7cc8c8ca16c69828448e6ae97169543d46b4c139049d0954a5f6d50a98a1effcb72cc5f8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f6380bc77d57bf3f07124fd57b9510f4
SHA1 1eb628ab623da01bffd39ccdd8d825381b1395b9
SHA256 7cf661f011f67145a0d0dadaa3258e3a898bcefc688c898c1d3c566fafeb3f18
SHA512 20fa89a64786391b9c87c10e36002f6f81ceb99ca6752cb64c4bc6f265daec519cbc85eac1e655cc31475b7743eb66ab28bd1230b43694cdbc1a5b9051597165

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 575df1ec28642a04d03e2355d576e456
SHA1 83d995f3e87d5a471ce3e0126dd607c3126423aa
SHA256 6676b51d0c1b70dfffe78fc202e510ff8cf6207632e540363a5d7495454b5e3b
SHA512 ff96362921f262bef0186946c4373915566c8f85656c916bdae555a95e2fa14b30a89ef5dc23bcc4514ba9ba0743311f2c54dae8f5bc23f5546e4f41854aa7e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d3a8398e22cd5b4d6db051a9bf5f8e68
SHA1 b7be1ec7e2886c58ea83b4b9a3ac5632c9f0f84d
SHA256 6f783216783414b8898113e92d6777e9c1691994b64d233114c3de39feef8984
SHA512 2696b987f8089f3633b9fddbb485b56ac817f931f192a4dbf79efaaca9f66c0b92ac8e01d983e75dac0293c500f13cc5658a573543d129e6e74e2704cf28ec62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 64d32d1d767ea84ee8d3d602a76cd7b5
SHA1 e0a6f38eefc7d230abc8017265c45f5e9daa67d0
SHA256 49b5fa6168bb76f62a7c3f28a35cb8665eb4a9a379a19a03e0cf1ad4d1b4b955
SHA512 398f3247d80de2cebf4a13d373643136ff7b2e30a37da3cdb19a880625be3d399c3ddbbef052d0dce7095ee2872e5f942047e5f0d8a5400401e272258a5bc1cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2e1a2af8818226d0d728e24b4dec84d6
SHA1 da42d95da058f046b693e469ac4ba309628891e5
SHA256 048e0044ddeb922717cc67e1cb08420a1d7f6005208f936a6980dbe94f81f8f1
SHA512 64ddb9b69af073d6cf36e5dfca0ba04fed3de0ecf4517512966a7d36c3d79b8d92f3478fb5121b490a0029a70b86dafebddc4387f388d63184939af73c3f5fba

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 6181686206f478b2d75a8598d893e956
SHA1 8b61607cb70cdf6f823fb2aa59105867e12a16f6
SHA256 e4795a882fccc42e6f29cff0481dfd4e7ebae42cd89c229559505c5b4920f8c7
SHA512 089822c2c6750ca4fdd05e35e379a18886152020e649ed352866c11697bcefaa5eec13a89520a350d87bdb761a20692afdb72d5b3b1007ccf162234a8f3290af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7bf6edfd3faa48b6c7636361b2d91c50
SHA1 c199946ea6924f0b66813a0965c53d1d15fc3c6d
SHA256 04fef2ece7e27c35dfbcafaf100f6a53ce92509d7155fd0421bf703098dc24bc
SHA512 85efcd7e7185017c1fe1dfad89ac187b0a15385dc694e866a245bea768737835ea8f4d23a4b2f1a18976fa2589fb82a9f2996e69c51cf326eb1d8874b6228116

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b24039341c33e49ce056a590830bb427
SHA1 f5f10b70cfb182f18506c96b7be02466d2c9525d
SHA256 a12773817c54c6925c34adedf4fbd639a9a71c6e3f7f592d65683bf48478e337
SHA512 e852282bb3a75921c66918c0a4acfba467753b51a3010f81ff3f93cfe26a2ac5c59872146562439f688566705e59298c94759617e3646fda1cdcf35905c01361

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d9b298995a2b6b2fd2c999cdefc1b94d
SHA1 07bbce56bb1788d747e06ab226bd307bdb836845
SHA256 c4a9bb6544118ea23d033093a927c183cbb4858cd4774ef17925aafdc624a8ed
SHA512 2afc269825ff690bc804c29d0e2faf882e7826acfaf150f5dd7d00642f34eeb805c0d6034df1a1543c2d67fde9782a66fa9a919c3e05729d76c377655b50e93a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 01fadfc24ccc3dcbc35c00430f53e003
SHA1 333d24b7dada2cabc440f55f38a00851dc5db828
SHA256 f50e1a6f200d60fa79b5ca74cb870670e34a003e98b6330788d366155f9562a8
SHA512 14fdbc55e5995d24aee63f37800cc0c07723fd30a1d1ed13c010f7565f0f11879a2d69c3c448e323d2e208fac52269c3cc1b0fcbd477ca9077f8499d1162a5cd