Analysis Overview
SHA256
507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388
Threat Level: Likely malicious
The file Delta V3.61.zip was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Modifies file permissions
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Unsigned PE
Program crash
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
Suspicious use of FindShellTrayWindow
Runs net.exe
NTFS ADS
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Modifies registry class
Uses Task Scheduler COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-04 14:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 14:26
Reported
2024-06-04 14:35
Platform
win11-20240419-en
Max time kernel
275s
Max time network
308s
Command Line
Signatures
Downloads MZ/PE file
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{2527EB51-A871-4A5F-BA22-43875BC5F5B9} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 605506.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 203758.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\helppane.exe | N/A |
| N/A | N/A | C:\Windows\helppane.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe
"C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4TfpR6wUUu
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff14d13cb8,0x7fff14d13cc8,0x7fff14d13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3056 -ip 3056
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 3360
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {737a31eb-5a40-4879-9f5d-8a86baa74f2b} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2328 -prefsLen 25491 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d7a59d1-d4e8-4cbb-a4f6-e029a8babf3e} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 25632 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2300e40b-83cc-4e0a-8dd7-f95da946cd56} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3568 -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3232 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d34b5cff-322e-4d96-9d26-895d3e0e2786} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4740 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4732 -prefMapHandle 4728 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a5030a2-355c-430c-938d-fd190f5ae8b3} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" utility
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 3 -isForBrowser -prefsHandle 5440 -prefMapHandle 5472 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0df6ef5b-2878-4a2c-97f2-d765e8c0e2d9} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5452 -prefMapHandle 5448 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf8ba2b3-fdf6-4eb8-9c26-3a22ac983173} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5616 -prefMapHandle 5488 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c079db15-7714-4967-b760-b0474b6304a3} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6196 -childID 6 -isForBrowser -prefsHandle 6212 -prefMapHandle 6208 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8b86e01-e047-4530-963d-d7bb7d06b617} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6560 -childID 7 -isForBrowser -prefsHandle 6564 -prefMapHandle 6548 -prefsLen 27965 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {456cc1f0-1dfd-416e-928a-508a714ef511} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1336 /prefetch:2
C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=517009
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff14d13cb8,0x7fff14d13cc8,0x7fff14d13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10380 /prefetch:8
C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10884 /prefetch:8
C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=3d8d521d20e0420170266ce4f4398e094d32e2f1&dit=20240604143327867&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\Users\Admin\AppData\Local\Temp\sfk20czv.exe
"C:\Users\Admin\AppData\Local\Temp\sfk20czv.exe" /silent
C:\Users\Admin\AppData\Local\Temp\nsq8CFC.tmp\RAVEndPointProtection-installer.exe
"C:\Users\Admin\AppData\Local\Temp\nsq8CFC.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\sfk20czv.exe" /silent
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=197450
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Program Files\McAfee\Temp1656029198\installer.exe
"C:\Program Files\McAfee\Temp1656029198\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Users\Admin\AppData\Local\Temp\642F4236-4446-462D-AF7E-E664BE35B8F1\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\642F4236-4446-462D-AF7E-E664BE35B8F1\dismhost.exe {8C06A805-D1C9-449E-AF89-19646F6BBA99}
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gitlab.com | udp |
| US | 172.65.251.78:443 | gitlab.com | tcp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| N/A | 127.0.0.1:6467 | tcp | |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| N/A | 127.0.0.1:6471 | tcp | |
| N/A | 127.0.0.1:6472 | tcp | |
| US | 172.67.68.166:443 | scriptblox.com | tcp |
| DE | 206.189.58.222:443 | images.pling.com | tcp |
| DE | 85.13.128.115:443 | arzotravels.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 23.73.139.43:443 | img.freepik.com | tcp |
| GB | 87.248.205.1:443 | i.kym-cdn.com | tcp |
| US | 104.26.6.147:443 | cdn.wearedevs.net | tcp |
| US | 104.18.67.220:443 | images.pexels.com | tcp |
| US | 104.18.67.220:443 | images.pexels.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 1.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.67.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| DE | 52.219.169.155:443 | media-management-service.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | images4.alphacoders.com | udp |
| US | 172.67.48.187:443 | images3.alphacoders.com | tcp |
| CA | 142.44.139.57:443 | www.wallpaperup.com | tcp |
| US | 172.67.48.187:443 | images3.alphacoders.com | tcp |
| US | 104.20.75.132:443 | images3.alphacoders.com | tcp |
| US | 172.67.48.187:443 | images3.alphacoders.com | tcp |
| US | 162.159.133.232:443 | media.discordapp.net | tcp |
| GB | 143.244.38.136:443 | assets.puzzlefactory.pl | tcp |
| US | 162.159.133.232:443 | media.discordapp.net | tcp |
| US | 8.8.8.8:53 | 132.75.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| N/A | 127.0.0.1:50032 | tcp | |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 44.232.194.163:443 | shavar.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:50049 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 44.241.205.248:443 | location.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| FR | 23.200.87.12:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| GB | 173.194.3.70:443 | r1---sn-aigl6n6s.gvt1.com | tcp |
| GB | 173.194.3.70:443 | r1---sn-aigl6n6s.gvt1.com | udp |
| GB | 142.250.200.3:443 | id.google.com | tcp |
