Malware Analysis Report

2024-12-07 14:58

Sample ID 241005-nj1qgs1hpr
Target https://www.filehorse.com/download-brawl-stars/
Tags
discovery execution exploit motw persistence phishing privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://www.filehorse.com/download-brawl-stars/ was found to be: Likely malicious.

Malicious Activity Summary

discovery execution exploit motw persistence phishing privilege_escalation

Creates new service(s)

Manipulates Digital Signatures

Possible privilege escalation attempt

Downloads MZ/PE file

Loads dropped DLL

Modifies file permissions

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Enumerates connected drives

Launches sc.exe

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: LoadsDriver

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

NTFS ADS

Runs net.exe

Suspicious use of WriteProcessMemory

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 11:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 11:26

Reported

2024-10-05 11:30

Platform

win10v2004-20240910-en

Max time kernel

243s

Max time network

245s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.filehorse.com/download-brawl-stars/

Signatures

Creates new service(s)

persistence execution

Downloads MZ/PE file

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\FuncName = "EncodeRecipientID" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainFinalProv" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.1.1\FuncName = "DecodeAttrSequence" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCertPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.4\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\2.5.29.32\FuncName = "FormatVerisignExtension" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2221\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2003\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\FuncName = "WVTAsn1SpcSigInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\ldplayer9box\Ld9BoxSup.cat C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxHostChannel.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\capi.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\NetFltInstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-locale-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\ucrtbase.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf.cat C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxBugReport.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxRes.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-conio-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-util-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxSup.inf C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9VMMR0.r0 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\SDL.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxAutostartSvc.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\host_manager.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxSVC.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5WinExtras.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-sysinfo-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-filesystem-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\bldRTIsoMaker.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\libssl-1_1-x64.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxExtPackHelperApp.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.cat C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\DbgPlugInDiggers.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-sysinfo-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSharedFolders.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-interlocked-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxEFI32.fd C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\dpinst_64.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\USBUninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxManage.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-stdio-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-time-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\GLES_V2_utils.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9VirtualBox.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\libcrypto-1_1-x64.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5Widgets.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\dasync.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\msvcp120.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-2-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\NetFltUninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5Gui.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\SUPLoggerCtl.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-time-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-debug-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\ucrtbase.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDragAndDropSvc.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDTrace.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-utility-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5OpenGL.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxNetNAT.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l2-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-1.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\GLES_V2_utils2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcp100.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\dism.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00B1-4E9D-0000-11FA00F9D583} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-32E7-4F6C-85EE-422304C71B90}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\ = "IProgressTaskCompletedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\ = "PSFactoryBuffer" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B4A4-44CE-85A8-127AC5EB59DC}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\ = "IVirtualSystemDescription" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4430-499F-92C8-8BED814A567A}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7071-4894-93D6-DCBEC010FA91} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7708-444B-9EEF-C116CE423D39}\ = "IParallelPort" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-762E-4120-871C-A2014234A607}\ = "ICloudProviderManager" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}\ = "IDHCPGroupCondition" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\ = "IDnDSource" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3618-4EBC-B038-833BA829B4B2}\NumMethods\ = "32" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9B2D-4377-BFE6-9702E881516B} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-319C-4E7E-8150-C5837BD265F6}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-08A2-41AF-A05F-D7C661ABAEBE}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D612-47D3-89D4-DB3992533948}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\NumMethods\ = "24" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FD1C-411A-95C5-E9BB1414E632}\NumMethods\ = "23" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3534-4239-B2DE-8E1535D94C0B}\NumMethods\ = "13" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6038-422C-B45E-6D4A0503D9F1}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23}\ = "IChoiceFormValue" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC19-43FA-8EBF-BAECB6B9EC87}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DAD4-4496-85CF-3F76BCB3B5FA}\ = "ISnapshot" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E1B7-4339-A549-F0878115596E}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1f04-4191-aa2f-1fac9646ae4c} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7997-4595-A731-3A509DB604E5} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\NumMethods\ = "13" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8079-447A-A33E-47A69C7980DB} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E1B7-4339-A549-F0878115596E}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00C2-4484-0077-C057003D9C90}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\VersionIndependentProgID\ = "VirtualBox.VirtualBoxClient" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\ = "IDnDModeChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\ = "IMediumAttachment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\ = "IGuestFileStateChangedEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3CF5-4C0A-BC90-9B8D4CC94D89}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ = "IVBoxSVCRegistration" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00A7-4104-0009-49BC00B2DA80}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 278086.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2072 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.filehorse.com/download-brawl-stars/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8297146f8,0x7ff829714708,0x7ff829714718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9040 /prefetch:8

