Analysis Overview
SHA256
15e7e475636235c78fc1a61b752f9bf000f5c2ad8507db286a9f9e11c253c60b
Threat Level: Likely malicious
The file sample was found to be: Likely malicious.
Malicious Activity Summary
Creates new service(s)
Downloads MZ/PE file
Possible privilege escalation attempt
Manipulates Digital Signatures
Modifies file permissions
Loads dropped DLL
Executes dropped EXE
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Drops file in Program Files directory
Launches sc.exe
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Runs net.exe
Checks processor information in registry
NTFS ADS
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: LoadsDriver
Kills process with taskkill
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-07 16:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-07 16:21
Reported
2024-08-07 17:06
Platform
win10v2004-20240802-en
Max time kernel
2700s
Max time network
2665s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2223\FuncName = "WVTAsn1CatMemberInfo2Encode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.1.1\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2003\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\FuncName = "WVTAsn1SpcSigInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\FuncName = "EncodeRecipientID" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverInitializePolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2223\FuncName = "WVTAsn1CatMemberInfo2Decode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.3\FuncName = "WVTAsn1SealingSignatureAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\FuncName = "DecodeRecipientID" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.2\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\82FDC4A8-C02D-4E4E-8C23-AFF61E77D825\dismhost.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\ldplayer9box\bldRTLdrCheckImports.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBTest.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-2-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-process-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-rtlsupport-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-multibyte-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-private-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-string-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.inf | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9VMMR0.r0 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcr120.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-environment-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxGuestPropSvc.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-time-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\loadall.cmd | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\capi.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp100.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\padlock.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\concrt140.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf.sys | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstAnimate.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-console-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-conio-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxRes.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\ossltest.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ldutils.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\concrt140.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\load.cmd | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VirtualBoxVM.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\msvcp100.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-localization-l1-2-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxVMM.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\ucrtbase.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup.inf | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\dpinst_86.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SUPUninstall.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxPlaygroundDevice.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-time-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\host_manager2.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SUPInstall.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxBalloonCtrl.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\VBoxRT-x86.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-handle-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\bldRTIsoMaker.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libcurl.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetLwfUninstall.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxStub.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\msvcr120.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-memory-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ldutils2.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBUninstall.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxManage.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSDL.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-interlocked-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_V2_utils.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.inf | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxAuth.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDTrace.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\fastpipe2.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetLwfInstall.exe | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\82FDC4A8-C02D-4E4E-8C23-AFF61E77D825\dismhost.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dism.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E9BB-49B3-BFC7-C5171E93EF38}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07da-41ec-ac4a-3dd99db35594} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC19-43FA-8EBF-BAECB6B9EC87}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\ = "VirtualBox Type Library" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C380-4510-BC7C-19314A7352F1} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}\ = "INATNetworkPortForwardEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\NumMethods\ = "26" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CD54-400C-B858-797BCB82570E}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2354-4267-883F-2F417D216519}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799}\NumMethods\ = "9" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3FF2-4F2E-8F09-07382EE25088}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2E88-4436-83D7-50F3E64D0503}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\ = "IUSBDeviceFilter" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\NumMethods\ = "36" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-48DF-438D-85EB-98FFD70D18C9}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0002-4B81-0077-1DCB004571BA}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5}\NumMethods\ = "16" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1}\ = "IMedium" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1EC6-4883-801D-77F56CFD0103}\ = "INetworkAdapterChangedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00B1-4E9D-0000-11FA00F9D583}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.ldbk\DefaultIcon\ = "F:\\LDPlayer\\LDPlayer9\\backup_icon.ico" | F:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E191-400B-840E-970F3DAD7296}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1EC6-4883-801D-77F56CFD0103}\ = "INetworkAdapterChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\NumMethods\ = "16" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CF37-453B-9289-3B0F521CAF27}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-659C-488B-835C-4ECA7AE71C6C}\ = "ISerialPortChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F4C4-4020-A185-0D2881BCFA8B}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-402E-022E-6180-C3944DE3F9C8} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C6FA-430E-6020-6A505D086387} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E191-400B-840E-970F3DAD7296} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\ = "IGuestFileStateChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{20191216-9CEE-493C-B6FC-64FFE759B3C9} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1207-4179-94CF-CA250036308F}\NumMethods\ = "17" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7F29-4AAE-A627-5A282C83092C}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-DAD4-4496-85CF-3F76BCB3B5FA}\ = "ISnapshot" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A161-41F1-B583-4892F4A9D5D5}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3CF5-4C0A-BC90-9B8D4CC94D89}\NumMethods\ = "17" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 204840.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8a1f46f8,0x7ffa8a1f4708,0x7ffa8a1f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,16692043477574113277,17370263689547816265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,16692043477574113277,17370263689547816265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,16692043477574113277,17370263689547816265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16692043477574113277,17370263689547816265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16692043477574113277,17370263689547816265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,16692043477574113277,17370263689547816265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,16692043477574113277,17370263689547816265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16692043477574113277,17370263689547816265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa8a1f46f8,0x7ffa8a1f4708,0x7ffa8a1f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x498
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5776 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16643796575214629494,17262201905671997321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9404 /prefetch:1
C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
F:\LDPlayer\LDPlayer9\LDPlayer.exe
"F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="F:\LDPlayer\LDPlayer9\"
F:\LDPlayer\LDPlayer9\dnrepairer.exe
"F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=328246
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\82FDC4A8-C02D-4E4E-8C23-AFF61E77D825\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\82FDC4A8-C02D-4E4E-8C23-AFF61E77D825\dismhost.exe {3641A373-88A3-4937-A3E6-CA63216E9FF3}
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
F:\LDPlayer\LDPlayer9\driverconfig.exe
"F:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa8a1f46f8,0x7ffa8a1f4708,0x7ffa8a1f4718
F:\LDPlayer\LDPlayer9\dnplayer.exe
"F:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.roblox.client|package=com.roblox.client
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1174317129564093333,555170591879442095,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 184.28.176.72:443 | www.bing.com | tcp |