| GB | 142.250.200.3:443 | id.google.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| NL | 128.116.21.4:443 | edge-term4-ams2.roblox.com | tcp |
| NL | 128.116.21.4:443 | edge-term4-ams2.roblox.com | udp |
| US | 18.245.199.98:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| US | 18.245.199.98:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| US | 18.245.199.98:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| US | 18.245.199.98:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| US | 18.245.199.98:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| US | 18.245.199.98:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| FR | 3.162.38.18:443 | d143j4fdqe1jki.cloudfront.net | tcp |
| FR | 18.244.28.55:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.55:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.55:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.55:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.55:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.55:443 | js.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | roblox.com | tcp |
| FR | 13.32.145.114:443 | dapx4swc8lj69.cloudfront.net | tcp |
| FR | 128.116.122.4:443 | roblox.com | udp |
| NL | 128.116.21.4:443 | edge-term4-ams2.roblox.com | tcp |
| NL | 128.116.21.4:443 | edge-term4-ams2.roblox.com | tcp |
| BE | 2.17.107.249:443 | a1818.b.akamai.net | tcp |
| NL | 128.116.21.4:443 | edge-term4-ams2.roblox.com | udp |
| NL | 128.116.21.4:443 | edge-term4-ams2.roblox.com | tcp |
| NL | 128.116.21.4:443 | edge-term4-ams2.roblox.com | udp |
| NL | 128.116.21.4:443 | edge-term4-ams2.roblox.com | tcp |
| NL | 128.116.21.4:443 | edge-term4-ams2.roblox.com | udp |
| FR | 18.244.28.55:443 | js.rbxcdn.com | tcp |
| US | 18.245.199.98:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| FR | 13.32.145.114:443 | dapx4swc8lj69.cloudfront.net | tcp |
| FR | 3.162.38.49:443 | setup.rbxcdn.com | tcp |
| BE | 2.21.16.124:443 | support.microsoft.com | tcp |
| NL | 20.50.201.204:443 | browser.events.data.microsoft.com | tcp |
| GB | 23.36.249.131:443 | c.s-microsoft.com | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| IE | 20.190.159.23:443 | login.microsoftonline.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| GB | 2.22.97.219:443 | support.content.office.net | tcp |
| GB | 2.22.97.219:443 | support.content.office.net | tcp |
| GB | 2.22.97.219:443 | support.content.office.net | tcp |
| GB | 2.22.97.219:443 | support.content.office.net | tcp |
| GB | 2.22.97.219:443 | support.content.office.net | tcp |
| GB | 2.22.97.219:443 | support.content.office.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.97.22.2.in-addr.arpa | udp |
| NL | 20.50.201.204:443 | browser.events.data.microsoft.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| BE | 88.221.83.211:443 | www.bing.com | tcp |
| BE | 2.17.107.123:443 | r.bing.com | tcp |
| BE | 2.17.107.123:443 | r.bing.com | tcp |
| BE | 2.17.107.131:443 | r.bing.com | tcp |
| BE | 2.17.107.131:443 | r.bing.com | tcp |
| BE | 2.17.107.131:443 | r.bing.com | tcp |
| BE | 2.17.107.123:443 | r.bing.com | tcp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 151.101.1.91:443 | roblox.en.softonic.com | tcp |
| US | 151.101.1.91:443 | roblox.en.softonic.com | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | roblox.en.softonic.com | tcp |
| US | 151.101.1.91:443 | roblox.en.softonic.com | tcp |
| US | 151.101.1.91:443 | roblox.en.softonic.com | tcp |
| US | 151.101.1.91:443 | roblox.en.softonic.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 18.245.175.23:443 | sdk.privacy-center.org | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | roblox.en.softonic.com | udp |
| US | 151.101.1.91:443 | roblox.en.softonic.com | udp |
| US | 3.165.118.121:443 | c.amazon-adsystem.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 3.165.111.23:443 | www.datadoghq-browser-agent.com | tcp |
| US | 3.165.118.121:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.165.3.in-addr.arpa | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| GB | 142.250.187.219:443 | storage.googleapis.com | tcp |
| FR | 52.84.174.75:443 | config.aps.amazon-adsystem.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 104.26.2.63:443 | wct.softonic.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.65:443 | 8e0ce3e494dc0911bbc445717dff3f63.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| FR | 52.84.179.171:443 | aax.amazon-adsystem.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| FR | 13.32.145.94:443 | api.privacy-center.org | tcp |
| IE | 63.32.125.49:443 | ap.lijit.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| IE | 52.50.174.169:443 | ad.360yield.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.206:443 | analytics.google.com | tcp |
| US | 104.26.2.63:443 | wct.softonic.com | tcp |
| BE | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 216.58.212.206:443 | ampcid.google.com | tcp |
| BE | 74.125.71.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.125.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.0.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.174.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| IE | 52.94.222.140:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| DE | 46.4.139.58:443 | s.richaudience.com | tcp |
| US | 8.8.8.8:53 | 140.222.94.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.139.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| GB | 23.36.248.193:443 | ads.pubmatic.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 104.18.38.76:443 | cdn.indexww.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| BE | 2.21.16.25:443 | contextual.media.net | tcp |
| IE | 54.73.162.61:443 | ce.lijit.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| GB | 23.73.139.80:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.72.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.16.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.162.73.54.in-addr.arpa | udp |
| NL | 81.17.55.109:443 | ssbsync.smartadserver.com | tcp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| IE | 34.249.65.85:443 | match.prod.bidr.io | tcp |
| FR | 99.86.91.26:443 | api-2-0.spot.im | tcp |
| US | 52.71.111.127:443 | sync.srv.stackadapt.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 52.50.65.213:443 | jadserve.postrelease.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| IE | 34.249.65.85:443 | match.prod.bidr.io | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| FR | 51.178.195.216:443 | rtb-csync.smartadserver.com | tcp |
| NL | 35.214.224.211:443 | csync.loopme.me | tcp |
| US | 52.72.91.47:443 | cs-server-s2s.yellowblue.io | tcp |