C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe"

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=3040 -language=en -path="C:\LDPlayer\LDPlayer9\"

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=328340

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe {1F7DC7E8-B2C1-4EFD-BC1B-DD914ECCF9F9}

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\LDPlayer\LDPlayer9\driverconfig.exe

"C:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Windows\system32\BackgroundTaskHost.exe

"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8297146f8,0x7ff829714708,0x7ff829714718

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.supercell.brawlstars|package=com.supercell.brawlstars

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x510 0x4ec

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7336 /prefetch:8

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8297146f8,0x7ff829714708,0x7ff829714718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.filehorse.com udp
US 104.20.1.51:443 www.filehorse.com tcp
US 8.8.8.8:53 static.filehorse.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 spn-v1.revampcdn.com udp
US 151.101.65.91:443 spn-v1.revampcdn.com tcp
GB 142.250.179.226:443 securepubads.g.doubleclick.net tcp
US 151.101.65.91:443 spn-v1.revampcdn.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 51.1.20.104.in-addr.arpa udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
GB 142.250.179.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
IE 3.162.142.187:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 apps.cpi.arturito.cloud udp
US 35.244.193.51:443 lexicon.33across.com tcp
US 172.67.41.60:443 btloader.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
IE 54.74.215.235:443 id.crwdcntrl.net tcp
DE 162.19.138.119:443 id5-sync.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 34.120.186.113:443 apps.cpi.arturito.cloud tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 di-images.sftcdn.net udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 151.101.1.91:443 di-images.sftcdn.net tcp
US 151.101.1.91:443 di-images.sftcdn.net tcp
US 151.101.1.91:443 di-images.sftcdn.net tcp
US 151.101.1.91:443 di-images.sftcdn.net tcp
IE 3.162.140.85:80 crt.rootg2.amazontrust.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
IE 13.224.68.126:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 187.142.162.3.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 113.186.120.34.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 235.215.74.54.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 76.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 85.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 126.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 d1d365987bb417c79a8c9b8dabede182.safeframe.googlesyndication.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 static.criteo.net udp
IE 3.162.148.221:443 aax.amazon-adsystem.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
FR 5.135.209.97:443 prg.smartadserver.com tcp
FR 5.135.209.97:443 prg.smartadserver.com tcp
NL 185.89.210.122:443 ib.adnxs.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
IE 52.19.36.6:443 ad.360yield.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 221.148.162.3.in-addr.arpa udp
US 8.8.8.8:53 122.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 97.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 38.0.90.157.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 6.36.19.52.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 esp.rtbhouse.com udp
US 35.190.39.111:443 esp.rtbhouse.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
N/A 224.0.0.251:5353 udp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 142.250.178.1:443 d1d365987bb417c79a8c9b8dabede182.safeframe.googlesyndication.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 s.richaudience.com udp
DE 157.90.0.38:443 s.richaudience.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
DE 157.90.0.38:443 s.richaudience.com tcp
US 8.8.8.8:53 111.39.190.35.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 events.cpi.arturito.cloud udp
US 151.101.1.91:443 di-images.sftcdn.net udp
US 34.120.139.235:443 events.cpi.arturito.cloud tcp
US 8.8.8.8:53 analytics.arturito.cloud udp
US 34.117.29.134:443 analytics.arturito.cloud tcp
US 34.120.139.235:443 events.cpi.arturito.cloud udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 articles-images.sftcdn.net udp