| GB | 184.28.176.72:443 | www.bing.com | tcp |
| GB | 184.28.176.72:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 72.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.113:443 | th.bing.com | tcp |
| GB | 184.28.176.113:443 | th.bing.com | tcp |
| GB | 184.28.176.58:443 | th.bing.com | tcp |
| GB | 184.28.176.58:443 | th.bing.com | tcp |
| GB | 184.28.176.113:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 113.176.28.184.in-addr.arpa | udp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 58.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | apps.microsoft.com | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sparkcdneus2.azureedge.net | udp |
| US | 8.8.8.8:53 | images-eds-ssl.xboxlive.com | udp |
| US | 152.199.19.161:443 | sparkcdneus2.azureedge.net | tcp |
| US | 8.8.8.8:53 | musicart.xboxlive.com | udp |
| US | 8.8.8.8:53 | store-images.microsoft.com | udp |
| NL | 23.53.112.8:443 | musicart.xboxlive.com | tcp |
| NL | 23.53.112.8:443 | musicart.xboxlive.com | tcp |
| NL | 23.53.112.8:443 | musicart.xboxlive.com | tcp |
| NL | 23.53.112.8:443 | musicart.xboxlive.com | tcp |
| NL | 23.53.112.8:443 | musicart.xboxlive.com | tcp |
| NL | 23.53.112.8:443 | musicart.xboxlive.com | tcp |
| NL | 23.53.112.8:443 | musicart.xboxlive.com | tcp |
| NL | 23.53.113.192:443 | store-images.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | canvasstorageprodtorus.blob.core.windows.net | udp |
| US | 20.209.0.229:443 | canvasstorageprodtorus.blob.core.windows.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.189.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.112.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | 229.0.209.20.in-addr.arpa | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 151.64.8.51.in-addr.arpa | udp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | northcentralus-0.in.applicationinsights.azure.com | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.167.79.40.in-addr.arpa | udp |
| US | 52.240.245.68:443 | northcentralus-0.in.applicationinsights.azure.com | tcp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 68.245.240.52.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 20.209.0.229:443 | canvasstorageprodtorus.blob.core.windows.net | tcp |
| US | 20.209.0.229:443 | canvasstorageprodtorus.blob.core.windows.net | tcp |
| US | 20.209.0.229:443 | canvasstorageprodtorus.blob.core.windows.net | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | apps.microsoft.com | udp |
| NL | 23.200.189.225:443 | www.microsoft.com | tcp |
| NL | 23.200.189.225:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | xbox.com | udp |
| US | 20.236.44.162:443 | xbox.com | tcp |
| US | 8.8.8.8:53 | 225.189.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.xbox.com | udp |
| NL | 23.200.188.61:80 | www.xbox.com | tcp |
| NL | 23.200.188.61:443 | www.xbox.com | tcp |
| US | 8.8.8.8:53 | 162.44.236.20.in-addr.arpa | udp |
| NL | 23.200.188.61:443 | www.xbox.com | udp |
| US | 8.8.8.8:53 | 61.188.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets-www.xbox.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| NL | 23.200.188.61:443 | assets-www.xbox.com | tcp |
| NL | 23.200.188.61:443 | assets-www.xbox.com | tcp |
| NL | 23.200.188.61:443 | assets-www.xbox.com | tcp |
| NL | 23.200.188.61:443 | assets-www.xbox.com | tcp |
| NL | 23.200.188.61:443 | assets-www.xbox.com | tcp |
| NL | 23.200.188.61:443 | assets-www.xbox.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| NL | 23.200.188.61:443 | assets-www.xbox.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| NL | 23.53.113.19:443 | assets.adobedtm.com | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | 145.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | emerald.xboxservices.com | udp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 13.107.253.64:443 | acctcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| GB | 184.28.176.16:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 16.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| IE | 23.57.175.198:443 | answers.microsoft.com | tcp |
| IE | 23.57.175.198:443 | answers.microsoft.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 198.175.57.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| US | 8.8.8.8:53 | filestore.community.support.microsoft.com | udp |
| IE | 20.54.108.3:443 | filestore.community.support.microsoft.com | tcp |
| NL | 23.200.189.225:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 13.107.253.64:443 | consentdeliveryfd.azurefd.net | tcp |
| US | 8.8.8.8:53 | 3.108.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.18.190.141:443 | identity.nel.measure.office.net | tcp |
| US | 8.8.8.8:53 | 141.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.microsoft.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.251.36.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.134:443 | static.doubleclick.net | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.250.179.170:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.170:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| GB | 184.28.176.82:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 82.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.72:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 184.28.176.10:443 | r.bing.com | udp |
| GB | 184.28.176.10:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 204.79.197.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | 10.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | roblox.en.softonic.com | udp |
| US | 151.101.1.91:443 | roblox.en.softonic.com | tcp |
| US | 151.101.1.91:443 | roblox.en.softonic.com | tcp |
| US | 151.101.1.91:443 | roblox.en.softonic.com | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 151.101.193.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.193.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.193.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | tcp |
| US | 151.101.193.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.193.91:443 | sc.sftcdn.net | tcp |
| GB | 13.224.222.112:443 | sdk.privacy-center.org | tcp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.213.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.222.224.13.in-addr.arpa | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| GB | 13.224.222.112:443 | sdk.privacy-center.org | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| GB | 18.172.148.233:443 | www.datadoghq-browser-agent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | di-images.sftcdn.net | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| NL | 142.250.179.155:443 | storage.googleapis.com | tcp |
| GB | 52.84.90.126:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.148.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | cdn.btmessage.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 172.67.74.232:443 | cdn.btmessage.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.btmessage.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 151.101.193.91:443 | di-images.sftcdn.net | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| GB | 108.138.233.27:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | f76985aa747af768e86b150629a50c94.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | wct.softonic.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| NL | 142.250.179.193:443 | f76985aa747af768e86b150629a50c94.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 104.26.3.63:443 | wct.softonic.com | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| GB | 108.138.233.27:443 | api.privacy-center.org | udp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| IE | 54.229.107.66:443 | ap.lijit.com | tcp |
| IE | 34.254.40.210:443 | id.crwdcntrl.net | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| IE | 63.32.189.205:443 | ad.360yield.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| GB | 18.245.143.100:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| NL | 142.250.179.174:443 | ampcid.google.com | tcp |
| US | 8.8.8.8:53 | 27.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.154.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.107.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.40.254.34.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.203.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.189.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.139.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 104.26.3.63:443 | wct.softonic.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| FR | 185.235.86.145:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.239:443 | ag.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 195.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.122.95.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 129.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| DE | 168.119.146.39:443 | sync.richaudience.com | tcp |
| NL | 23.53.112.216:443 | acdn.adnxs.com | tcp |
| NL | 23.200.188.27:443 | contextual.media.net | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| NL | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| DE | 168.119.146.39:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| GB | 2.18.190.80:443 | player.aniview.com | tcp |
| US | 44.214.58.123:443 | cs-server-s2s.yellowblue.io | tcp |
| FR | 5.196.111.68:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | bc-sync.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| DE | 37.252.171.149:443 | secure.adnxs.com | tcp |
| DE | 37.252.171.149:443 | secure.adnxs.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| IE | 52.18.22.137:443 | match.prod.bidr.io | tcp |
| US | 54.205.9.1:443 | api-2-0.spot.im | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 172.217.23.194:443 | cm.g.doubleclick.net | tcp |
| US | 52.71.1.43:443 | sync.srv.stackadapt.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 172.67.40.173:443 | spl.zeotap.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 35.214.211.86:443 | csync.loopme.me | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 216.112.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.188.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.112.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.58.214.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.131.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.22.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.9.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| DK | 37.157.3.26:443 | c1.adform.net | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| US | 172.111.38.54:443 | tracker.open-adsyield.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| IE | 54.216.54.228:443 | jadserve.postrelease.com | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| IE | 184.31.23.174:443 | secure-assets.rubiconproject.com | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| NL | 23.200.189.62:443 | eus.rubiconproject.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.211.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.140.121.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.3.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.146.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.1.71.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.38.111.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.143.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.23.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.189.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| NL | 172.217.168.195:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| GB | 163.181.57.235:443 | leap.ldplayer.gg | tcp |