| FR | 51.178.195.216:443 | rtb-csync.smartadserver.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| FR | 51.178.195.216:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| FR | 178.32.197.53:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| GB | 216.58.212.226:443 | cm.g.doubleclick.net | tcp |
| US | 104.22.50.98:443 | spl.zeotap.com | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| DE | 18.197.7.178:443 | rtb.mfadsrvr.com | tcp |
| GB | 216.58.212.226:443 | cm.g.doubleclick.net | udp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| BE | 2.21.18.175:443 | eus.rubiconproject.com | tcp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 85.65.249.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.65.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.111.71.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.224.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.91.72.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.151.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.7.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.140.121.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.18.21.2.in-addr.arpa | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| US | 163.181.154.232:443 | leap.ldplayer.gg | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 163.181.154.233:443 | leap.ldplayer.gg | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| FR | 3.162.38.2:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 2.38.162.3.in-addr.arpa | udp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 18.245.175.116:443 | js.adscale.de | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 3.77.240.184:443 | ih.adscale.de | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | invite.ldplayer.net | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| FR | 3.162.38.78:443 | apien.ldplayer.net | tcp |
| SG | 8.219.96.60:443 | invite.ldplayer.net | tcp |
| US | 8.8.8.8:53 | api.ldshop.gg | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| SG | 8.222.229.130:443 | api.ldshop.gg | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| SG | 8.219.96.60:443 | invite.ldplayer.net | tcp |
| GB | 142.250.179.226:443 | www.googletagservices.com | tcp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| SG | 8.222.229.130:443 | api.ldshop.gg | tcp |
| US | 8.8.8.8:53 | 184.240.77.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| SG | 8.219.223.66:443 | usersdk.ldmnq.com | tcp |
| US | 172.64.146.152:443 | cd.connatix.com | tcp |
| FR | 99.86.91.43:443 | tagan.adlightning.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 66.223.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.91.86.99.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 23.62.61.178:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.178:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.178:443 | articles-img.sftcdn.net | tcp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| FR | 18.155.129.39:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| IE | 34.255.230.248:443 | bcp.crwdcntrl.net | tcp |
| NL | 64.158.223.146:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | 39.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.230.255.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.161.49.23.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | tcp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | rtb.adxpremium.services | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| DK | 37.157.2.229:443 | adx.adform.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| US | 172.64.153.78:443 | mp.4dex.io | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| FR | 178.32.197.49:443 | prg.smartadserver.com | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| FR | 178.32.197.53:443 | ssbsync-global.smartadserver.com | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.140.106.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.2.157.37.in-addr.arpa | udp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| DK | 37.157.5.132:443 | c1.adform.net | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| NL | 81.17.55.109:443 | ssbsync.smartadserver.com | tcp |
| FR | 51.178.195.216:443 | rtb-csync.smartadserver.com | tcp |
| US | 172.67.138.13:443 | adxbid.info | tcp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| DE | 3.125.128.81:443 | match.sharethrough.com | tcp |
| IE | 79.125.111.123:443 | ice.360yield.com | tcp |
| FR | 51.178.195.216:443 | rtb-csync.smartadserver.com | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.128.125.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.111.125.79.in-addr.arpa | udp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| IE | 52.214.131.115:443 | a.audrte.com | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| DE | 18.197.7.178:443 | rtb.mfadsrvr.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | 113.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| GB | 89.187.167.6:443 | vid.vidoomy.com | tcp |
| US | 172.64.149.23:80 | crt.sectigo.com | tcp |
| IE | 34.249.65.85:443 | match.prod.bidr.io | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | udp |
| US | 52.71.111.127:443 | sync.srv.stackadapt.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| GB | 89.187.167.8:443 | vpaid.vidoomy.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| ES | 212.36.83.246:443 | a.vidoomy.com | tcp |
| FR | 52.84.186.104:443 | d3n1ms4uhtqgov.cloudfront.net | tcp |
| FR | 18.155.128.109:443 | d1arl2thrafelv.cloudfront.net | tcp |
| FR | 18.155.128.109:443 | d1arl2thrafelv.cloudfront.net | tcp |
| FR | 18.155.129.14:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 90.193.84.52.in-addr.arpa | udp |
| NL | 104.97.14.232:443 | aefd.nelreports.net | tcp |
| NL | 104.97.14.232:443 | aefd.nelreports.net | udp |
| NL | 128.116.21.4:443 | edge-term4-ams2.roblox.com | udp |
| FR | 52.84.186.104:443 | d3n1ms4uhtqgov.cloudfront.net | tcp |
| FR | 18.155.128.109:443 | d1arl2thrafelv.cloudfront.net | tcp |
| FR | 18.155.128.109:443 | d1arl2thrafelv.cloudfront.net | tcp |
| FR | 18.155.129.14:443 | encdn.ldmnq.com | tcp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| IE | 52.209.124.52:443 | ad.360yield.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| DE | 46.4.139.58:443 | s.richaudience.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shield.reasonsecurity.com | udp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| FR | 18.155.128.116:443 | d1arl2thrafelv.cloudfront.net | tcp |
| FR | 52.222.201.32:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| FR | 52.222.201.32:443 | shield.reasonsecurity.com | tcp |