US 8.8.8.8:53 134.29.117.34.in-addr.arpa udp
US 8.8.8.8:53 235.139.120.34.in-addr.arpa udp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
DE 168.119.72.236:443 sync.richaudience.com tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
GB 23.219.196.188:443 ads.pubmatic.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
DE 168.119.72.236:443 sync.richaudience.com tcp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 onetag-sys.com udp
GB 2.19.117.107:443 player.aniview.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
GB 2.19.117.107:443 player.aniview.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 44.218.137.49:443 cs-server-s2s.yellowblue.io tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 89.149.193.116:443 ssbsync.smartadserver.com tcp
US 44.218.137.49:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 sync.1rx.io udp
DE 168.119.72.236:443 sync.richaudience.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 match.adsrvr.org udp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 15.197.193.217:443 match.adsrvr.org tcp
US 54.197.49.144:443 api-2-0.spot.im tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 52.210.235.15:443 match.prod.bidr.io tcp
US 8.8.8.8:53 sync.aniview.com udp
NL 89.149.193.116:443 ssbsync.smartadserver.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 188.196.219.23.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 107.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 49.137.218.44.in-addr.arpa udp
US 8.8.8.8:53 15.235.210.52.in-addr.arpa udp
US 8.8.8.8:53 144.49.197.54.in-addr.arpa udp
US 34.117.29.134:443 analytics.arturito.cloud udp
US 8.8.8.8:53 image8.pubmatic.com udp
NL 35.214.136.108:443 x.bidswitch.net udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 8.8.8.8:53 b1sync.zemanta.com udp
DE 51.89.9.253:443 onetag-sys.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 50.31.142.127:443 b1sync.zemanta.com tcp
US 50.31.142.127:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 54.158.94.71:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
IE 52.208.55.65:443 ap.lijit.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 bttrack.com udp
GB 2.17.5.216:443 eus.rubiconproject.com tcp
GB 2.17.5.216:443 eus.rubiconproject.com tcp
US 54.158.94.71:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
IE 52.208.55.65:443 ap.lijit.com tcp
IE 54.247.162.123:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
DE 51.89.9.253:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
NL 81.17.55.123:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
GB 2.17.5.216:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 tracker.open-adsyield.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 172.111.38.111:443 tracker.open-adsyield.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 253.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 127.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 65.55.208.52.in-addr.arpa udp
US 8.8.8.8:53 71.94.158.54.in-addr.arpa udp
US 8.8.8.8:53 123.162.247.54.in-addr.arpa udp
US 8.8.8.8:53 116.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 123.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 166.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 111.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
DE 157.90.33.72:443 push-sdk.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 8.8.8.8:53 9d78b7b6dcef8eeffb816bc865359ae8.safeframe.googlesyndication.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 uidsync.net udp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.226.234:443 aax-eu.amazon-adsystem.com tcp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 72.33.90.157.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 216.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 68.33.90.157.in-addr.arpa udp
US 8.8.8.8:53 236.72.119.168.in-addr.arpa udp
US 8.8.8.8:53 234.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 cacerts.rapidssl.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
NL 185.89.210.122:443 secure.adnxs.com tcp
US 8.8.8.8:53 www.ldplayer.net udp
GB 163.181.154.242:443 www.ldplayer.net tcp
GB 163.181.154.242:443 www.ldplayer.net tcp
US 8.8.8.8:53 242.154.181.163.in-addr.arpa udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 52.210.235.15:443 match.prod.bidr.io tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 ads.creative-serving.com udp