| US | 8.8.8.8:53 | 235.57.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| DE | 157.240.27.27:443 | connect.facebook.net | tcp |
| GB | 163.181.57.238:443 | www.ldplayer.net | tcp |
| GB | 163.181.57.238:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| NL | 172.217.168.246:443 | play-lh.googleusercontent.com | tcp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| DE | 157.240.27.27:443 | connect.facebook.net | udp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | d4f2efca590373692a0727a534389418.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.27.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.57.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.5.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.176.133.79.in-addr.arpa | udp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 172.217.168.246:443 | play-lh.googleusercontent.com | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| GB | 18.245.143.101:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| NL | 142.251.36.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | invite.ldplayer.net | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| US | 8.8.8.8:53 | api.ldshop.gg | udp |
| SG | 47.245.114.192:443 | invite.ldplayer.net | tcp |
| GB | 99.86.114.111:443 | apien.ldplayer.net | tcp |
| NL | 142.251.36.14:443 | apis.google.com | udp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| SG | 8.222.176.52:443 | api.ldshop.gg | tcp |
| SG | 47.245.114.192:443 | invite.ldplayer.net | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| SG | 8.222.176.52:443 | api.ldshop.gg | tcp |
| US | 8.8.8.8:53 | 49.30.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.114.86.99.in-addr.arpa | udp |
| NL | 216.58.208.98:443 | www.googletagservices.com | tcp |
| GB | 99.86.114.111:443 | apien.ldplayer.net | udp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| DE | 3.69.14.84:443 | ih.adscale.de | tcp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | udp |
| GB | 216.137.44.108:443 | tagan.adlightning.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| NL | 23.218.48.210:443 | secure.cdn.fastclick.net | tcp |
| NL | 23.218.48.210:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | oss.ld-space.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| FR | 157.240.202.35:443 | www.facebook.com | tcp |
| FR | 157.240.202.35:443 | www.facebook.com | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| GB | 79.133.176.194:443 | oss.ld-space.com | tcp |
| FR | 157.240.202.35:443 | www.facebook.com | tcp |
| NL | 89.207.16.210:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | 192.114.245.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.4.236.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.14.69.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.48.218.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | articles-img.sftcdn.net | udp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | cd.connatix.com | udp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | udp |
| GB | 163.181.57.234:443 | ldcdn.ldmnq.com | tcp |
| GB | 163.181.57.234:443 | ldcdn.ldmnq.com | tcp |
| US | 104.18.6.198:443 | cd.connatix.com | tcp |
| US | 8.8.8.8:53 | prs.sftcdn.net | udp |
| US | 8.8.8.8:53 | 35.202.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fe76f8ae7833a5eded44e33d2b8a29f4.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 234.57.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.6.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| NL | 185.106.140.18:443 | rtb.adxpremium.services | tcp |
| US | 104.18.11.176:443 | mp.4dex.io | tcp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| NL | 89.149.193.112:443 | prg.smartadserver.com | tcp |
| NL | 147.75.34.177:443 | prebid.a-mo.net | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| FR | 178.250.7.10:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | cds.connatix.com | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| DK | 37.157.6.233:443 | cm.adform.net | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 104.18.6.198:443 | cds.connatix.com | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 54.217.233.110:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | fw.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| NL | 142.251.39.102:443 | s0.2mdn.net | tcp |
| IE | 52.51.140.64:443 | fw.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | 176.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.68.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.140.106.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.34.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.233.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.140.51.52.in-addr.arpa | udp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| NL | 142.251.39.102:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| US | 34.200.66.179:443 | dt.adsafeprotected.com | tcp |
| US | 34.200.66.179:443 | dt.adsafeprotected.com | tcp |
| US | 34.200.66.179:443 | dt.adsafeprotected.com | tcp |
| US | 34.200.66.179:443 | dt.adsafeprotected.com | tcp |
| GB | 52.84.90.27:443 | static.adsafeprotected.com | tcp |
| GB | 52.84.90.27:443 | static.adsafeprotected.com | tcp |
| FR | 178.32.210.230:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.66.200.34.in-addr.arpa | udp |
| NL | 23.200.188.27:443 | contextual.media.net | udp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| DE | 37.252.171.149:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | 230.210.32.178.in-addr.arpa | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | af5b4eeefa7773f7c5ae35b4f67ad02d.safeframe.googlesyndication.com | udp |
| NL | 35.214.211.86:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| DE | 178.63.248.56:443 | push-sdk.com | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 104.18.6.198:443 | capi.connatix.com | udp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | ins.connatix.com | udp |
| US | 8.8.8.8:53 | vid.connatix.com | udp |
| US | 8.8.8.8:53 | lit.connatix.com | udp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 56.248.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | node.setupad.com | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | img.connatix.com | udp |
| NL | 172.217.23.202:443 | imasdk.googleapis.com | tcp |
| NL | 172.217.23.202:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.25.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adxbid.info | udp |
| US | 8.8.8.8:53 | setupad-d.openx.net | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| NL | 35.214.211.86:443 | csync.loopme.me | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 172.67.138.13:443 | adxbid.info | tcp |
| NL | 147.75.34.153:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | as.ck-ie.com | udp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.138.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.34.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.158.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| IE | 52.18.22.137:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| GB | 89.187.167.39:443 | vid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 52.71.1.43:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | vpaid.vidoomy.com | udp |
| GB | 84.17.50.9:443 | vpaid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | user-sync.adxpremium.services | udp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.50.17.84.in-addr.arpa | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | 180.201.192.209.in-addr.arpa | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| US | 104.18.6.198:443 | img.connatix.com | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| NL | 216.58.208.98:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| NL | 142.251.36.34:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| FR | 5.196.111.72:443 | rtb-csync.smartadserver.com | tcp |
| FR | 5.196.111.72:443 | rtb-csync.smartadserver.com | tcp |
| FR | 5.196.111.72:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| DE | 52.59.252.86:443 | match.sharethrough.com | tcp |
| FR | 5.196.111.68:443 | ssbsync-global.smartadserver.com | tcp |
| FR | 157.240.202.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 72.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.252.59.52.in-addr.arpa | udp |
| US | 104.18.7.198:443 | img.connatix.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 198.7.18.104.in-addr.arpa | udp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 142.251.36.34:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | c5d80614d6f4e8891992ed1a8d7f9e93.safeframe.googlesyndication.com | udp |
| FR | 178.250.7.10:443 | bidder.criteo.com | tcp |
| NL | 89.149.193.112:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| FR | 178.250.7.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | 7.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52e55e78c96cd29024294ae63bc7ebea.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | p4-asajljazxzz2y-5ukvoyh6ozf5wvnv-if-v6exp3-v4.metric.gstatic.com | udp |
| NL | 172.217.168.227:443 | p4-asajljazxzz2y-5ukvoyh6ozf5wvnv-if-v6exp3-v4.metric.gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db08339dfd860f42adf7eeedec217046.safeframe.googlesyndication.com | udp |
| FR | 185.235.86.239:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.145:443 | gem.gbc.criteo.com | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| FR | 5.196.111.72:443 | rtb-csync.smartadserver.com | tcp |
| NL | 142.250.179.162:443 | googleads4.g.doubleclick.net | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| NL | 35.214.211.86:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| US | 8.8.8.8:53 | pxl.iqm.com | udp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| US | 3.229.202.201:443 | pxl.iqm.com | tcp |
| GB | 108.156.39.126:443 | s.ad.smaato.net | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| FR | 5.196.111.72:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | x2.i.lencr.org | udp |
| NL | 23.220.113.51:80 | x2.i.lencr.org | tcp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.202.229.3.in-addr.arpa | udp |
| US | 8.2.110.113:443 | as.ck-ie.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| US | 209.192.201.180:443 | user-sync.adxpremium.services | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | a.vidoomy.com | udp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| US | 8.8.8.8:53 | 51.113.220.23.in-addr.arpa | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| FR | 5.196.111.72:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 245.83.36.212.in-addr.arpa | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | d19mtdoi3rn3ox.cloudfront.net | udp |