| US | 52.41.192.70:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 116.128.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 23.73.139.8:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 70.192.41.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | update.reasonsecurity.com | udp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| US | 18.245.199.36:443 | update.reasonsecurity.com | tcp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | electron-shell.reasonsecurity.com | udp |
| US | 3.165.113.87:443 | electron-shell.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 36.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.4.219.8.in-addr.arpa | udp |
| US | 104.18.41.104:443 | img.connatix.com | tcp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| GB | 23.73.139.8:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | home.mcafee.com | udp |
| BE | 104.68.84.174:443 | home.mcafee.com | tcp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| US | 52.41.192.70:443 | analytics.apis.mcafee.com | tcp |
| US | 52.41.192.70:443 | analytics.apis.mcafee.com | tcp |
| US | 104.18.41.104:443 | img.connatix.com | tcp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| FR | 18.244.28.10:443 | cdn.reasonsecurity.com | tcp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| US | 34.235.5.104:443 | track.analytics-data.io | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
Files
memory/3056-0-0x000000007458E000-0x000000007458F000-memory.dmp
memory/3056-1-0x0000000000780000-0x0000000001886000-memory.dmp
memory/3056-2-0x0000000074580000-0x0000000074D31000-memory.dmp
memory/3056-3-0x0000000074580000-0x0000000074D31000-memory.dmp
memory/3056-4-0x0000000006380000-0x0000000006388000-memory.dmp
memory/3056-5-0x0000000006800000-0x0000000006838000-memory.dmp
memory/3056-6-0x0000000006390000-0x000000000639E000-memory.dmp
memory/3056-7-0x00000000068F0000-0x00000000069A0000-memory.dmp
memory/3056-8-0x0000000006D20000-0x0000000006D96000-memory.dmp
memory/3056-11-0x0000000006CE0000-0x0000000006D02000-memory.dmp
memory/3056-12-0x0000000006DC0000-0x0000000006DDE000-memory.dmp
memory/3056-13-0x0000000007260000-0x00000000075B7000-memory.dmp
memory/3056-14-0x00000000076D0000-0x000000000776C000-memory.dmp
memory/3056-15-0x0000000074580000-0x0000000074D31000-memory.dmp
memory/3056-16-0x000000000C300000-0x000000000C308000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d0f84c55517d34a91f12cccf1d3af583 |
| SHA1 | 52bd01e6ab1037d31106f8bf6e2552617c201cea |
| SHA256 | 9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c |
| SHA512 | 94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171 |
memory/3056-27-0x00000000107A0000-0x0000000010D46000-memory.dmp
memory/3056-28-0x000000000D9C0000-0x000000000DA52000-memory.dmp
\??\pipe\LOCAL\crashpad_3700_HJLHZMDFGUGIMMRB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ade01a8cdbbf61f66497f88012a684d1 |
| SHA1 | 9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f |
| SHA256 | f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5 |
| SHA512 | fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 134328d6e77366fe721682115faa9296 |
| SHA1 | 184f31acba1ab62da5f6514d68c4215441b572d8 |
| SHA256 | d2313d0608db49a7a4b70a7a73aa5d200c75fd8743de6a982f729b0c6c5a33b3 |
| SHA512 | 66778e48da0b3b439008a2a1b20d98548770f0b72d4824f1cbac49cfe85be5a93f2031f6e9c63fca22025eb3c7ec1b0caca167fa09d342452c6ace166a520863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 33a97bcd8f6b49817c6677cb0106ee78 |
| SHA1 | f271ea093cf2f2743a03a38354bdd2366f40f6ff |
| SHA256 | 240b8b828da107f7954e59e63ee0f8bf42d2d41ae21f82ee7e99df262265ffa5 |
| SHA512 | 171cce9a08d5a562d15a339c827be3c4c2394f1f9cf8c5dc266e1dfa77ae28496fc857651c9411c30ec41a3e2335e9537073d13ad0022ea0423fa7e54ca12ca3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a00ffa973eabda4cef9e9e18bdfd7c57 |
| SHA1 | f7b87f9f474643466f71a1cab2345405b7de51b2 |
| SHA256 | eb4167d0273ccc79776cc1af76843f2477bf8cf7ec03303c229c7b2ef9767a20 |
| SHA512 | 50c23de3aa218d36990e799ef706f0f5ad45115c39cfa893c36fe98160ea8d0e6a5056d11025ba01a2de8f14b52d6232bd6becf8881b468a84099c58bb964e18 |
memory/3056-210-0x000000007458E000-0x000000007458F000-memory.dmp
memory/3056-211-0x0000000074580000-0x0000000074D31000-memory.dmp
memory/3056-212-0x0000000074580000-0x0000000074D31000-memory.dmp
memory/3056-213-0x0000000074580000-0x0000000074D31000-memory.dmp
memory/3056-214-0x0000000074580000-0x0000000074D31000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ef4f425cecdcc2ff01131f17abc2ff4f |
| SHA1 | beb2b56dd195a5e27bbe2b9d75fc16313733ada8 |
| SHA256 | a4e82abcb13e6b47b9307b7be9752948b5d3c383890206f198352d4d61a5acd9 |
| SHA512 | 1594fa98f4b35429c8f6d97afdd68e3a5a91e0d27fe6150093916ee0eb52be2411839956ca894c3ad6545f56830b6b53bcb0559a97ddd5e4bdd10c5775aedd6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 18ac9fe94e6e1654fb1e4c9f823dfa21 |
| SHA1 | 5492492cfceed208c813f96db04915405f3b05f5 |
| SHA256 | 81b27c447db746fa9c109683ffeccc4155a47d35720fff805e3035534babda2b |
| SHA512 | afcb83df7db943ef59241e3e7129adbb30c3c0da085cb8dcf03e8637b6d11d7e58261d5c3e84df21049551123f3cea224f54a5ddc1549313eee6999f753d0d0d |
memory/3056-229-0x000000000C4E0000-0x000000000C4EA000-memory.dmp
memory/3056-239-0x000000000DEE0000-0x000000000E068000-memory.dmp
memory/3056-245-0x0000000074580000-0x0000000074D31000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 437576138ec218433b5d7f6ab8debcc5 |
| SHA1 | ed33bafd0fa815ca8489a9dbce7034effe324c76 |
| SHA256 | b77be78b210e6f9203d8ab373e9c4de3e97db7feda116c259ba9976d479897c1 |
| SHA512 | 18ffeb8359e60a95da869a59c7a0b6a3848e09475796a0ef4f7aef0ca5476cb62776e6f51738994321f450590037d985ebc5e6b9fde209592a0c03a84ebd2ece |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\d9a7f902-6c6d-48ab-873e-4764facb013b
| MD5 | f1017f69d25bddb3434d59913a013846 |
| SHA1 | 0f9bd03a84f02a0fab8536e5733216af56a0cb9d |
| SHA256 | c5ab1657474e1bcbc166a6c9a547667a3827488b2aa688fae4b53404269b23a1 |
| SHA512 | 8315f26a74390faddea09eea12d876b66468f3eccbef670dbb317ced9adf0267a2504735c55e29798372aecebfe3d2c541c27e4038ee10ffc341007077b3759c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\bef668cb-83cb-4b04-951b-5721e978cb12
| MD5 | 33cbf7f1a63b179fa75f256f75e56c96 |
| SHA1 | 686c2811247c66e37af03c7cef33c54bbba7a3b3 |
| SHA256 | 43eb39b24ec8331c482ad2aa7c785e63af1f176c15202bf363e7a625b422782b |
| SHA512 | 3df780ae9a70d1ab4b1433dcb9272099bb9656dae6e907f720bdd0283c28c89a52ae8f24e4a77157f6d5eb0ecb3c45b2f47b5768534fd4ed5657c70c5de0d39c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\70f3183d-e228-4400-a9be-f3c4231219cb
| MD5 | e0bd5c399034c0ae170c0f6108e9003e |
| SHA1 | 950cfc46724007321030a816d04b8e1663d9121e |
| SHA256 | d58fe7aa07e7ec6eddd705c57f0087fc335b9b55352f8aee73a6b804c238cc10 |
| SHA512 | c28d4ccc90999c0f3a5df0672a8e9bda2aa77d3f112d2508f4103cdd5006d9d0be0f12bd458cf77e4bff0248a4308b000951f331d1f397320fb2e020de092bbe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e1f3fa1073849de1110e4ea78c3dc9db |