NL 35.214.241.248:443 ads.creative-serving.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 91.134.110.137:443 rtb-csync.smartadserver.com tcp
NL 35.214.241.248:443 ads.creative-serving.com udp
US 8.8.8.8:53 137.110.134.91.in-addr.arpa udp
US 8.8.8.8:53 248.241.214.35.in-addr.arpa udp
US 35.244.174.68:443 id.rlcdn.com udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
GB 142.250.187.246:443 play-lh.googleusercontent.com tcp
US 172.67.70.36:443 cmp.setupcmp.com tcp
GB 79.133.176.186:443 cdn.ldplayer.net tcp
GB 142.250.187.246:443 play-lh.googleusercontent.com udp
US 8.8.8.8:53 res.ldrescdn.com udp
US 8.8.8.8:53 stpd.cloud udp
US 172.67.70.36:443 cmp.setupcmp.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
US 104.18.31.49:443 stpd.cloud tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 186.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 241.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 49.31.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.googletagservices.com udp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.187.226:443 www.googletagservices.com tcp
US 8.8.8.8:53 apien.ldplayer.net udp
US 8.8.8.8:53 usersdk.ldmnq.com udp
US 8.8.8.8:53 api.ldshop.gg udp
US 3.165.232.58:443 apien.ldplayer.net tcp
US 3.165.232.58:443 apien.ldplayer.net tcp
GB 172.217.16.238:443 apis.google.com udp
SG 8.222.176.52:443 api.ldshop.gg tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
SG 8.222.176.52:443 api.ldshop.gg tcp
IE 13.224.68.74:443 tagan.adlightning.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 58.232.165.3.in-addr.arpa udp
US 8.8.8.8:53 52.176.222.8.in-addr.arpa udp
US 8.8.8.8:53 49.4.236.47.in-addr.arpa udp
US 8.8.8.8:53 74.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 accounts.google.com udp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 3.165.232.127:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
NL 142.250.27.84:443 accounts.google.com udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 63.215.202.178:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.5.69:443 a.ad.gt tcp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 127.232.165.3.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 178.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 e47dbaf280088b9a08a152f0488b7558.safeframe.googlesyndication.com udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
FR 5.135.209.97:443 prg.smartadserver.com tcp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 adx.adform.net udp
US 35.186.253.211:443 rtb.openx.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
FR 163.5.194.37:443 prebid.a-mo.net tcp
DK 37.157.6.232:443 adx.adform.net tcp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 dnacdn.net udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 cm.adform.net udp
DK 37.157.3.26:443 cm.adform.net tcp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 162.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 37.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 232.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 26.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 u.openx.net udp
US 35.244.159.8:443 u.openx.net tcp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 337e11ccf3ab4afbc478106f4a76b778.safeframe.googlesyndication.com udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 node.setupad.com udp
DE 159.89.25.223:443 node.setupad.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 223.25.89.159.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 35.186.253.211:443 rtb.openx.net udp
US 8.8.8.8:53 ads.eu.criteo.com udp
US 8.8.8.8:53 rtb.fr3.eu.criteo.com udp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 12.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 17.1.250.178.in-addr.arpa udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 cat.nl3.eu.criteo.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 imageproxy.eu.criteo.net udp
US 8.8.8.8:53 csm.eu.criteo.net udp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
US 8.8.8.8:53 3bede9c6fe89d809940059b5c6cb95d0.safeframe.googlesyndication.com udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 6.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 15.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 104.18.31.49:443 stpd.cloud tcp
US 8.8.8.8:53 cdn.mediago.io udp
US 8.8.8.8:53 images.mediago.io udp
US 8.8.8.8:53 trace-eu.mediago.io udp