| GB | 18.245.158.75:443 | d19mtdoi3rn3ox.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| GB | 216.137.34.91:443 | d1arl2thrafelv.cloudfront.net | tcp |
| GB | 216.137.34.91:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 91.34.137.216.in-addr.arpa | udp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.172.153.36:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 36.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| GB | 184.28.176.35:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 35.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 146.48.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| NL | 172.217.23.194:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 13.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 14.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| GB | 163.181.57.238:443 | en.ldplayer.net | tcp |
| GB | 18.245.218.124:443 | ad.ldplayer.net | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 8.8.8.8:53 | advertise.ldplayer.net | udp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| GB | 79.133.176.235:443 | advertise.ldplayer.net | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | 124.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.133.159.162.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| GB | 79.133.176.235:443 | advertise.ldplayer.net | tcp |
| US | 162.159.128.233:443 | discord.com | udp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 235.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| NL | 172.217.168.246:443 | play-lh.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 128.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | alliance.ldplayer.net | udp |
| GB | 18.244.114.41:443 | alliance.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 41.114.244.18.in-addr.arpa | udp |
| GB | 13.224.132.14:80 | apien.ldmnq.com | tcp |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| GB | 13.224.132.14:443 | apien.ldmnq.com | tcp |
| N/A | 127.0.0.1:6466 | tcp | |
| N/A | 127.0.0.1:6467 | tcp | |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| N/A | 127.0.0.1:6471 | tcp | |
| N/A | 127.0.0.1:6472 | tcp | |
| GB | 18.244.114.41:443 | alliance.ldplayer.net | tcp |
| GB | 18.244.114.41:443 | alliance.ldplayer.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b9569e123772ae290f9bac07e0d31748 |
| SHA1 | 5806ed9b301d4178a959b26d7b7ccf2c0abc6741 |
| SHA256 | 20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b |
| SHA512 | cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795 |
\??\pipe\LOCAL\crashpad_724_BOGGIEGKYLTHWWFK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eeaa8087eba2f63f31e599f6a7b46ef4 |
| SHA1 | f639519deee0766a39cfe258d2ac48e3a9d5ac03 |
| SHA256 | 50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9 |
| SHA512 | eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b331c77bda271613c25bd7764ed53a5a |
| SHA1 | d6caa1164b36d78700c911a1ff4c0348d158dd65 |
| SHA256 | 98816191d0b22db31e7a86d7004df3ce25f3dfcfde64fd0d342ce65a5466e77b |
| SHA512 | 471fbd2efc72b8d4c2257b7a34ffda5045f36d8eb441bff9e1814db08f69c5c862acf2fb9f395c1646089e3cbe6070cce85b35c7ae3234261f979eb1a4f55796 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | de26be7d8a5bd7662dbf6edacabe59ae |
| SHA1 | 99ad67401b54578959f927f31f7a6c49bd0efb73 |
| SHA256 | 0db6a7617bded061ec321bb4e4584acb924f13960094813e7cd8ddb685522598 |
| SHA512 | 00c2d0619944517e38a94c55f812cc603eb1d3cc25b2def48a10462f1867325ce994c07fde80dbcbc6afe339497887129134020d494845ef349577573e5819ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 189765f63682c081da78260f1df7b342 |
| SHA1 | b04fdda7d73a5f11f839ce2c9bd741a491ec75cb |
| SHA256 | d7f83c39bdb0a6cf847b8f575e4483fb6beeb216b3110f1ccab01fa6c34785e1 |
| SHA512 | 65d9219884ddd3ebc938bcf211e8f2cb37018fd6e493faabdac8173d498aaa3d460524e44fce2ea5ef2e53e6f1d02776d8ceadf506b96876011c6dc99cfea75b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fe39bad8d51ecc18cbe59417f2b04eb8 |
| SHA1 | 7e03b1f05e39e6f356b1a9e0c73156bcf62ad754 |
| SHA256 | e9d522febbb8474d60a8cf50eb1dc2958fd3c58f93967ea8adfff058978a5d1d |
| SHA512 | 2042bb4ff2ce6525e472e28e6826cec9050799569989e58014eef08654e4fbfd44efc78dc0e41bc94a737915c892ab5c3ef07e9c656a1fa5612c261e8ed9319e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367521308306447
| MD5 | 74fcf1a9555988e1d861f4d6f2b68c59 |
| SHA1 | fbd456f3674f5be8bac6c9b9c4af2aefda217de8 |
| SHA256 | 0d1869fbcc9246c9872862ace34ab2b577b5818528824dacfac59e4b572f2d7c |
| SHA512 | 033a938de583826e79f51ec312de40933b102a0688e2588f86dd839f3bb8b1378cc08a3619e95aeb65d1c3ec61d78b50266cf81acdc0744502c3b462ae99d95f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 94ddbffe240991d53883aee6f8d0318b |
| SHA1 | 9457d4bdf54c889f09074cce898a12ad8c03fbee |
| SHA256 | aa2c103ccd43142e427a4235d5e0857f2d05ada6c7c8444f6461f39f8fff1554 |
| SHA512 | aa98f4e650e3f5b23d84d406f8c3f8c52dfb810a8cc6d334408468949811c5923fc15822aeea376002881e15c3ddde78e603b9a22c825d756be0ee13fa20d086 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | c9f19f33911cd9bd3cae81dd4316ea99 |
| SHA1 | 2063aad0afa96c4e8d2c6f33fa27de32a3ad414a |
| SHA256 | 40ca172fd584495e1c95e8428f54d3376ea4a1932e7a14d14a899cfab5a66d13 |
| SHA512 | e592d73f3996a69d04ec0cbe44504b59a78842e8171b5cd12822a8014156fd8ebf8dab1b8d5888b4030c81074c8a5955ba7b6e9bca86cbd66f3d5a02bdf4a077 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 45a2ff8ac8d0f7e5a9c4c1bb575ded6d |
| SHA1 | 800a4f102de955b3ea6a2b5be57d6b8a747b5ae3 |
| SHA256 | 41ba2dd0db3a5d02fdf26f5ebc59be9761f5ecc0b41dc02a2cd9d867f529b609 |
| SHA512 | b2b314c0bcf99576d5b978f34941b0fb350b288c8d9b018bea4650f03226fb2a800af08bd6b708c6e3816335f02f8be5a87c9f0bfc70c9c8ac062a2a8a8152b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | ef421627220f199f6609c0590992c18b |
| SHA1 | 73e8d71c36d9a2e932d29e5504926f27251fa51d |
| SHA256 | deb88e20b1e933e265630f187a77eed02b63ae385e6a3cec878068493b587bcd |
| SHA512 | 7126f2d0fa7ec25fb9a8148117dfe04d45d2dcfece7e7efcedd73261b3724fe561b55fecee798a2f9393fbb38e57f31f9b3e0b285a7f5392414e661f489b6226 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 09c82dcf5dd633dbcffe02b0aa89bd28 |
| SHA1 | a3efb21a4531466d87ce011e4677b99f54d28265 |
| SHA256 | a4bfb1298d4b29bca583bb900ca3e8671071b78faf5f7601c539e0493e101ae5 |
| SHA512 | 01c2777643a388316a0ae440f4cfa35224930a8261deb269bb7349f707db9136e6805437ef695bf62fa636f53ae4a7e99fc0487c6a55f46e1fb71eef0508a0b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | ba75592cd5ffaf9b07a8721b89e70180 |
| SHA1 | e17d71c5c91af05fccee3f498d7c998d68df703a |
| SHA256 | 8d8a0d94731ac7aec9592af2c9c24d6eee5cfed0182bda07f592d66ccce35d81 |
| SHA512 | 0d488c550f55323254820a0e75055050ae1afe1dd4ae5c7836948717d88a1f805957093b7156297a00a56f971f1012b6e234fd62fbd5daab40e3be41aca6d11f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7fd94f6e1d59b5e33a3df4e74ea32fce |
| SHA1 | ff77a394e5109f45d8c9af1b246cb06687b9edad |
| SHA256 | 00af9cb1ca21c499c645fd4ce0bc34be2c8c90f3e37fe96b75071da33acbb684 |
| SHA512 | 335c82bbbc7fef1e7494ac7c1f4f50ceaa1467aa3e731f5663861b3ea47e5cd2a34e842812a8ff48bd88dcb3ae8db4ba1f9a88becb04ff759bdf5876cbe91e47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 1c7b4b869e9fc4b2bd5527af5a8c285d |
| SHA1 | 6c823e8e09e5802e4dcfdfbbf261308f765edbd8 |
| SHA256 | 6b09da9166d7dea0cb17154c15f4a2919775367d2affbcd6fe4b86bc1915c6b7 |
| SHA512 | e16e90079dc57774bab47488c0d9292d1fa6831cc5864dbd932b65a11b5786a8b4239d1f9fc02e1147e6a381dc018160ea2d47df37cb5b8601e6019180b8d6eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | ba67f5555f0ef781326dd8f9df3dcb79 |
| SHA1 | c2d7ae8faf71d771b01fe65f2b97cac2f3adee42 |
| SHA256 | f2b35897d3a04658fe1bb458e164a915a2074e53bd5f694942d935255a642310 |
| SHA512 | 511b66d49f7700e803a53c43d68d8b2056708e68ec2b250511e53daa52a30692f933aa5cd50abeb8e3f40cf71d794de1aaa1b78e0786b1680a03e0cca4c7743a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | fa5ef6ce2eab27356c6c54e682a74d9f |
| SHA1 | 02545a7cf9ee2b08650f6997dbda255604a95938 |
| SHA256 | e6a192338bde49664a92f68c84bec9ae887d37976d2a918aa37b91b7bd5daa30 |
| SHA512 | cc73ad3f7d33b64c7c9e2358fd2abeffaf8b22eb4a3a7f1b9c5abf563f60151d0e465fd4989702964ea1ba55462f0df52eb92d1333736924a935bdb446af3310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 506c490c6a264d9d134d29b8ad0bb298 |
| SHA1 | a96fe805ffd28843b64edb29a123e022f702c54d |
| SHA256 | 838d927f0b49b5190057795055019d9817fad10ea3538e81b0accaa6da50c606 |
| SHA512 | ae0c6c511e8f11c7b0fee18f485a0d8931aeed18aea22d734b1f8333f29e00ab0099c68450e5737c143e3952c9d9dacaaa3b4ec054b3b04195d51237bc5a4ce6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 40c0f70a0d704e755726e654cebfa45a |
| SHA1 | 7d6c7bbf761907b7b421a37fb41f9e0489f866da |
| SHA256 | 4dd8696de2631d6d56f78b960e7bc4ff7390bb39ba63041e9ee92f7f8e868f81 |
| SHA512 | 5c0efa158fcbb1a014638b21b9f216dafb3345cba7df8ff527bfe2a73b94afb3d38fdb6dc98830e12d6800d55ae81b3e7fac51250312697eea8c43a84475c619 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 5b01b7038530c59364615e56e4f4e940 |
| SHA1 | c5b4f6d8a9a545722ad16b4a5c81879b60a37613 |
| SHA256 | 652154e27dc0a829fd1e9e967c558c0175730dcfaee2d80a314c4ce487397bfa |
| SHA512 | 74516250942b45d793c631117586617322e994d9efcf0b096b6b7f9059a53b60888225702a9eba71e4946f8a69f3695043f0eb13f3be254d4aad83be41784bad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49301446c1a135c776afc74badf209b6 |
| SHA1 | 64db1e637c9bc1f8db6c3aea353c633e59821444 |
| SHA256 | 3ba392d4646d71ffe8649070dcb331e9105ebb8307ccc33c372d12931b0a392a |
| SHA512 | e810d7c7c960685d17e4e925fb86913e1f2051fe781559db03be8e0bf4685680537fa97f125de6ee47fc85a38255b4239e23cfcbc5ef9ea68e95f4af1e2222e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | ad71d49b3e76d799b17c9f24930573b9 |
| SHA1 | 998f8a6b84eadbdcfbb3e998fab9bb607d7b36a1 |
| SHA256 | 47f5de3c013e8cc125dd2dc10ea6123f9aaeec7d2872839350ff4a9dbb73524a |
| SHA512 | 7e05b50417ae092095aa79647f9eaf27e71092a63b4aa3746768326f99ebd7a9c5fbcd767a901dfcd329aa802374a5d177a33ec09d55222579dea0af42a23739 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | e15a59375c038f3d6877a69003d7bfb9 |
| SHA1 | 4d97aeec36f4c0bd9b4c9b7a4c593d6e19f96a1a |
| SHA256 | cadde0995fb118fe38778f24d75755a6d848479765d77c5985a72bd4ac21b445 |
| SHA512 | 1df4ef6e37d45fae1453b3165e5015d4dc7f5ddd9d16f2d1cc0aece17b677c9f9f7a4c974e7fc0c1c35cdeb98eadc2c727fa56786390de08bfd7d617723dea44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 9f4bb54a4e564d962868982fddadc7ff |
| SHA1 | 1c8ec18c1b2673855fc1fc3434767e5254fff3aa |
| SHA256 | aec0ac8111d0485230c666623445664fa22350974f14111d9a1c1074453b3ccd |
| SHA512 | 9bc76913a1ce1ff4f51dd9316d62a9563515969bfa1f7d46114d822549336219c9216f29d0dadb8048a57b508521780f39b856a398303ff39ec44cb9640be3e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 265f52ac4c28878f87b3cbc0cd5e23fc |