| SHA1 | a0cdc9152dd5daacea9b12075bf394eff4cad68f |
| SHA256 | c5039e6da1f4a36952c7af944ffce544a786d0c69ba9f442d28581c73e087b34 |
| SHA512 | 5d997bc1683930908937524494c3dd9bdd74b95c86ee193591049cbf618df8e869ec5e11d7a775263a0c43bd2afe059ab7924645b6ac22aba2ff06cad6467ad3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 10fc86c40968dfb0ee01735790276280 |
| SHA1 | 8139bbc4e88058541296aad5e16adcb5736dce0b |
| SHA256 | 588b1347cf5d06b6da2d69a17d8aeda0be2c1c83a5383e420f1ac48e366593af |
| SHA512 | f5cdb71b19aea63f6f66149cf68cf5c12b37ee19dcf574120a5d5f7c59fccb722eb21566519b67a21ab6c8e6a52f08253f52d27bb8ceb3eb193c8f5fab3a3b61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 25e4300c801bfbb00dae8ba999e0d755 |
| SHA1 | 06700161a74442f11b6b0950118dd670cdef8f44 |
| SHA256 | 5292592931a8ccf65291aaee6db2f9ed380219dcb864f297df87cdd8c7668f90 |
| SHA512 | 8cad74782f2e338bf1ba5dc907c4a031e86728d4d54d8efd6e3516c2c95b8b3ea5aea2c2b30e38447256dffe3038e7e5a119793f4d62281d9e719f1ff9775a36 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin
| MD5 | 717b171ac4b24be167573f359e166224 |
| SHA1 | 63d9fe7034a8265d2daf84b6ae5e84b00d76e8f4 |
| SHA256 | d8b24d6d34d7743a1de7e28954f6aab3e8a10197bb055f49beec84e0df8dd689 |
| SHA512 | a9d5be9feb8fc5528ecffde87185fa00cd77d8f5990ff95bc2fbe7d253dbabc3871677a9edc63a544d1731dd63de5fada42a5cf695553ad9f6adc8bc3c85e936 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 56641e542d70a03e2bb087b6e6de538d |
| SHA1 | 4c06c0a2304625bf440e2c576f10aeb11ef25bc2 |
| SHA256 | e958ce50360d292d94acad244f2b462366e45bf7490dfd79c189ffebb5ec34bd |
| SHA512 | bdcd56da83f0d947e875f0f9451023a5610d841ff62a16a7929d7d0ca594277ccde42d78cad824a24fcd5cc797efd54650122b6163a0f1d6c22abe515462ec34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a52a6ad968c017f929b690b34f1efee4 |
| SHA1 | 0b0c8c431b43ba3c39b19529211ea97afa92e9dd |
| SHA256 | 1d4748ecd2f18ae5396165c15b889b85f61977a7c673f71432f5c53ec97f02d3 |
| SHA512 | 1560c4279d10839f54c6615c2ff25981fff23ffee4cb65ff4c0236abd0a8735960c0621fed5ae05d2c0e80d6b9ec146c05647a1d42790d3b3e6bc05ffc10e7b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584cb4.TMP
| MD5 | 816849bc354904bd936d000c1d16a11e |
| SHA1 | 6f24a66940fcb2b2daba7056db448608ac5130d0 |
| SHA256 | efc638a955c296b9dcc37ff0d68332ac2e8b4465db5e7f9c37d99ba0ce155753 |
| SHA512 | 614fe852399dd3fe3c2ac18371aeb9b1776fc0f1f4f75e3b96f9236c78d79427c4930c317803787c48e3254b25a62a0435de746e5b070fe240920cb12b7c593b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cb3f345459567182047a7237327bb8af |
| SHA1 | bebf8b3601aec65062b69c1d505d4df958d2ddab |
| SHA256 | 2d572bd1d0dd95608a4f2f49bfca5578931c1afc34b9872e1851930918d0e22a |
| SHA512 | 91ddea591dc3a843cd5c14d75d4c2141bd405e27b234789a20c6e523ca71ee72eb33f6d3709e1facb5a6f8781ae95df6267494dfb7e94e12d7948d8295485196 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | d0275884f33890e967eb684fc7960a14 |
| SHA1 | ddfada4c749be8cdff3fe4ae3680a9454b8f3f50 |
| SHA256 | ec1fc36fcb008325aac4e95eae20110bcde5ac957129fd9d2ba765537dc8c872 |
| SHA512 | 83ee2f05754de1588d002b180bab51a68dedb55c95aed5b5763b98a12957af53c128d4193b2ea0fbb8c79e22b6d0f3cd2b5735f12da6bb5a58ac99db71bd525e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 82a2e849ac0ab08c0f7bae7e0a8784aa |
| SHA1 | b821300ff75be3ffca0fea9c2797f03b8247a65c |
| SHA256 | cf9569f04762d16e1acc8df603ce82e87b8d8e0285d9eb39f2c4ce12a9981eaa |
| SHA512 | af9733847327ade6d8687ad9a51c406dde077d9a766eff432ad72bddc69213cfc53fe43fac49ee9bb55608591c96fd31b9747ee6698f468bc28bd96d1d57436b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | 3454b7fc1e021c13b64b2dee477604ff |
| SHA1 | 235fca524bb2f5e339d05c93213e3cf656a778a1 |
| SHA256 | b5fe14994d89ded6ed6acf395d8ca2e8bab905de8719de7ec5ec9fc417ef8c62 |
| SHA512 | 3125bd82c329570dc3e14c2193a78debb03b911389cb1fc3dc73da366c595f14f35e634b697e39b09820210a9c8a91be3fe8070d5943b64fedd3fd711643f900 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 0ac3a56b9cf13f404bbd4fec6655b0aa |
| SHA1 | 19a00bf477f7e534c401c0df552cdc4f585e379b |
| SHA256 | 05ee5dfd36429e2df20789577cb24c2727cffc6369365586b5cbd801a4e8dc0d |
| SHA512 | 4e9e96b52baf7a23a2a1d65724f56ab6a17c6498344c57cd9fd13e016357c44274b9292189af3afeeb10e4545b8da685ff38f4589954705f8958b58d0b6b0128 |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
| MD5 | cfefb36838560b726b44c5eb64bc55f6 |
| SHA1 | 28b9646a5d6e9aecf4b6cdf6bb97fe30f18900f3 |
| SHA256 | eb02f21fab1f3bd916d086a5129c7d9aa39027cab9b61e93866e0bfb0724d85a |
| SHA512 | 732173841815647fe8d3fa758669afebcf9e754c93ed1722b4d4119d04f6a5297ca6177ee1c777b3302ff6f72a810a037b2d344c66ba6086af791ed8a50c9519 |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier
| MD5 | 40cf653374691fda80428fd3e053b02e |
| SHA1 | ade26f417c4cd5ff44cfdc684db48a850a57b840 |
| SHA256 | 2bffa360b610bbeae2ca6479218a4955c6830b191352845f48eb566bbe4578e6 |
| SHA512 | bf610c3d7f8aa328a08bab69bb2d96dcebba3b030eb09309999b15c15d72ec1d0e83f2e00f9e090f5cd514ae4f020262d145864d569c35e395fd2bdd7b68e444 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | cb5be7a7f610633cdfe6f0511244aa4f |
| SHA1 | 55484fd2a8158713cae4629af0291e4b9f0e9805 |
| SHA256 | 52b6ef881c8fc307ba234113175370dd61c028e63612adb02e2b1326f40a2702 |
| SHA512 | 5de30f1179f645af75b02125f60c60c6ac53fc93a28ca4efe476da14fafda1fd590ba3d5d0d5fa4a7f3e062c271c9374e49d97623e9f627380e8c8b4982ed1c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6e209122a19f66252d0f11abe024e428 |
| SHA1 | 2aeab1f115bc0c0e4437f5815bc5eb04b7d29684 |
| SHA256 | b3c7ffb997b93935a32c7ab729ecd6937f6699782365f9c2289c7ab25dfd6743 |
| SHA512 | 0949ec47c9b24ffabe55a8553b8396d9e1a06e56a968cbe7a730db9995aecedff0c891d6667fa7763ea4d9a4c7911f529e7e1534e37619bf6ac62f540eb66d0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3c488c945e6270fc0093c972e9898cc9 |
| SHA1 | 7758606950a846a2f0b0a6e8b0cd7574fad59b3e |
| SHA256 | 375a7874542cadeede7016eb10eebcf56b407b69f5f6ba27181011dd4e1cd4f5 |
| SHA512 | ac8aa4fa571bf407e9a0ad6bab51d2f9b1f36bc87564a6fe2afa26db7d2905a0cb032786d0b9b1ecdb10227979d42834d2934340139d24d18a2978e00489b789 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | d08ff51f097136b03d37e08458b8d973 |
| SHA1 | c6f968ae076423211b0514bea6fa3a1f17625bea |
| SHA256 | d57eb61ebbb383ef24d0015e4277b409e320db30b92c0b65f72f15691e66c451 |
| SHA512 | f58a51b139369d37016892e79402f48e184cb4d4aa4080789b2d4e19af236cf6befbd8d7d43e0e05dc7678bb284e185117dcf954076d6ed75808ad787c625b85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c5168bc754c12097b2010766560b26e9 |
| SHA1 | 95d0af34d80a706e01b4a5afb8ba69550e2b7b0a |
| SHA256 | 4454ba9e5c1a25989bc6bca8b7ec2c961cf1f14ae7020b8cc1920daef84251de |