US 34.111.60.239:443 images.mediago.io tcp
IE 18.66.171.21:443 cdn.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
IE 18.66.171.21:443 cdn.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io udp
US 8.8.8.8:53 gtrace.mediago.io udp
US 8.8.8.8:53 239.60.111.34.in-addr.arpa udp
US 8.8.8.8:53 80.168.214.35.in-addr.arpa udp
US 8.8.8.8:53 21.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
NL 35.214.168.80:443 gtrace.mediago.io udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 sync.a-mo.net udp
FR 163.5.194.37:443 sync.a-mo.net tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.158.19:443 assets.a-mo.net tcp
NL 185.89.210.122:443 secure.adnxs.com tcp
US 8.8.8.8:53 id.a-mx.com udp
NL 79.127.227.46:443 id.a-mx.com tcp
US 8.8.8.8:53 id.rtb.mx udp
US 8.8.8.8:53 prebid.adnxs.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
DE 79.127.216.47:443 id.rtb.mx tcp
NL 185.89.208.11:443 prebid.adnxs.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 11.208.89.185.in-addr.arpa udp
US 8.8.8.8:53 res.ldrescdn.com udp
GB 163.181.154.241:443 res.ldrescdn.com tcp
US 8.8.8.8:53 apien.ldmnq.com udp
IE 18.66.171.57:443 apien.ldmnq.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 57.171.66.18.in-addr.arpa udp
GB 163.181.154.241:443 res.ldrescdn.com tcp
US 8.8.8.8:53 229.122.86.99.in-addr.arpa udp
US 8.8.8.8:53 64.145.162.3.in-addr.arpa udp
GB 163.181.154.241:443 res.ldrescdn.com tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 97.136.219.8.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
FR 5.135.209.97:443 prg.smartadserver.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
FR 5.135.209.97:443 prg.smartadserver.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 apien.ldmnq.com udp
IE 18.66.171.20:443 apien.ldmnq.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 3.165.229.26:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 20.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 26.229.165.3.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 discord.gg udp
US 162.159.134.234:443 discord.gg tcp
US 162.159.134.234:443 discord.gg tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 res.ldrescdn.com udp
US 8.8.8.8:53 ad.ldplayer.net udp
US 8.8.8.8:53 apien.ldplayer.net udp
GB 163.181.154.237:443 res.ldrescdn.com tcp
GB 163.181.154.237:443 res.ldrescdn.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 3.165.232.98:443 apien.ldplayer.net tcp
US 3.165.232.70:443 ad.ldplayer.net tcp
GB 163.181.154.237:443 res.ldrescdn.com tcp
GB 163.181.154.237:443 res.ldrescdn.com tcp
GB 163.181.154.237:443 res.ldrescdn.com tcp
US 3.165.229.26:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 237.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 98.232.165.3.in-addr.arpa udp
US 8.8.8.8:53 70.232.165.3.in-addr.arpa udp
US 3.165.232.98:443 apien.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
GB 163.181.154.237:443 res.ldrescdn.com tcp
GB 163.181.154.237:443 res.ldrescdn.com tcp
GB 163.181.154.237:443 res.ldrescdn.com tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 163.181.154.239:443 encdn.ldmnq.com tcp
GB 163.181.154.237:443 encdn.ldmnq.com tcp
US 3.165.232.70:443 ad.ldplayer.net tcp
US 3.165.232.70:443 ad.ldplayer.net tcp
US 8.8.8.8:53 239.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
GB 163.181.154.237:443 encdn.ldmnq.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
GB 163.181.154.237:443 encdn.ldmnq.com tcp
GB 163.181.154.237:443 encdn.ldmnq.com tcp
GB 163.181.154.237:443 encdn.ldmnq.com tcp
GB 163.181.154.237:443 encdn.ldmnq.com tcp
GB 163.181.154.237:443 encdn.ldmnq.com tcp
GB 163.181.154.237:443 encdn.ldmnq.com tcp
GB 163.181.154.237:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 3.165.232.70:443 ad.ldplayer.net tcp
US 3.165.232.70:443 ad.ldplayer.net tcp
US 8.8.8.8:53 apien.ldmnq.com udp
IE 18.66.171.32:80 apien.ldmnq.com tcp
IE 18.66.171.32:443 apien.ldmnq.com tcp
US 8.8.8.8:53 32.171.66.18.in-addr.arpa udp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
IE 18.66.171.32:443 apien.ldmnq.com tcp
N/A 127.0.0.1:6467 tcp
US 3.165.232.70:443 ad.ldplayer.net tcp
N/A 127.0.0.1:6468 tcp
US 8.8.8.8:53 www.ldplayer.net udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 104.18.31.49:443 stpd.cloud tcp
GB 79.133.176.186:443 cdn.ldplayer.net tcp
GB 163.181.154.237:443 www.ldplayer.net tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