| SHA1 | 6d056857c6c3c73de482f8653eb3040625c55900 |
| SHA256 | e73464bd2eeb9cce6ce3451e02b71470af2fd598b570a97ef92b3800951c3cc9 |
| SHA512 | 4f7a32b893e08b624f2355b8c4e596c1077cca2b40c08a9a51bbdea770c5d7a7f6e308ceeefc8355a0259969e9b3340ac57ea676f866da90f5220baaa7f9bbf7 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 07341cbaed9c3a6cb5c8eee467dd55de |
| SHA1 | 05b31723ea3586da083a0fd597775a81460e9b3b |
| SHA256 | 9a0fbf57c7a0e79e5e179ebe6eae3b0084cca7fcff24958ca1da22f8b88ba0a7 |
| SHA512 | 39c9036e3589316ff6f757fbe0828462346a6f8f5fc35d27ab5855d06c74dc8626f14ac9aa4f9df2d621c93dd6fba95aead83f64af2ed3e52e44a080e497cec3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | fa1af62bdaf3c63591454d2631d5dd6d |
| SHA1 | 14fc1fc51a9b7ccab8f04c45d84442ed02eb9466 |
| SHA256 | 00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d |
| SHA512 | 2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | c4c5c00b93f0686e2e49ced173952733 |
| SHA1 | 6e66c4c21ad31191b5c87fb040d512342a03d9db |
| SHA256 | b0ab68ba573d519b93073ff844a1abc851768158b6a2a5fc597b50f6beb28ee2 |
| SHA512 | 15d95ca134c7c012d9c7a44de1a3b61b6a5d04f0b8006bd9f480a6478a7d560d771f422f07cba2981e3fcaecc56c84a0c474a2fcc5012c9b3981da8887d32abf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 60eb63a6d631f84148d7cd01b68b8dd5 |
| SHA1 | e9586c5ee8a498f38d334464d138bf66adf15fa7 |
| SHA256 | 52e7f62a092a7b149e10d44522cadfd05cc1601fd3bf4af58ab06751dc86244c |
| SHA512 | 43bf5737ebd140965381dc27616d5ba0dd6a3402a00eec926e0230def410afc9eeb2a2c8c16fe43d249fbb15010c1b7a7058d9384798af2b5d0de34172b4e0b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13367521308074447
| MD5 | b325cf216754e88509cb2324fc43c399 |
| SHA1 | 665d5284b7f72b56cddfdcd4dfe361f478017232 |
| SHA256 | 8162231366411e40ad1b3bbf62e3faf696b6b3df125294683084c20bfa7ccb69 |
| SHA512 | 06f4c9bcc18ebc5bc0e5e31ceff142cd71ac0453184a012336241ca51f2d5f4b5ee1079cf8d14caa8073ddf3f569ac11eb1b8f070b84e52885ac46bf1245780e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 28d6d69da9716f4bae30840884c994f7 |
| SHA1 | 2d697ebe59efe97c672b5eea2b38de61146a2bef |
| SHA256 | 2cf4b1cd74d1e297ffa5372fea97af28358f7488f75cf8c0288dd167c4948544 |
| SHA512 | 9e722e2716258dbfafbbb3357c04fb7baa9bc22d3158b91afd2e28e6c75a2eda0b8c031ed1c34cdf7a7c35070de0ef4fdfead669cc6360ec6201eb2226b2bd47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
| MD5 | 6e1dbc004b23b7dc2dbfef63784c0dc0 |
| SHA1 | 25c56aa28182759a8e3abdfd9c1232623cbe8199 |
| SHA256 | 18d8609f50e596d8b0ea36ed0a0b4d675c1406f862dfe8ae7c8f7ad0ede605a3 |
| SHA512 | f03e33c4ce8e3f8c9cb2ca54e32be70a59fee8bda3e444fd84810677111917b7bbe071ce9bbd96fba92d802f7720b0799b8e4d3d5c9864e650acfa3e7ce1b9e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
| MD5 | 031d6d1e28fe41a9bdcbd8a21da92df1 |
| SHA1 | 38cee81cb035a60a23d6e045e5d72116f2a58683 |
| SHA256 | b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da |
| SHA512 | e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b0226b24fdbb47b17c0752718af6b785 |
| SHA1 | e95114284004744c7a1c43aa1a9767dd819cf1ac |
| SHA256 | 428626ea7e9dbd0b4adf7c97541427314ce969ed60b4afcff01d476948aa125f |
| SHA512 | cb633c18026ddb10c646042b0dc7645bb3889f5a6110870ea4f4d3710d3711927bbea4003f59b9eea1a0fbdb6c8340eca73b33c367b3070d71f09a037de3f46d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 43702d9f61b954be9b729d457e5e46dd |
| SHA1 | 36bea124ef641bb111481d3759945bb50e8cfa69 |
| SHA256 | bfe121cbf81bc5887ec88dcdeb06e6348f9b51e1245d9e0af35fc2f0655ddbc9 |
| SHA512 | d824073096c79b62a18606ad57cf17099c95a5223f5036d1c584cc7c1d8f4db034cf751bed44716cf88ab6cf5f8e710a807717554f57acfdb7b814f8c7e5c252 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 9b4890eccf7244f482462326ede70800 |
| SHA1 | c617541fc365fd58487d3bada782b16c4e00286f |
| SHA256 | 5d28c9b181cef04415d3f7b28fddc11e6f46073a47ce2d4228dcf01292952962 |
| SHA512 | b878aa12e8efbb069ac7175561c28ac0728c7f72f423e29d7438ab85fb49eb0a659941e616a610ea4b5d577cd1ec9a401ae99bd36773744e85288e8fac72b861 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
| MD5 | ffac47ac95c0b2869909e445a7043d8f |
| SHA1 | c11be1426f071c72ed1bbbf15a90bc5637ea06dc |
| SHA256 | 9562e66efcc4af1ca681d44c178dc9b1898b461ef36e5f7c54c76dfde8ac5965 |
| SHA512 | 32e73b178401f234e132b9a876ec18ce030675c144fc998227714b0c1e8ba9a3c4f2ccc36c272a14312a72f5f1d446031dfe1e08d39490c000657c4460d75c0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
| MD5 | b5a417e9386a2e853fe55183566e8495 |
| SHA1 | 5f0a9e895d05f0b9120832cd915dad4c1e97b229 |
| SHA256 | b2008ab71729ec4dd9942a4b95cb995b3a793b71896a5c785e8d46f6cd1e605c |
| SHA512 | d8b3acafb592e039e7eb0c74dc02a98e36bdee06dab5fc3d11a318edf0fe59bb5d787b3b5158069bb96dd8934f2fbd367e03cd5f4fba7c59d2c262eea549b739 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e6a7292cd726d04a420a9223b246e662 |
| SHA1 | e12fc114512b18b757a524d131a12d40a96941b0 |
| SHA256 | b93d04e319a1d5829b0635a04e8969db9059caff4581e131370e1aaaa42e7573 |
| SHA512 | 6385a67a5ef92a790da61d694be33b0d09028fa9fa13bc5177fcbbcf04d213d2e54bee2ba089cf3694daceca47cfadea02f9e31bfe2850a69c92883543f1a39e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b699.TMP
| MD5 | 366320b9969fd97562d9bde0af98710b |
| SHA1 | 14b4e6238b4a5e1681631d67978a4356634a65d1 |
| SHA256 | c75be256f6f5bb6f925e17db8a671f906ab85dcbcf390c0533d4665da62d26c0 |
| SHA512 | dd7dbc03a107bae924d3e907b9acd8a4a587a542cc576a4fb7844b8b6c9a6ac91cdfdd696070f1b58398710de6c897bb487103ebd9ff30d0f0141865dde063bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b0e4fd12d2442b3875ed32c828339308 |
| SHA1 | 7151f94619fcab23793e622f6a46d8b6e0eeff34 |
| SHA256 | 361228ab0014011c0ba0ff374aff17b48b6d9c56c98f860e52341e8ff7e4e53c |
| SHA512 | 32dcf044edc90fc27f40b32e1f07cbf85905aef9595841a0aaed3cdcfa5a4dddde2e617b5388b66d7bef3469db61a153291f3467b6b253bb45d2cfe9a5162b51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c9a6ea9ca586bea68067eed7d90526d0 |
| SHA1 | 719ce2761aff4a8ad5894b869f5adfe38988639a |
| SHA256 | 7e51daca84c2c70fcc9d5cc7371070203c1e077a33e571502ca9992937cd0f65 |
| SHA512 | 6ac6364934c743b87e515f8b598ba0affbbdad802b30f849609babac50f3e1acda89d4ab153b86b35983d3af70318b174d04a5d726eb7a9db1663db7ffd9ac07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\01d62208-ac8c-4b7b-b829-ddaf420f27c6\index-dir\the-real-index
| MD5 | 1c5796ef5191d4e0253e6ba6d99836c0 |
| SHA1 | 6bbe7ff30d4c2e0ca648a33e9a747e0a12f33b4a |
| SHA256 | dc488b63973e9bc13c714ef9a31b0701f6f393cc3f44d6289851f6ce45c031ae |
| SHA512 | d8523d0040ea535dae1e8189d3a65940e9a59f3fcf30bfd3815b7bad8a2f7a516a8b6e7f0edd698fd658a87cc1ed49ece7c7c087de741c0f8148a38f2d90e7b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\01d62208-ac8c-4b7b-b829-ddaf420f27c6\index-dir\the-real-index~RFe58d03c.TMP
| MD5 | acb7937aa1215c122ba9894deb100263 |
| SHA1 | 8f5201a0a9f880a85c8ef38137c422740e2993d1 |
| SHA256 | 77552682b74b645e76c92ae7d18c4be11577983f63d38e3ed92af18fe47087e1 |
| SHA512 | cc1490b8e14c21016f56ebffc638fbb1ce1d72f4954082edc3bb80ea6dae04a9f50d29502dd9f94d5a00959e7bbfa83ce2e51db63d81b15005e34108f7ef70c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58cfbf.TMP
| MD5 | f11414032b0fc074391e0a6074a33f90 |
| SHA1 | 7e36594424f54302cb5ccddb3c23d49786673101 |
| SHA256 | 9a8ee1159e2859dc793a9c6085dbe5e936ecf5979f99becfff618ba506a0c9fa |
| SHA512 | 269b798d32a48cb56820aef5b88c65e6cdc7e48451b94e8637618a8edb37a59fb93caaa3199a21c5fc3f294a6a8cc70270ea24d811ad515efb3d607eb5c6bf0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6533f87e0d8cfa9ec5fd8b74aec8e1a7 |
| SHA1 | 6307bb7ffbfced9f5179988a0c84d23cd92a8944 |
| SHA256 | 0cf9a84e7ddc4d3dd858d44fc10e7df9170db46a78565b9fc0d0172cd4db2247 |
| SHA512 | 56df02a55c4697548fa9b375d98dcb9b03c056e90b0056725694a5507b19f717956ede4c769022ec8fcc556f4c2dccd32a67ae22920ab5bf5bea9e90a791957f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 27560fa2d4c3c87229cf253065a071bf |
| SHA1 | 9d0b47e69a77ca8f2fe054b8e10a9191b34ca012 |
| SHA256 | b1c2656673c7acfc085b7c835950b77e7616b1a73f913f7ef05739f57ae2240c |
| SHA512 | 7865dc76ab25908d7c420555d45591618d1b8e064f2c2f7d994c13bc13639810499538b63e37e47e19f466eb6d719773993a335a2440bc9ef5258053b217e697 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f4fa16bd8d536ffd3a5545e86d268d78 |
| SHA1 | 4e817e5681d49185d3a4ccbfe24acd49f60d9ab4 |
| SHA256 | d64decce40fed7ca866b2393dcf37c7389108c64c37225889ab55b1c50397657 |
| SHA512 | ec0d839ba953e3f6d79ba5631de6d812029db203c84e1a24b24df5fbd270e69a40e424b251b1150d299ebc9edd8e71d26c21f2a208a9507de36dba30fbdc04ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
| MD5 | b8414690cb65e6c2656b5f65adee2348 |
| SHA1 | 70fa3bfb442288575e2263f38fbc4986d29cb34e |
| SHA256 | 441e8d29fb43ba86ebad29e7c93b0e43f6d6f0f3477224fc1d22036d4deaab3a |
| SHA512 | 9377535e7a04889b8036d47e92791c35111869a915f82509f06067d66421c13eb0878ce08dcd9bc41e7733ac8e483188fbaf0b9f12c6590c698fe53c19f2844c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\17665e9b-54ab-4da4-8ef1-e4d632859361\index-dir\the-real-index
| MD5 | a4bb7748916049ab76c0d8974516439c |
| SHA1 | 14e30034668ea0044c901004f68da90925964479 |
| SHA256 | 4bded1efa95cecd7680d4276455d28ec951b638510a7beca6849514c91bea309 |
| SHA512 | 672032879cc44e1fdee8712ba492662aad0b04ae619e0b9fa42b6157e4c4b1f8ed86eb2cdcb8ca70ef9133a010857b546599c084226e7a692ed097d2cf1a760f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\17665e9b-54ab-4da4-8ef1-e4d632859361\index-dir\the-real-index~RFe58f400.TMP
| MD5 | 1a47a30278229dd5f62a42bb3ef953d4 |
| SHA1 | 2ad7f4266578dd3754439f9908df45f455c1dc60 |
| SHA256 | 7375b689a6b412674bd5b05aa9046d9a1fdb560b9ee9d8b1950c18863c20de81 |
| SHA512 | 78a1a4290420bdec3cd83eb5112fd87d58f020873d852dfabbe8ceaf7621e15030c1ac6eb522e45e735996ff3e456b629c2a316200912bf2cdaad4686faa1f6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.xbox.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8a153f48e2aeb987e11197462a5a2943 |
| SHA1 | bcb336088e257d0a6cf95eb42cd0af5c8757fd68 |
| SHA256 | 3e70630d11aad8cb934acf9bd6a5aeaff099666ef6651e835edf4b415e815522 |
| SHA512 | 560427a90e726af60fe6a7474f066b300307fbf79b627afc174fb702f25adbc3bcfacf51995f71b5e0952b8bf9989cf888fe216eeca3fc21cbf7d0d09a282680 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 4f5078630da531ff71cb7a83ea32f0c5 |
| SHA1 | 4d7d36c2fa3007735f2e6568e874d1c89fa42cb2 |
| SHA256 | 11975b334ad75352343802dca0a47974ddb2569192ba23b2c8ecd59bf002d759 |
| SHA512 | 5c30cca85a95e28b3c7411b23501f263b7a5408c791215bbaf4e5d3fb7e0054eaf6d677281afb55225793b0d753fd5f40b72c3645ef75dd28092bb5d5eabb868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5b850ede44f9a9efcc1e77ad76aac9a8 |
| SHA1 | 232be559af730644cab8ddb68a9a1222d19d2b5e |
| SHA256 | 4c0d4b876fdaeaf0ffc7e4912ec23b38ec4b847fa072d3acb0b5f58c58170652 |
| SHA512 | 3e3c49274bfb4b5489673ff8d7cb82f0d3729a7868fc3014bccabbaae0be0c6490ddbb09b63b1c94ca980c05eaf6202d082c246ab04d5584b6b8727f8f526c33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f5ae1a612116ad9aeee0560ae18f506d |
| SHA1 | c7d35f809696bdb7bc2d80fe08742ef0e1500e63 |
| SHA256 | 1a9515b2c7416bb023ba0b9f6639377b66fa25864d32980088e6d34774720764 |