| SHA512 | 7828205ab0bf89f08f0455282917baa1060f8c7064f9e528cbfc386436abd808e0ed542d46b5c6bd11b10d1f194a0d1ca785d8bd68966505c8d20d678769b8b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cdecb27a5c08d7b5e9e9958b1351e6c9 |
| SHA1 | 1a520afea95af8087959e28ca8190d49e2fe2552 |
| SHA256 | a8b96991024e2e7dda3f2d9251dcffa67e777b67fed1993c3cdc7502dcd0fe4c |
| SHA512 | 389080a284e8f7954547758e5b5e498529e1e63258aabf3bb64a5490637ddd3d097a6b190592e48ec85e416be9ed222d78682009d269e4de141e75d55108e761 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074
| MD5 | e279b5e0a16e5828f623ef1079b67b75 |
| SHA1 | 3b78b6a493a6e453973f828b615cf13a8e7a97ff |
| SHA256 | 46f18aa0c06fef19a1afaf16f54e2ab6b8c8fbcd76fd8af2da4199a03a7e5caf |
| SHA512 | 04d6f716e89183d97b918b2985ac9eea749364d21795bae6e53bbed05588e5ea0e08ec62c686beef55e64999321f8ef74d1a00f85b5778470b744ad6f95bb47b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 79da91cfca96f7f39b3bd6c133cf05f2 |
| SHA1 | ec1cce011a8db6d9bb2314ddd5455cbc6ed9bb67 |
| SHA256 | a11e2f4543cda9e2d4dded879145faa9790ebf4a831082053351e78b2d621b9b |
| SHA512 | 63c84e74e5e914ad206d32521c0e806435203c5f7bab63584831b5673937b28547c1d2bfc3212114459f9b2a905a39760afbb510c1bae569102516153ea95900 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054
| MD5 | 9a8ceef2725801e17be5c55b0a7b6887 |
| SHA1 | 567f8cc2c9704f0f9186e50bb7ed9582bc3ac924 |
| SHA256 | c34f0544214631ecebb3d75ea3e9876f8096703b293266fdcb6426952fc98027 |
| SHA512 | 57c534210f5905ae7d74e3adb6c39ad3d387797786b9a9b8def51508f83b83e97dbca9a48dd0bf38dadb6ea81dc5769d704c8ad58471baf727866eb06c2c4dcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087
| MD5 | 70de1f52912e7ea07c158a80bf841fb2 |
| SHA1 | ce6a7d12ff7a2b008d1c27e17d0183ef44ec4ee5 |
| SHA256 | f0e881ec68c72d09f856ab4005ecdc633ca244ca2a59e911ea816dc6c50acae0 |
| SHA512 | fde93436cedb836222f24e70fb5ce846af4eba283db460adf23ad622a4438f2347787fe7a025c6aca956cb0e972f055f26483dbaa31d48a2e94c70bb962e2361 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2
| MD5 | 69ef77257c7fa3a494a232f90b05d55c |
| SHA1 | 19dc83dc05f718e9693de231d48bf0307d8d29a2 |
| SHA256 | d1ec04bcd468208a30012d660d1e857bd9d4d937957d45bb10cc7483de435421 |
| SHA512 | 1b95ee10d622e1468e04691dc47fcb59da6349ba8cdc0814ac8d27a0ebcb9c09692ef1b86533ebd59f2bca87f3340cbe032a011223afe4e7db018af47bab38ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7
| MD5 | 1aca735014a6bb648f468ee476680d5b |
| SHA1 | 6d28e3ae6e42784769199948211e3aa0806fa62c |
| SHA256 | e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a |
| SHA512 | 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8
| MD5 | 856a3daa268de8801e7cfd5b727b6de2 |
| SHA1 | 8e099b433518980e657c7541c49b498e6b83430d |
| SHA256 | b870ae3c5216311e1dd7b8662e01d1fa3326edc85a98a58247cd37b8cfca0be5 |
| SHA512 | 2f191ea906a3551576ab14e607fdde9930fcb15f15ffb40a8c5999ba07224bbb8ea69918db11d1cd719a3d57510edd466ad2b9199c6a45a48463b0020a2e6eba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e6f2aded60672fd91ef5c5db93fa9c9 |
| SHA1 | ae2ea149adba18a2ed4a2ce8cbf3828102f3a897 |
| SHA256 | 86999d53cd0b8a8e0831c8f680e6784d517d0a550c757ff9072bf9263e89d8a7 |
| SHA512 | 2f63d58bac8d5da1f536375881af5ebdd0e400a25bccaf8fa98cba29a8616907629ee301746553a1e40c9ccc126ab151b77a0621cdcc755eea9e4bce1f76359e |
C:\Users\Admin\Downloads\d95bce5f-dd94-4e09-a2dc-0fe7cce16a60.tmp
| MD5 | 3470dad8219537a4b4d9f1ff73436893 |
| SHA1 | fc5ba88ce9719ad6ba6febbaab971801cd625933 |
| SHA256 | 1f5cc5c2211c48f57acf7d4113a487fbbd74a423303102821c913139d7ff782a |
| SHA512 | 2cf931cf203650781ca27051cf58b61a26700cb492086ce04a8680a49126b63276c77241d5d3f31a8a948edf56e0accec57c78e620200d310af48fa076d33c94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 21798fd14b3f4edce4dbade048e5ed87 |
| SHA1 | 0080f1321c240dccbce1f616315d2e03462c0916 |
| SHA256 | 66116deadb9b0c5e87aed0c27b462069c8e502364dabe16707b5ce16d7c4ee0d |
| SHA512 | 2c3194510bdf2e3a70ca3ed7f1f74615c06cd8a14647b6f2b372b3e9ef879ba32f0f128758e4684c0080668efdb364b0d0cba5c2ed0be68d76e6f529b223efcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8aaa06008fe3035fd2bfe305d0be036c |
| SHA1 | 7ec0f9afd3d1dcf48b242b41be881bba14aa1bd9 |
| SHA256 | aa1bcfd92a82dd1996f23ebf463917a1a7be3d1030570776040743ca0ea6b8fd |
| SHA512 | a5f3a9aa0892ec421a950c8641a9a080fe94c373e518ab15d3d474ec9154352fcc472394341c5259f40831420230d75e39917a1d5e254e5f5bbc19fce3feff34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 35c728f522906e49b16a9a651a2ed550 |
| SHA1 | 1a0d4deb0a3093acf6e353528fcfa05f1faf5db6 |
| SHA256 | 24a034f85320e916d218188762437c791a270b431b1d4eb29cf9bba150e24314 |
| SHA512 | 7416b6fdc684d0cb9860abc6d39e4ed26cff6f82625b03f1b96b309e8a61701f973e6f4b122577f6f6148dd7da75dbd588c199bde114d3909bb3a24db53e9f52 |
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | 7d5d3e2fcfa5ff53f5ae075ed4327b18 |
| SHA1 | 3905104d8f7ba88b3b34f4997f3948b3183953f6 |
| SHA256 | e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4 |
| SHA512 | e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589 |
memory/8116-2387-0x0000000073560000-0x0000000073574000-memory.dmp
memory/8116-2386-0x0000000005BC0000-0x0000000005BD4000-memory.dmp
memory/8116-2388-0x0000000009900000-0x0000000009944000-memory.dmp
memory/8116-2389-0x00000000099E0000-0x0000000009A7C000-memory.dmp
memory/8116-2390-0x0000000009A80000-0x0000000009AE6000-memory.dmp
memory/8116-2391-0x000000000A020000-0x000000000A54C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7736ccfc96e3c7312ea36f20a61d7b91 |
| SHA1 | a7d6f309ce87bb3d603925b185df853df78724d8 |
| SHA256 | 3f7f71a12b092f9b16b7a360eda123fd626b1cae3614849a6646eef65dd985fb |
| SHA512 | 837eed966931a12d9cadc3bc472aa51065a6c4aa51ca422e35fad6261880a07ea44c2324eac1ec1a3f944504ba5586bf6723bfcac6cd3aab4a0383eab4240380 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f41564df7b2c8a8946d807e6cbe925e5 |
| SHA1 | 03c39aa0077dbf73eb7c1b7a69cb042859011004 |
| SHA256 | a0e46704ef8521f262893d81eb97174705410e90b41949d1579f4a8746f6aec1 |
| SHA512 | 93ab1c1f72fbca86d47bbf4e8a27371095a544a20023f18903da504bf6f05e094f9615dedb916786cc7e34d757355aac18e98b1165b8dae7b34acb7a1148085f |
memory/1112-2464-0x00000000734A0000-0x00000000734B4000-memory.dmp
memory/1112-2463-0x0000000005CC0000-0x0000000005CD4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f8c2dd35de8f9d4b35bac1e520b42e92 |
| SHA1 | 9672e5092369da056ac532181f3d427473b725fe |
| SHA256 | a992571248dfc87807ac705705c119b31897e9ef212a5fd1d99360b339d1a65f |
| SHA512 | cda1fdbaabccbc7896bbee97e16a3f661668aeb0c522a1c4450fdfe85ad68876e6d9c8fcbb73d6005fb98c89a81bd7c1056e4955f836b57b34cf32dbdcf647d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0683aca8f50036b3_0
| MD5 | e2182948f1cf59e7cfb90b732a36690f |
| SHA1 | 35ff1cb9d65f82ce79ad83d59f0b901393914944 |
| SHA256 | 47383267b30f7ae0e4667aead18f43c1d7a5c86612ee285932871232b301f9d2 |
| SHA512 | ec8f3cb04df4429cfed1b33dad09590309cf561c75ee8613476808f3fa81c8d440aa9a9ec02672d161d4ddb446b8ae37d5b42a75b61eabcb9103af802102bb29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js
| MD5 | 313e27b50af01aae74699c3471da9f8e |
| SHA1 | 6de2ca8b2f3b46ffdab2e2a8e21fe57f8e8e6944 |
| SHA256 | 93588f2bbceefe2c53e81f36ec16a8161065d30cd323e2b9da53f7edc0b391e4 |
| SHA512 | 5a25d0fb340167d776575bb6c8c35ad3cd014d475559b22fa76ec1e091901e5e6edcfaebc9da68ee3f49b462c35e962bcc61a27b3bd48a499b8a2d1249cbdc94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0d2b7c7f8993a11a3495c9654ffc282b |
| SHA1 | f78c05bde4892203ec4694540ed336c2e2982231 |
| SHA256 | 05ccb0268f6bc9874e55f21ba74819523fdb96ce668485cc47e828617cd925e4 |
| SHA512 | bffb1445acdfe27d199bf49adc770dcb3eeb163d20327cf5c3b03d2e700fe2ebc9f7ef1a85623e575fb962bbd0465d71bd55efe6320b1f661fbaf2be967eb553 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6a7e3a588331936c817c8d087d313bff |
| SHA1 | 2bde719d322265923e36069f39496912a115c857 |
| SHA256 | fd7251dc7b8b835105ced3556dd85ae8f52e91a33387cf084e9dacbd144d02a4 |
| SHA512 | 2cd82db184239152f3a1f33cdd019467dbac19ca8415610b18d22e295146dd8e481c28ca1df5e5522727cb8fc2cc7e8928c555f14a09b076130439fda2958f86 |
C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00200057003F001D0006.txt
| MD5 | 8f49a2b1faf5af62548666fe5e04e899 |
| SHA1 | ba1145726d7ea87ea71acd14d98c6f323bb03179 |
| SHA256 | e03b27117faaa5a7e04e3e29ab016d30320ff00840d787c20ece54f5ab6edad4 |
| SHA512 | a6a9c0d3174e3b6b40e926c8809b0023bdb39d97ae83fb8143532c5d82f1a9a5a3f9bf516c5f8f1f01b74c38f6356a00c46142c462d819da924203b712a264d8 |
memory/7636-2563-0x000001DFACB80000-0x000001DFACB88000-memory.dmp
memory/7636-2564-0x000001DFC76D0000-0x000001DFC7BF8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sfk20czv.exe
| MD5 | 6676518e445c141dd44bed41dd13ad5d |
| SHA1 | aa456e451146f8402dc636506d4815c348a2de0b |
| SHA256 | c8ecf7d20fac0de8a1f4e4dc7c58f23f3bef0975a1dc1837a40dad52d95a043f |
| SHA512 | df76db899cccf175b36090380c441a1d61912d40c47ad64641a6f78a29d16c055c864999f5f0eb3fc6901f3ba3a95023fd4886e7e1a22c54e9150d85f08303fc |
memory/8-2632-0x0000015BBA240000-0x0000015BBA2C8000-memory.dmp
memory/8-2633-0x0000015BBA720000-0x0000015BBA760000-memory.dmp
memory/8-2634-0x0000015BBC050000-0x0000015BBC080000-memory.dmp
memory/8-2635-0x0000015BD4980000-0x0000015BD49BA000-memory.dmp
memory/8-2636-0x0000015BD4940000-0x0000015BD496A000-memory.dmp
memory/8-2639-0x0000015BD4A20000-0x0000015BD4A78000-memory.dmp
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
| MD5 | 3068531529196a5f3c9cb369b8a6a37f |
| SHA1 | 2c2b725964ca47f4d627cf323613538ca1da94d2 |
| SHA256 | 688533610facdd062f37ff95b0fd7d75235c76901c543c4f708cfaa1850d6fac |
| SHA512 | 7f2d29a46832a9a9634a7f58e2263c9ec74c42cba60ee12b5bb3654ea9cc5ec8ca28b930ba68f238891cb02cf44f3d7ad600bca04b5f6389387233601f7276ef |
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
| MD5 | 58b8915d4281db10762af30eaf315c9e |
| SHA1 | 1e8b10818226fa29bfa5cdd8c2595ba080b72a71 |
| SHA256 | c19df49f177f0fecf2d406ef7801a8d0e5641cb8a38b7b859cbf118cb5d0684e |
| SHA512 | 49247941a77f26ab599f948c66df21b6439e86d08652caa9b52ffbcefd80a8c685d75c8088361c98dde44936e44746c961f1828a5b9909fecd6ce9e7e6d2f794 |
memory/3272-3011-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3010-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3012-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3009-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3014-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3016-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3020-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3019-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3021-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3018-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3022-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3017-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3030-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3037-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3036-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3035-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3034-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3033-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3032-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3031-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3029-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3028-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3027-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3043-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp
memory/3272-3026-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3205-0x00007FF6A3BA0000-0x00007FF6A3BB0000-memory.dmp
memory/3272-3307-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp
memory/3272-3305-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp
memory/3272-3303-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp
memory/3272-3287-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp
memory/3272-3275-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp
memory/3272-3274-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp
memory/3272-3269-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp
memory/3272-3249-0x00007FF6B6530000-0x00007FF6B6540000-memory.dmp
memory/3272-3248-0x00007FF6B6530000-0x00007FF6B6540000-memory.dmp
memory/3272-3230-0x00007FF662960000-0x00007FF662970000-memory.dmp
memory/3272-3204-0x00007FF6C7270000-0x00007FF6C7280000-memory.dmp
memory/3272-3201-0x00007FF6BE9A0000-0x00007FF6BE9B0000-memory.dmp
memory/3272-3185-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3183-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3181-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3178-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3174-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3152-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3147-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3139-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3133-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3112-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3111-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3109-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3099-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3097-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3086-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3085-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3065-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp
memory/3272-3054-0x00007FF6B6530000-0x00007FF6B6540000-memory.dmp
memory/3272-3046-0x00007FF694B10000-0x00007FF694B20000-memory.dmp