| SHA512 | 314d9e4dfe4d50ccc720fbbcde2ab3710c4888cdbaf9df3c91d6e162077dc35049771176192871b576d41b2685ce1eb2da34e52408ad9ed9b4f460ff44d8556d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a
| MD5 | e51f388b62281af5b4a9193cce419941 |
| SHA1 | 364f3d737462b7fd063107fe2c580fdb9781a45a |
| SHA256 | 348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c |
| SHA512 | 1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7d8a853895016683f8c1c5269e8360a4 |
| SHA1 | 8b54574156d9122fcdbd5d18b8699138f17347dc |
| SHA256 | 0bc3b2464f9af5d8d1fd0c9d7558cc3edd5e4132eb34d172e751e9c5766b7f86 |
| SHA512 | d437736498004eaebe5991a5c6b794cba8f467e54f087f54f6e70d9520a56d4b37f139d9b64ccd864256f790152f6673f5914659b9879dc848480511bfa060d6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | b286e18aa1c077bd99274e5a437fb742 |
| SHA1 | d9104716e35bc8e4c9d6c5bf93e88ef28a204505 |
| SHA256 | fbd2ee10523ee59dbb44a035d1d1537228ae66aa6e6fa6792779b8ff07f2a01c |
| SHA512 | 0bf8c418a21a6fa54b5803ed0ad97a59ba7c42aa9d39027a7fcad6b95990937931e5c569db227660456877c2a8f2125ed2236c6b7d450862abf90c63885a655d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 79e51dd5fdbbdda34ffb9d2c762736a1 |
| SHA1 | 321d03f5e07b5e66542dc6923ec8123af0d0882d |
| SHA256 | 6dd2de59fe284859942736afeb71e4706e7a6f8084d4fbc790d064aebddc2f53 |
| SHA512 | fba81c2345dec8337d423068f8e62ca021cc98789ad16d2bd4b21ca93a8e7395a8da3d9e528d49cae158e9b8c47ebf6c83357f8de389deb22c2a443da1da4885 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d
| MD5 | 9196e81f8ed7f223d765423c1f9bc8a7 |
| SHA1 | 88f9d5c2a6908cf36b8daae803578ca9e1fd2929 |
| SHA256 | a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe |
| SHA512 | e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063
| MD5 | 5009982b60a0f93eac4c1728e5ca17e2 |
| SHA1 | c0f932d333b91a4b971a52ce88bc96320745064f |
| SHA256 | 2ffc0ec332938cbce14008ab246c3d918800189aece932e92bedd8adb8332fe8 |
| SHA512 | 401dd0a45c177130628787b92a17642783d27b1a977833af4110d81cbf2572a159a371beb473baa07ad38ac8297551aadadd2ebb80401a73acd580fdc03964aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c
| MD5 | b786554392ab690a37b2fc6c5af02b05 |
| SHA1 | e7347fa27240868174f080d1c5ab177feca6bd84 |
| SHA256 | ebe47cc89c62447316148809bda9095bd07bd5392a99ab4b8ac8b9f6764cda51 |
| SHA512 | b71cdb76464a775fca909cabd0a7435c34de3ee4e19c40f5bebba6415295f0be2f82532a2ecda043c787ea4e8c23fd4e582a4d4322923fdf603a56e3fcb8b567 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d
| MD5 | 3fa8c23b89d34fcc51359db6d0551837 |
| SHA1 | 69750d3260f6f371a516bfddfe15ca26cf068f44 |
| SHA256 | 4218aacba68899324cbb3f9b7e09967916e41477312ced5dfde41082c6e147e6 |
| SHA512 | 27dfd1aa035ba829b8d76dd8f8012a98dcd06178a9bcafc32a82886b7b06affbd72afd2fb093749a719b43a61a966165d991a2a377a939da24649da288bc4688 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e
| MD5 | 586fbd03a7f8e8efcfb44c02a0c721f3 |
| SHA1 | 9be4c35c9e97db3dd6a6d16604ab58c170f70232 |
| SHA256 | c676919c631bfdf174da2ac3dcb2e3102be25a93edb1ceda7187cf8165ccf3b5 |
| SHA512 | d79b99b84daadd575e8979b5b076358cba724e522673f43962e65dc9b81da438bc688cbbea1d378a79c5674c58514048f622e8ccea0a41059f2abacc7afb7701 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 96521ebdba6eb4129f73ec918925d909 |
| SHA1 | 7ffd9743215ebbc869222b923f80f4f296a1b0e9 |
| SHA256 | 7b7532eda5da8717a3bc722cea49d3b074b2d4a709f8ac6ee919299527eba29e |
| SHA512 | 7e01a90eaa5a2de07de4d2ae4cb2763609ef46c0031466f774d5041524c77fe602cf7d8c0530619021a787e7907f5fafd269d27bdfbc85b433da5257ea6357e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d4800863a4c087fece98a9bac9fb3cd2 |
| SHA1 | c4141825919c3819c37d9075e91dcf9bc61e8fc6 |
| SHA256 | d2be11314c780d10910f1944dd16a3f74fe88490c15817e1cb83f138a2f614af |
| SHA512 | 502279c8be30bf936eaaa7efaacc520551b1025bfb1228d0ec0f63be9114055c694a2e682396983d47ba4fe87ae14c78d5006fb2ed3f80e12dbfea00c5de1fb4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | fc65a281e5b9c4fe683243f64f52d2f1 |
| SHA1 | c0c080fcb019acf28c717abefaa5351d63e8d9e8 |
| SHA256 | ce4a29790ec5c9f5709ea4fc606e335017c851b2ff648eafc001f57d89a25bd6 |
| SHA512 | 41e02d4290556afbed2cfbd3352a7f89866bd647549800d4bf5419640d6def121d79241941176b47d9a46b9c2d868cb4d57e8769e1fa3fa4bd2eae9e0cee345a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 59446578cae5bc216d91f7f5df158e4b |
| SHA1 | 2053ed703393fe820e00ea46479af768cea8b45d |
| SHA256 | ee7e8ec6f7ce3add1900efbad2f99c9885d79a7560a222693928520109f49b11 |
| SHA512 | cacc5acda0e2214eeb3bba62490fb79345515d4fa1e7bc1e23fd12ade7889737c5853f8f93e3e48bf217fbff9f8487da98cde747eb24157d2e3dc80ffe1873d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f
| MD5 | 56ed4f73de175a14ecefa2682b2148fd |
| SHA1 | f7ba907d3e23847ab83f769aaffd536ee776a5b5 |
| SHA256 | 575ddec2b98858cced3380fd57fb021b291c7b2f0036daf652395ab322c7e683 |
| SHA512 | a84518daef908e3d9d8ad146bcf318a34cc7d23ea013428489d2f3f0e49e070c1b01136cd5134d0b7da4178d25872b02187d8d7f5d9a5acef0d2549b076f6d5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e
| MD5 | e4d51949055d7ca397bfe026953ca9fc |
| SHA1 | d35a8d71c085e96a5c1ea7bfc3cd78f339316584 |
| SHA256 | a6c3139aef33653a8fbef1ae38021203af99142859acb52413c935e91a6fec9e |
| SHA512 | e1f106a06163eb7d411cc28bffe4c1f8d2e20a4c3258ecd340088dda34a8133b7be2824f775a21b0b2c23cadace3dd88093b9a0c373e51e116c2951108ec1b99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061
| MD5 | 7a4bc4d9f5e6a624d1785dab1e67bbfe |
| SHA1 | fe792379b7cdc1785a908b6899130cf98effd22e |
| SHA256 | c175e4e00ab4ae73bbc0158429835713b30ec756f1a00be2e9f07e83430bb7d7 |
| SHA512 | 66c8385a8b8d9fecab923ca1291f04df6e609630fa73d4863bf035a04d3319e5c8e7ef302bcd622712a16082ba3c271ecc42f92638ac80f54d5b88c92443a2c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060
| MD5 | c46ef5145ecec3b8514b4894dbaeb526 |
| SHA1 | e15a4eeb5ea35ea0ddbed8996e6fd4a17695b8b8 |
| SHA256 | b607dbac6669ba9f46487b11a51284737b6339d99b5415cc736752d3d10c234c |
| SHA512 | cccac08f74370831d1c93903962ec99a7f123c10b744718c7aca701da61bd0d77d643f5858f28f111eeef903ca3ea2242bfb127adddf8740f7d9bfb8591a2ecf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062
| MD5 | 82fd55e1eeabcbbe39d7ce8e5993c4bc |
| SHA1 | bdcca5627edc7f08480c0d2fb590a2d3c1c743f1 |
| SHA256 | b99f80ef0528c494c9328dc20ba4f79b3d33550ff92dec5dfc8dc6a962b52322 |
| SHA512 | 01b138c5cc092a9bba3643059970b5e0dc9a587698e6e355b244cd5b5a901e4245a3379473d4a6cfb5a0814816dfbd5c4c2323db0076d5bd06c818001a3d117c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064
| MD5 | f32768fe56609702e211db5a7a751094 |
| SHA1 | 9d8b2ae70e157a4d2626516de21d5312835baade |
| SHA256 | 1d6776172792620ed0188910fae923356f28c53546ee3f447302b55b308c4b3c |
| SHA512 | b3b2cf225c0c1e0df30d5993c68ee4bf6c995c29525ea931e481fa732c57f4e128d9d57f3be7eb6cb7f6a3cb6c59677dcd4f3e904bb2c0ef1606a337076356a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066
| MD5 | dd6a59eee4c86a30366ce2e5b1ec59f0 |
| SHA1 | f506b24928f097fec7696bc1723b3ff611994900 |
| SHA256 | 42c8697c004ced79b2c06adf4111db0bda0da08527b97e83f53f4622bca9091b |
| SHA512 | a64fbe798202e7b29fc6269e8d2469873c89c1e9b86e0a74084b83480e1a0e5566f1a6c39b0ef1f9aaf507ceca15a9a10238c16be2242504508866ef5bdf0e17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069
| MD5 | b0aaf57c2b8d877b21c43b8ed9d1a3d7 |
| SHA1 | c289167054dc6e4590ef919671664ba9b9812a12 |
| SHA256 | b1a51a10c96a25c26b6ca1a5871bc30094879015fe75f5842bfdb6bc322febbc |
| SHA512 | 88aff7e775caeb9ad2ef0d9f98d78839f24bf43678b904f530a2b5bd9a1c2f5f56fbd16a42949e7758fbd8a21f9fbf16bc1876f7188a8156acfe0590818e12d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067
| MD5 | 7a457f36661210da43d8fe826166b1e4 |
| SHA1 | ad6e05d19d0afde3a451c7dc0403a9d3c37729ed |
| SHA256 | 5878f8374bb775c1b7d30183ea481aabedc70eedf5ddc6145ff316224c7ea255 |
| SHA512 | ab955882b28384c1c6c8e06d4808c1b03957648b020f79f3bc2a3e0d8c6e8083cf65f9381332fcb06da98f32a1b0e86e44aa5e9674ca89b1503f49097c38ad73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068
| MD5 | 0c7dd36ad55fe6d0ef1971dec6a3fc93 |
| SHA1 | 76a7e768908dc16009c58100150bdaa4c3c38f3c |
| SHA256 | 528961b18c15d0350ad5635713e448c83f2faf991176211e5546d35d62cf5faf |
| SHA512 | dc267f7f3c389ac56229303847899606bab0e579f261522008f7ed7fdfc7c333241718a213fdab1ed00dde21a98ad2cc6f358518353bef8252f8429a672ff6fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b
| MD5 | 2fac4ea0f91c3faf3484fc1c43fd7405 |
| SHA1 | 6e797055baa2cf025ec87efb1ed5eea24af4d5bb |
| SHA256 | b05f792d020cf2987294bb9d161cee2f7ec734539f82a3f796a51f2049618584 |
| SHA512 | 8ad811dafe537866839a5190897c268552956de9701ad5dbe88be23cc06bb6ad7977128bda0f772f513fb8a977c55b414c9e26f2335515f6e21178a5bb697e57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f
| MD5 | b99583aaff932292d7f8eb4010aef0dc |
| SHA1 | b4107350920105102b35cf5596ec42c1c202d5f3 |
| SHA256 | cc795a712f29d562c4a1759263eb578902aaddcd5333dc781fbcf42ab049d1ed |
| SHA512 | 066cc1264d8ffb0d92c8459a8e92aef81c1132782149b187bf02406eb4e97f5287cdfa09dcdc969d1d7d2144e7b158a7fb2365aa60f0400eeceda393454c309f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b5440c03cb291ad0_0
| MD5 | c8f5b8efbae5dc1d75ce90f245bf7262 |
| SHA1 | bd79ab18bd3ce89d235ed214513cb9f581a35a6b |
| SHA256 | 848d612b741cd8a80695be89292de833fb789716c1cd1d127ff8f162befbc7ec |
| SHA512 | 0c27a27f04d02aa76ff98e1769599e71b8c3bb8d9598d0976bcae6f3ce3e0db69bb194d1b5701b4138c6138f2c667d771a42edd70194d6c56207f0b672a284e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 453c0e85177a32ca7354e21e947136f7 |
| SHA1 | b56631f3827410161f8cf9b880b78fc7096b1ec5 |
| SHA256 | 46a0d8b09bf9e225bba6a93551f4abc10a3b01fe0aedc5180cc817fb663fad20 |
| SHA512 | bf6e89b5b1354569d1f08fab6b349c78cd74a87708f2e1a10da35447dc6de4acc647774c5b8cc02bf2fc000df3caaa7e9cab75a867c1b07ee3df134a804ad46f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 79a6866be020dd2ce042db77c8817858 |
| SHA1 | 8b75576481a9cc92736edd5172f95fae8890694e |
| SHA256 | 7f7bcf64f5e281091dce9f3976440a4f971e38964e2c66baa12ff4d773fd6875 |
| SHA512 | 5b00e24f108c87e7882971826a7f1b2d19327591b274297ad5d88ba2439581a783f2a2a9dabc21a980a3353fddc869a024afb0e6eb866b438cd2b2083668f91f |
memory/388-1427-0x000001FB5DB80000-0x000001FB5DBA2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pz5astdw.gb4.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/388-1437-0x000001FB76F70000-0x000001FB76FB4000-memory.dmp
memory/388-1438-0x000001FB77040000-0x000001FB770B6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ecadceb8d562dd70d46ff2a4c5dc0188 |
| SHA1 | a03f38f305fbf0b239df31d02c85be4bfe947060 |
| SHA256 | 3f1f4b1d01314f6bd96d4c7d17e12f23695ca9d718a26c86833067cda558bbb2 |
| SHA512 | 06f3ea24550145d2b351a2dcb2af61b170a3bcb64e4b6acc094b0e9143a696ea9355d7dea03f54ccf49e77e932c0b9e43cf8b3165b363bf35be073cf8d7d9118 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 708238de472ad526dfa635869c343982 |
| SHA1 | 7d7fb4d8f53fcb6d32bb810fe96d717c34313473 |
| SHA256 | 96829a5cf23b91c13097bd70f3c01e65084de25609a584fe157d17958da569e2 |
| SHA512 | e1b64aae4910c2e1301b669dbfb7d9c79d4e126f096304100e13a61b49667797535de96c058f27ff389a8f429a98db4407c0c7b59d42dadb1bf31777be90dc44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5556e6ddf3f9362e22a46b801aaf1613 |