memory/3272-3025-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3024-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3023-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3015-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3013-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3008-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
memory/3272-3007-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | d30d75449d4a29b5871d9c7ac9d09520 |
| SHA1 | 37d0f7da88e68571c07d5aeebf1f1443b1bec894 |
| SHA256 | 4bbe763b5ff90418ba4131d3675a256d403f946b761a4a3524b5b221860a9434 |
| SHA512 | e0694c7595391e3a46b183c0245d5f91e50400f2722aae7435d17b3a8a421ac681b2c6fbbb9f793408af24fee9016eb15a5a3ee21d6c35149ddc6a365a3e8b73 |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 4092851fb7b463190aedf30087fc65fd |
| SHA1 | c3527c0018c2b5dc5834ef5fc6387fc23558fd3f |
| SHA256 | 322b35ffa37c261016b83bc635119e55c795ed8b20620e4293c9fe8d45917991 |
| SHA512 | af2e0fef55978dd223923d5319fa5f8bd3be24a683af7c5cfa6d582ef1f6ed32584c6e70bc54a50045b4065ef402afe01244ab1b275d93f6ace8bd4f8bd67778 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 2707f8f8f4327ec6e96184de1a101c5f |
| SHA1 | 6b92a33f4c6a20c1a67d833b9aec3dce9ef9c14e |
| SHA256 | cd0b248b21b19e7a5248037abac6411b3f6f5e692fcf99172d75925dc5867bad |
| SHA512 | f71628acdc5782add5fe650d24e243a6d017ddfa5154360e09282d761d843c5d589fc297f9000ce0a0922ff3334ba5d15123b7e34c32bf28e535cefa4b1a8a9c |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 7423763628eee95de3d25b84c30c5b3a |
| SHA1 | 221579d554f917429beb6110cf422d94ede141ca |
| SHA256 | 11efb025f8d76eb224c0db50e2e6c478f3bdc2d93aea86f33c5375595124663b |
| SHA512 | 45c406d8dd7a5eb05183528ee8581e17f5509908cd2a12b9c65e749649f5a17567c4f96938c6d6e66234e72903111f1754cee22ac4e06e363a92d15aa6ecbdf9 |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | a7b0dabf4a52b6827c35de1e05111ba6 |
| SHA1 | 21065f550492165d5290446e433e0f9cdefaeecd |
| SHA256 | b92f20569bcb06eb12a87d278592af03f564281ad9803eb8ee748eed0c4afbf2 |
| SHA512 | 5c4996df6335d5cf045f09d04ccf2382306ab4ab962dc2ab1889248df00f1470a336724bf137986df7be60e6b5b2417d75e4270b18f3f87fb533a8c1c530ed3d |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 94d0d8e600ee8a2c7c41453d983b0cf2 |
| SHA1 | 8c75dfa3099a833b7f82285a2e7a160c86d53385 |
| SHA256 | 694ea1e27d76550a48baf29604c33ba6ae3948a9d9114cfdddf28162e7fcf67e |
| SHA512 | b3034028425c6119c08e999d9bb00815840285649abe5815b4f36ad583879cbb235b455f73be0a53fffa6901ad5014c144f4c0f26c62ca8aad841fa143b5cf1d |
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
| MD5 | 135353974cbebf94b8bc48d682f8f5d8 |
| SHA1 | 0d8911efa7759516fc80961ec42ed6e15764ceb8 |
| SHA256 | 3da6db19e909805066bb41b1674b76b9b1946e99aefdee3ef96a0ee73b9914c1 |
| SHA512 | 1896e77b05162f9624ecc2139866186260b1adfb6a1918f04f9696dde2e7b5b4c2fb64533c20abc44ea0bc42afed692381cff956a458b1fb420e5b490f26f998 |
C:\Program Files\ReasonLabs\EPP\mc.dll
| MD5 | c85b6e5cbc8cd0cd668a95378cf2339f |
| SHA1 | a53d71a00a4d1ee74de71543846ddbeb568b29a1 |
| SHA256 | ef6f5493f21fa5fdac8b6b669ac6dbc0923e5c7c794f075413f27ca6ebeeb4b1 |
| SHA512 | 7067887375c5aa40b1732d648185a0d231b8d87a43b63fb3670dc5099a56c7c7356cce43dc48cad6e96c1585fdb2955afa8a50d3a1c7df1994e80705f76aaec2 |
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
| MD5 | fa16d0dc50b77c9f8703b5b36d774107 |
| SHA1 | ec426639f3bf3a563491ac53b70bb5eb92e5c314 |
| SHA256 | 94ad9f2b387a5e6cbd0f7b2259e37533ca80aaa69ba044db6a022661eaeb606d |
| SHA512 | b2e50634a6a7a116c71bb56dc045f29f79abd5d831ed1ac4a4fb7ab6a452321a814b9877b1c98cc0e185c6b6cab5bfe3e9435a43f9f4d1ff4d515109779372cd |
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
| MD5 | 4be222b0796df9d496e9ff02c389c304 |
| SHA1 | a50131cc3683aed3c32847cdd0b8b976951296ba |
| SHA256 | ae6d512a1d4f0f4b91a699c80eb6b97acd3bc59b22375a3039d74b58b31e9c2d |
| SHA512 | 26cccea83b3f1dfe84c63cacd4698d9eea373219cdf810f5dbc1ace313b1478d753eb5547ca186076e878883b462364dd80136805d7aadabd5917cf485a55eaa |
memory/8-5210-0x0000015BD4F90000-0x0000015BD4FE6000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 14:26
Reported
2024-06-04 14:35
Platform
win11-20240426-en
Max time kernel
211s
Max time network
279s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\ICSharpCode.AvalonEdit.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-04 14:26
Reported
2024-06-04 14:34
Platform
win11-20240426-en
Max time kernel
91s
Max time network
205s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Newtonsoft.Json.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-04 14:26
Reported
2024-06-04 14:35
Platform
win11-20240508-en
Max time kernel
211s
Max time network
284s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2148 wrote to memory of 2016 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2148 wrote to memory of 2016 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2148 wrote to memory of 2016 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\590.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\590.dll",#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2016 -ip 2016
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 620
Network
Files
memory/2016-0-0x00000000026A0000-0x00000000026A1000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-04 14:26
Reported
2024-06-04 14:35
Platform
win11-20240508-en
Max time kernel
209s
Max time network
284s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3076 wrote to memory of 4580 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3076 wrote to memory of 4580 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3076 wrote to memory of 4580 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\592.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\592.dll",#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4580 -ip 4580
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
Files
memory/4580-0-0x0000000001150000-0x0000000001151000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-04 14:26
Reported
2024-06-04 14:34
Platform
win11-20240426-en
Max time kernel
211s
Max time network
282s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3468 wrote to memory of 4596 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3468 wrote to memory of 4596 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3468 wrote to memory of 4596 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\Fluxteam_net_API.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\Fluxteam_net_API.dll",#1
Network
Files
memory/4596-0-0x0000000074C06000-0x0000000074F5A000-memory.dmp
memory/4596-1-0x0000000000D40000-0x0000000000D41000-memory.dmp
memory/4596-2-0x0000000074C00000-0x0000000075588000-memory.dmp
memory/4596-3-0x0000000074C00000-0x0000000075588000-memory.dmp
memory/4596-4-0x0000000074C00000-0x0000000075588000-memory.dmp