| SHA1 | 5ab5a8e423eda7333a5b332078f50601efdd6285 |
| SHA256 | 6ba632723b5833f34b36430bd1a381792360c96676f86aa78b164342b80e7ef5 |
| SHA512 | 76c8f1d10fd52bdcc9b318937f5466161b5f2913e54c1f45b3a64f4c7dad4506a9703045c60b1573f12150051b2f54d06ed3f6d83665db0d178a8fe9289cea7d |
memory/388-1491-0x000001FB76FC0000-0x000001FB76FD6000-memory.dmp
memory/388-1492-0x000001FB76FE0000-0x000001FB76FEA000-memory.dmp
memory/388-1493-0x000001FB770F0000-0x000001FB77116000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8c12e02c8e4cf83041486647f9562a67 |
| SHA1 | b4ba5fa0d4c73cfac30c3b30fd6ff676972f1ab8 |
| SHA256 | 8d3ad19c851f427b7f51a5e7498c42c2dcfe064dce7500074176d51d72ab8030 |
| SHA512 | 0a4644e75ab4ae93400f687428e3c8c1a7ae3fe0f4667594281fe5bb9d1fc5afea11d5edf7d11f206e7cc5cd42ed80d8352096e9db172d5450dc369d9e8cab54 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | e34c4e30e0cc3bf35589614307b9925e |
| SHA1 | f8d5bf2e07361a9291670d7a104019cb3891f681 |
| SHA256 | a36921d87529dd6f6c2d1979fb8b1485f4913fd8e090ce906843f88f97b3f848 |
| SHA512 | 667f79cc6711bab007a875bef9256430ec8e1b851b7881182617dae4103aefc8566078a898f8fdf3262c5857d6e27d6e3d88b8f9e8dbeeebec63595a442350f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 73b9346643d8cd4e26806a4cb12ec7bf |
| SHA1 | c89bbbf4b01d63c883a824750b35dd800913d503 |
| SHA256 | 39e2f1ea0d3dc38274f474b1634ad46cd1b267e03702ddf27be74b7009c602a4 |
| SHA512 | 3b576f419623488bccca7b0c37f5f16c09277bc93c5db7e0840ea84d01d807ddd3a61a96c778031dfdc201b3a5e8e2dd50864c234fcb68089c2fcfea7237ab8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 1d9097f6fd8365c7ed19f621246587eb |
| SHA1 | 937676f80fd908adc63adb3deb7d0bf4b64ad30e |
| SHA256 | a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf |
| SHA512 | 251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | dcf42fc7c8989829cd90daaf7653dc14 |
| SHA1 | 6b2ebe2e31a9dfc8b7656c5e903a61fa743c96a7 |
| SHA256 | 1663e89cb579b26a30271c29e9342bacd80783ce1239361a24f79d24de271969 |
| SHA512 | 36c791d5f5e5af50e413d000d4caf8b6dd515bb6fba96c6c8c8c3eda54c08bacb940bdb9b9a6b1f205cf144cc894d71ca25b011af899a7244e645427af97f8de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 027a77a637cb439865b2008d68867e99 |
| SHA1 | ba448ff5be0d69dbe0889237693371f4f0a2425e |
| SHA256 | 6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd |
| SHA512 | 66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 92e813f9c95c21164834e7b8e21054ae |
| SHA1 | a076cdd0a7b244759225d73ba27886131145ae8c |
| SHA256 | 2f673dcbe8fb2a9888275361ef8c1be80e75fcabca3542c238e98e4d0e0b862d |
| SHA512 | 5bf7dea708578bba4714ad5853837cde990862c7070a66d10255a5eefe16b39a68dc2bfe91d7cbfe604ab7e81ebdd69d8305435cc8ce656d01aad7acb46b2b55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 688ba871c7743827a1de6b1cf058fe0f |
| SHA1 | d4ed42840b21b93a1939f14b5610d4109fc44e7d |
| SHA256 | bbe0532080d0c7582f7d4fb6f68c897d000bd2e0aad07c35dcc8031f6c8dab92 |
| SHA512 | 08175db944bf4845f10406365781e1d44fc84001dbd8849d604644a154cf1fb9c4cc9d64080b7b00baaf261afb8bea692646e01a6df25803d2f91d5fe9ab7c4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 09ac9c9a95dde9d928585489b55a7a53 |
| SHA1 | a0930234469184cebbc08e399bc4d7ad9003b2a0 |
| SHA256 | a2b2e70072c91efc39fce757a94ccb51cb7de56c2e2accc7501947ef0509a612 |
| SHA512 | 0b6d68f9b28439a56bd0fdbd391f8107023117e985a7087dee483e7dcb998897db2e7ec4cdbd551f6546ec648c2c1b8a4345562f9640bcad14fbedaf2730551a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae
| MD5 | 8eff0b8045fd1959e117f85654ae7770 |
| SHA1 | 227fee13ceb7c410b5c0bb8000258b6643cb6255 |
| SHA256 | 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 |
| SHA512 | 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0f38badd10906854dc620f69c64affc1 |
| SHA1 | 5e33fcb094fa80d520fa854a287b49c80fbad986 |
| SHA256 | c33fc85b0c75ee0d55c7e69f0954379c3076dbf83bda7cf523433224a58dd8df |
| SHA512 | 558cbb45ae75c7dd16dbdab3cf275f2be4993ab768f4f4e7e3e54dc9971d30b2fb6df7023019d8ecdfea087ce4de180392e4c43a2c2e823e33bcf4647e70db84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d1423b4b56fcde68079c3e3fddce0de |
| SHA1 | 63ed9295ea33b1d52f0ba7a9ce8337103b062812 |
| SHA256 | ed90b9cb383c8a91d6a28107680ac2a6fc9230e6d80615b4e5b9897b3a8b60fd |
| SHA512 | 5414864600167f0020b93fa06d9a89a932f4375979606809b0ded4879a2d4ca72402b2c4f71c1528893369dd0edecdf6935215676907888e3c7822cd4aa47314 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c9
| MD5 | cc4338db837b0e3f30630842a320a796 |
| SHA1 | 764cbccff0d132436f387596a8eb5ea71954bd0c |
| SHA256 | e035df2cc7bb7ac4c4993f32eef9279020a55dd83c4efb92f5dbeb04c159e7fb |
| SHA512 | 2f55d1d6d5da4905b76ec30c5af2ea070fca2825f3acca38a244754e29c7da67d8b14a64912fd8bc2c173a6e0daf1303bfc60dba92d41cf86ea084b098fc982c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d4
| MD5 | d4a19f5a7c518e64903a4aa20dacf521 |
| SHA1 | e6afe04665c50489b3257ee438850b4d4512f05e |
| SHA256 | 5bcca91078097f495f1e6a5270dac4a34af676589bbe807e20c616c75be2cf9d |
| SHA512 | 701612bfcb67f87e85193978f836b45b18190336afeb0ef69f0f8cdb5bc5a78655242672a9e23a2fd37f4c77c2d763feffb82038a77e988a68a18231b02ef373 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d5
| MD5 | 7820201f0db0c706a0ea5bb7ce018ef2 |
| SHA1 | 6d116650afbb3b25bfd6226c7d5ee00dd1fe4515 |
| SHA256 | 04f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a |
| SHA512 | bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f0eb1499163a5b77ce8a2a7bf5ab7b03 |
| SHA1 | 95b27a914a2acd6a0e08b7f51c7a38f45f24e92b |
| SHA256 | 450b07d036a1483bccc1170acc96d926748fde16b159819bc1722214f8a1ea68 |
| SHA512 | 5c9bb2dad338292c7991f4ccce7d047377f308344287af0f05cc4bfaf86391a5a6c656ecc5bcbf4e2ea8a227019aa1760a4a0dfd54486e825a8e25023d5ff90d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009d
| MD5 | 0800f316866f3b20e5443bf0b6c133a2 |
| SHA1 | 0c26d720ec1078b683068d5586b3a204ec118bba |
| SHA256 | 8bf6fdda34cb70a0e5abb753af6440a64d37ed2fee81ab1d9c478f7d77aff84e |
| SHA512 | 84d9961ef0b3890094c0809750708d57ab23a9e21f76fbddae37fe04443b44c693dd087e51ed06e5ea2900f1fa7f2bda76f8991d3f8396dacfaf923438e48d75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b
| MD5 | 6931123c52bee278b00ee54ae99f0ead |
| SHA1 | 6907e9544cd8b24f602d0a623cfe32fe9426f81f |
| SHA256 | c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935 |
| SHA512 | 40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\648284ac-ae39-4ed9-b4c9-439b5255fd80.tmp
| MD5 | 111805858bb8a0eab6c9bd77c5f77fdb |
| SHA1 | afd621f549259acf0deda5466917157228612134 |
| SHA256 | c56a370620d0fa40573d9af8589f6b8dcd99dc477acdc1dfd412ff8bb2d5abd5 |
| SHA512 | 4d15923be1fd65aa2cb45b5025b2316443492f0abe8e8682615da5081f599fc288ac0f3621c935f01fe85743e2644381a74144d69d11acce00a94e53bf219d4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 705920a1d1b8530ab29045749cee275a |
| SHA1 | 1815fce03deb36e849396a0a045338c004dce1e9 |
| SHA256 | 4e0508bf6f2f64d5973ab8f447b7567d4a80902f45e46f49b8bf5db30a8a531a |
| SHA512 | 4840bd5042d197e6d7a92fe70fbb80e6748e023728304947b21e8abd5c5affcbb5ca6257bf7a28aac846272fa2842c14e988887b8b7b0eb2be024dea4d00c950 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011f
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | caa95963fc02f22c90f91cdffd1fd4b6 |
| SHA1 | dd1272f642d4527414e60ee0b33982ecbc63bfd8 |
| SHA256 | 32b51cf150956536593418fcd0474dedb0aaee9000c30500d10788f5737a870b |
| SHA512 | f18016345e8ecf44f20a430cf467aa54f15e89e9c5eb1dc9a6bbb1bc11115bc0a9c3185baf5e82f376744029c4553a7965a23303d08e99b7fbf4cc85b5929a04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a63c5edeb9f03ae83c57da3301f35dbf |
| SHA1 | 12a6bf78cdf6ac0ceca50f09a1493708268bda59 |
| SHA256 | f9a68c54ab22eb49503d2caaeb122c3572ac4069c9fcb74305c833aef071692e |
| SHA512 | 250da15dea778ed416d76cbc710ec97235dc0c78a8cda9fc1e7164e4c8506fe6212bdec75e5a6163ff98d82c0ae764836180d776f9c679d81cc436aeccf2ef6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7
| MD5 | 19d43a999a5a53608b857672cf1739b2 |
| SHA1 | 06bf03f39a4e007d85ad7bcc8e244bac676ee2ad |
| SHA256 | 4515023ae96c3fe2e54b0979e42c3d8d0574093c0701f9a2fef11fe95cf5adb9 |
| SHA512 | 33a2bf2c9bbff483c42ce8096cba0eb753a3749d7e58f7d635b3b31f8d3fd7036e2a7292dcddf6198b0ce0c965ab4bda6d11450cca55fa7a922a07188c16bf27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cd
| MD5 | 329f4f657ed48c0f7898a3be9c615ec1 |
| SHA1 | 527770ad27b46979f41ab7909a785bc7b767871c |
| SHA256 | 7b03cd4d4d1c088f9196cad6d4efee61167fe9fbbfda4498417290ef0f211c23 |
| SHA512 | 1c42d4c7d47d156e282e1d6c577e1955e8037105a534b5a17289e42d86e89f5321cbec23c832ae62789a819e96e3223d50f01417deaa36d1611e0dc1c4b637a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d7
| MD5 | f439c37c3e29d77cc836ffa9778a2126 |
| SHA1 | aa20cd47ad3067ee461522ff18f7798c7e318f20 |
| SHA256 | bce99f4a44f715d26dd015f955e1fc5113e04117b3e38f8d02bf41bdd55190da |
| SHA512 | 591a4247ccfc5f0e108a516c1223d53d5d8b1e0f6bb49a21604e05cc48ef47ecda01dcc9677f8c5d01820c9607063d332f0627ef42574b4374fefe2f89b1fd11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d6
| MD5 | 05e9679509b61424a07cc4d4efb7247f |
| SHA1 | db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81 |
| SHA256 | 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b |
| SHA512 | 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8
| MD5 | 89a574ff00e6b0ec61d995d059ce6e65 |
| SHA1 | aea09e96808ab77165ffa712eaa58b8f056d0bb6 |
| SHA256 | e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44 |
| SHA512 | 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fb
| MD5 | c55dbb2a5e2048f8ac7b88cafbe13ab6 |
| SHA1 | 6629572a0fd059184b4e5c57687fa414fa7283d3 |
| SHA256 | a82abfaf7dd683f673153324de1295a2a952e5b40fbbc581b5fc39603883f5cb |
| SHA512 | 61336d53f5f14636ad0552e92bafec6ab262faea08d28143dbe6f631bd6be86ed1b6b2dd5a2127cde53a1405ee4bc8384c3327521571917dc22c7fd553f108aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d9
| MD5 | cfa2ab4f9278c82c01d2320d480258fe |
| SHA1 | ba1468b2006b74fe48be560d3e87f181e8d8ba77 |
| SHA256 | d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e |
| SHA512 | 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dc
| MD5 | 8a42ba5472aa4afa3d3ac12f31d47408 |
| SHA1 | 2add574424ac47c1e83b0b7fae5d040c46ac38a7 |
| SHA256 | 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4 |
| SHA512 | 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000130
| MD5 | 6959c9f88b6fb8554e6f425dde0672b4 |
| SHA1 | b7b9f19568b87b28475a84e85e4b21ce970a8dda |
| SHA256 | 4a1f68864b12b9dbb0d41320fbb3f6b96cae14ba4621e6b50f1de88a4ab21d15 |
| SHA512 | f91a0d3ce5764a291a0a718c4d5b94abff4f272d23586d1d46fc93807608c48e173088936833779b862b7ed661bdf03eae2185fa134dd9d4d52c4f7d82645734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000132
| MD5 | 1aca735014a6bb648f468ee476680d5b |
| SHA1 | 6d28e3ae6e42784769199948211e3aa0806fa62c |
| SHA256 | e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a |
| SHA512 | 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86 |
C:\Users\Admin\Downloads\Unconfirmed 204840.crdownload
| MD5 | c61f21ffd2fc2825d7c283216998ac18 |
| SHA1 | 3cc079f3b392db3e229df105d9a1e53411f3d211 |
| SHA256 | 2e58cad322836a59a561cc746372655ead1852c9b3393c60ce403ef6262d4020 |
| SHA512 | db27b473cba1b15e04ecf9f88fc5a2909beb99f2c13ecff449a04aaaa5e214cd65d1471a3d3cbf08cf4cd40e15f31a2fcc20ff0e3585f3c31407342420063355 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011e
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000117
| MD5 | 6fb26b39d8dcf2f09ef8aebb8a5ffe23 |
| SHA1 | 578cac24c947a6d24bc05a6aa305756dd70e9ac3 |
| SHA256 | 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059 |
| SHA512 | c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72b609296ff5f9cc0cf1eaed42f138f8 |
| SHA1 | 79abaf18ff75d8dbb51fd7fa1f64befbcc4d875d |
| SHA256 | 7dcf2c31411cd0a29d9256ec148db9c0606302c0cb0d78850df3e11ff575c474 |
| SHA512 | 7f5f841075ba17c7d85521747139ea0cd9cef65ee1c933bfcae953c7c62fd6a4f9e6ae18e2a5d1f8e9fddaebd3206245e4139baf79c2764c2abfe3f7560b05c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e7f42870348d9479068d96c87d91f28 |
| SHA1 | bf38704cb574a17e8419a292c8386ae5493b414c |
| SHA256 | 39c36fdb2b1d11d9412045769be3cfd714a21bd7511a384882b0e55692e41992 |
| SHA512 | f7a3c9bfa0effd879447f5c32c3b9ec7475e714d9b70899323883e58fa0729fd809e89280ba4cdd2d87e9cc896e8434c89da26c07cf33e36f68b8db24d42f59f |
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | d9cb0b4a66458d85470ccf9b3575c0e7 |
| SHA1 | 1572092be5489725cffbabe2f59eba094ee1d8a1 |
| SHA256 | 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05 |
| SHA512 | 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6 |
memory/6672-3429-0x0000000006FC0000-0x0000000006FD6000-memory.dmp
memory/6672-3430-0x00000000734B0000-0x00000000734C6000-memory.dmp
memory/6672-3432-0x00000000098C0000-0x0000000009E64000-memory.dmp
memory/6672-3436-0x0000000009800000-0x0000000009892000-memory.dmp
memory/6672-3437-0x0000000006E40000-0x0000000006E84000-memory.dmp
memory/6672-3438-0x000000000A560000-0x000000000A5FC000-memory.dmp
memory/6672-3439-0x0000000006F10000-0x0000000006F76000-memory.dmp
memory/6672-3440-0x000000000AB30000-0x000000000B05C000-memory.dmp
memory/6672-3441-0x000000000AAB0000-0x000000000AABA000-memory.dmp
memory/6672-3442-0x000000000AAD0000-0x000000000AB20000-memory.dmp
memory/6672-3443-0x000000000BD30000-0x000000000BDE2000-memory.dmp
memory/6672-3444-0x000000000BCD0000-0x000000000BCEA000-memory.dmp
memory/6672-3445-0x000000000BE30000-0x000000000BE42000-memory.dmp
memory/6672-3446-0x000000000BEA0000-0x000000000BEC0000-memory.dmp
memory/6672-3447-0x000000000BF00000-0x000000000BF32000-memory.dmp
memory/6672-3448-0x000000000BFB0000-0x000000000C016000-memory.dmp
memory/6672-3449-0x000000000BF40000-0x000000000BF5E000-memory.dmp
memory/6672-3450-0x000000000BF90000-0x000000000BFAA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 94414dd6759626b433db819853608f68 |
| SHA1 | 49b2df49dc0ebf74f64301db6cdbc2c4a2994636 |
| SHA256 | 88f089c18ab098acc9e82ff7279a32608c0ea478737e558bcf48f2d0e47d14be |
| SHA512 | 62db02abcd5fe82c28fb2f3d44aa396ac6a265623b9e93bf5969620db602e81ea3aa9cdbb3a5703c041b203bb94e50eff4f8b745fbe0ab7c46a415d57910e903 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f283ee6029b13c3220946036470589d |
| SHA1 | 670c0db87bdd599cc9d4c0fba16c0244db6ca94b |
| SHA256 | bd2f6efd6e25180ac167f7222c29d26fe66cb00124dd35efdbd0c1d96b8f2cc8 |
| SHA512 | 62390e2c60c59e9d5e67b04264ddf1cda42736c8bc6f2885dee98a520e0bf965ed043f3cdf9cb1b13a5b9376fa3107dfb4ca083d62f47324f2ffa67d64f7b5b6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 1861d59c88deadab4e0924705be47739 |
| SHA1 | 646419235b210fbe2c6c4cb855a84de2c7efda14 |
| SHA256 | 704a8e375a8a3852005ccb093ffad356604976300e2b75469fd1e99c0c8b001b |
| SHA512 | 93309c4ec4e3ad3ef920c682dd1fcb599d1eb4e40d590b250956dfb5e53aa10f0ff2bd3ed9b885927db81a141aa97b04b7ba6869bd7a8ff5d612a71af6cf29be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 79218604e9dae82175d6cfca133654e0 |
| SHA1 | d3e2d19a77c5ae8395ff5722347b9529b2e9a4c1 |
| SHA256 | 0fee2cda212e370d38b4e9a6b6ec8d6608ca4c1cba81ef1a921cf10c4631e45c |
| SHA512 | 1dfc5c4f4e437e4b8267711c36ffabc39781311819654cd56f14d6724d23f0f2f72849658e922c8538f6e3027443b8976f41c9354d502ee3eb82aa11c547209f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3ac43676d7c3e146ef8beede46050aaf |
| SHA1 | 32e0c4e86414cc65597b4b8300d5a902ae1f9d4c |
| SHA256 | a6c2384c597972b16e0f9f6d50a66d05466ee9b781b2dc49f074aebd46682aeb |
| SHA512 | f4a12c2a1ff9c01131789e0a394f6a9e6e137f833c8783e18eb0f7271319b4d7df2c8d45d70d9230a495d6561795e82043cb28569791509963cf25a0fd24b8e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ce5b42234faf55a213958811dcbaf13a |
| SHA1 | 73eb965856e041323936e71d7dacf258b22951be |
| SHA256 | 59f917e4fcf4adb92e907b8027829dcd710eefae464a261b9532a4e0fc3d4ab1 |
| SHA512 | 1f6744e2a49f21a7eefd455a347bbddbe04b9644459c2628d96512f6a74d044008ef3fffeb5c7c9a0cc54a98cde54a2d88e95be299061d3e2e3752d72e361cfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87b8a87ce2c3a168a1096f1b32f45202 |
| SHA1 | 674b63ba266a856680714b3a5a42f6814eb9b5d7 |
| SHA256 | 0eb651513b8522365cd32fb653055fb73f18931d0f76a9e0a098e279fe25c6c6 |
| SHA512 | 80b2b596fbbb44020b2690b7251fc283324109c456f66011543a3e01959f93d4638b62171da353c578f4172416e7153ccab52b4af4238b737f0aa3b362f5a2ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16f52f0d4ed61c5e7353f1805919d80b |
| SHA1 | 0c8ce4e31e02dae201b0733b67b3f4b5eb24e2bd |
| SHA256 | fbf144ef31f3e0b3842ddcc28e7d46033217986dd011ffb119f10483f0b4589c |
| SHA512 | 451b876ba67123a4b63fd454226cdddcc4b8bf1c6a365d1e9579caba29cef49ca068e23e84a2bfc2d334e8236e877ce3ed269332030e79dad859342d43325201 |
C:\Windows\Logs\DISM\dism.log
| MD5 | 88d030deb5e811822c5838eb4afa73cd |
| SHA1 | 833680d08dd8d72ff672aae67d8a3cf7efc42841 |
| SHA256 | 73ab23e49f78040f3a8826abb184f8b67ec2e180cccca89bd3198c640632184e |
| SHA512 | ceacc132706e5e2fc76417358d2a222b40ba4af5be18b6dfd93bd464c84de5b1fd59324eb61d4ccf913304bb75a939579a8edf47d0045471b9808effb0d87ee1 |
memory/7160-4522-0x0000000002660000-0x0000000002696000-memory.dmp
memory/7160-4523-0x0000000005110000-0x0000000005738000-memory.dmp
memory/7160-4524-0x0000000004EC0000-0x0000000004EE2000-memory.dmp
memory/7160-4530-0x0000000005930000-0x0000000005C84000-memory.dmp
memory/7160-4535-0x0000000005F80000-0x0000000005F9E000-memory.dmp
memory/7160-4536-0x0000000005FA0000-0x0000000005FEC000-memory.dmp
memory/7160-4538-0x000000006E5E0000-0x000000006E62C000-memory.dmp
memory/7160-4537-0x0000000006560000-0x0000000006592000-memory.dmp
memory/7160-4548-0x0000000006500000-0x000000000651E000-memory.dmp
memory/7160-4549-0x0000000007190000-0x0000000007233000-memory.dmp
memory/7160-4550-0x00000000078E0000-0x0000000007F5A000-memory.dmp
memory/7160-4551-0x0000000007310000-0x000000000731A000-memory.dmp
memory/7160-4552-0x0000000007520000-0x00000000075B6000-memory.dmp
memory/7160-4553-0x00000000074A0000-0x00000000074B1000-memory.dmp
memory/7160-4555-0x00000000075C0000-0x00000000075DA000-memory.dmp
memory/7160-4554-0x00000000074E0000-0x00000000074EE000-memory.dmp
memory/5776-4567-0x00000000056F0000-0x0000000005A44000-memory.dmp
memory/5776-4568-0x000000006E5E0000-0x000000006E62C000-memory.dmp
memory/3008-4588-0x000000006E5E0000-0x000000006E62C000-memory.dmp
F:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
F:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | 6fe5ee1daf303963482ffc414b1f4aed |
| SHA1 | 076ebaeeb02853d96e20085fbedaf7e61f3a60d3 |
| SHA256 | 2685e5c1aa3cdead02024f21abadb413c6dc130946f7b44ca01b0cea64bdd2ae |
| SHA512 | 8bc6758c95a53ebcd6b6fd27bdd3165f91bcd8f370d677afb7d599865b57ecad274eb21502235eeb64ad2624046cafa9f14576221b1503e333815df5a6dfe134 |
F:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 77138e2662cdeffd61cf6210ae3fb8ca |
| SHA1 | a085b99630efc74cedd0be9a0eeb57eff7b3850f |
| SHA256 | 68c83685da55573ae966db3113ee513dd76ba489024373968e527bd44d814724 |
| SHA512 | a4621910aa3ae4b5dfa558e69d0270717341467cf067d9397e2bbf118f789c87eef8750ecb25ffd9c60f51f35ceb40b211ce9a738116c4dfc06e543ac90d1bcc |
memory/932-4680-0x0000000000C60000-0x0000000000C76000-memory.dmp
memory/932-4696-0x0000000037090000-0x00000000370A0000-memory.dmp
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | b2e3ba2084f827f2e46a917983363f0b |
| SHA1 | 41fd27f8688b7a755abc0acc72a2a6a0e1045c78 |
| SHA256 | 7daa3d35584a7e87c3e8e3afeb436d088209966471d6c766328087823f1f3e73 |
| SHA512 | 4aea989bda6efc91836264f04f23fb3760764e3ef7809f618ad949c2e64b5a167fe5d054607535ec22fea4942d9ddc5ea7f70a1f529ee23633c1cd275d90e508 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8b40aeaa-1a28-4b24-aa2a-c4f5c2e6742b.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c125c7a341477d3b39f33c96dad70c99 |
| SHA1 | 566598e334c2e65f58c80a4ed0b68d32a144331c |
| SHA256 | 5d4c639d00441a9a3762e56307d65c365b3bca743c5e1a6592187349504a3b6b |
| SHA512 | d7325a301865b84b6706c0c880780d6bb3aa261d5587893d35e0cee44bf7773111f9fd0bed289c6c0df7a0ceb70f7772d73318fff79de0956c15ebc2705481eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
memory/932-4870-0x000000006C280000-0x000000006C2FA000-memory.dmp
memory/932-4869-0x000000006C300000-0x000000006C37E000-memory.dmp
memory/932-4868-0x000000006C380000-0x000000006C926000-memory.dmp
memory/932-4872-0x000000006E730000-0x000000006E789000-memory.dmp
memory/932-4871-0x000000006C930000-0x000000006E32B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aba5176c395559b27d7a9650e0c93713 |
| SHA1 | 3f01a3380dc3bd79e25432eaca721dce1717e91f |
| SHA256 | cc54623addb91c59b6ecb92339ff20437279d67486b12f16d44e95b6968aa844 |
| SHA512 | ab55abf05f74d8760886db2aa873581d509613a45531d9b5d6a03894c9d5be888054ea2444cb4a21fbcc5086016b1f79c24ad2f4294e28e0c5234c7320deb289 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ef559de4f12fe0f5aaec7600750b136c |
| SHA1 | e2673269fb722fe6f0aec66f9e50b0b117e8b88d |
| SHA256 | feac49e6ee0096528b4a49068a6f817e38773730e213fe712fc3fe814cdcf7c0 |
| SHA512 | 2df7f122db19b4be5c27eb01bd6ce62ce2c20bfffc0ecf372cca7dfb0ccb70f20d4b598338ab6ba56ae1e506805e34851a6ebcd3ff7d1c0028ce3bba94dab812 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 08b8acf60e043a9a89576a96b81efa26 |
| SHA1 | 2ccdf52b56fda2184bb6014e3fc8abda54a9be2e |
| SHA256 | 9e0b81773add5e5e9438de100b0b31c58a44467401a8ce009c79df8a1c256405 |
| SHA512 | 2b6e649d35c58eaf1677fc283edeaa07dc69400cc94e78fbd5d1674882ccddbbbfc9ecfef2cbf2a6e259bad1e5d2d0a0dc5fa4ebfcc4346e0f503803eb9e488f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bd9b21ed5b9a8522bf466aa6ec7689e6 |
| SHA1 | c613e2327e059f9586bf2f2117f98870583ae598 |
| SHA256 | 8a19f3ed035061bd72e1a9276ce59e8c5f8e07a710b3f76d2ccc7e71aef0e379 |
| SHA512 | b161616e08b774f2ef02770ffbb8f868bb6e122b46a48c9137fd195fd263e2e7435ad6d309dc0f85002eaf5af252d0a3b6645bf8f43a4f5a715a36503ad10777 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 06cff4296b22389e009f7ebf4c679f86 |
| SHA1 | c9c0421ff05b9df57714fe4430f33f39368345d2 |
| SHA256 | d49533ded0d2ed604df464b4bc03f0929ebbe43c9b41fd27df70d55af99874e2 |
| SHA512 | 2756a19dd3318062b9aed6225513c961506ddb3d11afdbbf5280be9f9a56e012d16c745af7f6ac430f9356f0bb30586cb05cb547f85b35d903aebbca1276455f |