US 3.165.232.70:443 ad.ldplayer.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 res.ldrescdn.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.181.154.242:443 res.ldrescdn.com tcp
GB 142.250.179.246:443 i.ytimg.com udp
N/A 127.0.0.1:6471 tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.100:443 www.google.com udp
GB 216.58.201.102:443 static.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.212.193:443 yt3.ggpht.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
DK 37.157.6.232:443 adx.adform.net tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 35.186.253.211:443 rtb.openx.net udp
GB 142.250.187.206:443 play.google.com tcp
NL 89.149.192.192:443 prg.smartadserver.com tcp
FR 163.5.194.36:443 prebid.a-mo.net tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
NL 142.250.27.84:443 accounts.google.com udp
DK 37.157.3.26:443 cm.adform.net tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 192.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 36.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 40343c5a03e7236899cae4dbcbcf19bc.safeframe.googlesyndication.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 e2493b0191dd5133369cd33befbbd1f2.safeframe.googlesyndication.com udp
US 3.165.232.70:443 ad.ldplayer.net tcp
US 8.8.8.8:53 f3ce25e1a71f0644224d2c620b43330e.safeframe.googlesyndication.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
US 35.244.159.8:443 setupad-d.openx.net udp
US 35.244.159.8:443 setupad-d.openx.net udp
N/A 127.0.0.1:6472 tcp
US 8.8.8.8:53 mmentorapp.com udp
US 104.21.68.128:443 mmentorapp.com tcp
US 104.21.68.128:443 mmentorapp.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 150.171.28.10:443 bat.bing.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
GB 172.217.16.227:443 www.google.co.uk tcp
US 8.8.8.8:53 128.68.21.104.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 156.166.233.64.in-addr.arpa udp
US 3.165.232.70:443 ad.ldplayer.net tcp
US 216.239.32.36:443 region1.analytics.google.com udp
NL 89.149.192.192:443 prg.smartadserver.com tcp
NL 89.149.192.192:443 prg.smartadserver.com tcp
US 8.8.8.8:53 b11c25a79a6639b5adcb776bacc33519.safeframe.googlesyndication.com udp
US 8.8.8.8:53 06120f2c34c96e065709ffcea9fc4216.safeframe.googlesyndication.com udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 3.165.232.70:443 ad.ldplayer.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 3.165.232.70:443 ad.ldplayer.net tcp
US 8.8.8.8:53 csi.gstatic.com udp
MX 192.178.52.163:443 csi.gstatic.com tcp
US 3.165.232.70:443 ad.ldplayer.net tcp
US 8.8.8.8:53 163.52.178.192.in-addr.arpa udp
NL 89.149.192.192:443 prg.smartadserver.com tcp
NL 89.149.192.192:443 prg.smartadserver.com tcp
US 8.8.8.8:53 06e233669ae69ba3b515a14bdb106a3a.safeframe.googlesyndication.com udp
MX 192.178.52.163:443 csi.gstatic.com udp
US 8.8.8.8:53 d2c4b3389393916d4103fc46f7645a93.safeframe.googlesyndication.com udp
US 3.165.232.70:443 ad.ldplayer.net tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 d810eff7505266d260997de7279139ba.safeframe.googlesyndication.com udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 3.165.232.70:443 ad.ldplayer.net tcp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 7599322d53bb0437bd2e85cb0bb465d8.safeframe.googlesyndication.com udp
US 8.8.8.8:53 194a4201fbbaed88f564b3e0c2315741.safeframe.googlesyndication.com udp
US 8.8.8.8:53 428ea6c919d0f01406937923975ed7ba.safeframe.googlesyndication.com udp
US 3.165.232.70:443 ad.ldplayer.net tcp
US 8.8.8.8:53 www.temposearch.com udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
NL 81.171.31.78:443 www.temposearch.com tcp
NL 81.171.31.78:443 www.temposearch.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 uk.temposearch.com udp
NL 81.171.31.78:443 uk.temposearch.com tcp
US 8.8.8.8:53 78.31.171.81.in-addr.arpa udp
US 8.8.8.8:53 afs.googleusercontent.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.178.1:443 afs.googleusercontent.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 172.217.169.34:443 partner.googleadservices.com tcp
US 8.8.8.8:53 1b67ff0642759c01828d4165544fcdd1.safeframe.googlesyndication.com udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 ad.ldplayer.net udp
US 3.165.232.35:443 ad.ldplayer.net tcp
US 8.8.8.8:53 35.232.165.3.in-addr.arpa udp
US 3.165.232.35:443 ad.ldplayer.net tcp
US 3.165.232.35:443 ad.ldplayer.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b80cf20d9e8cf6a579981bfaab1bdce2
SHA1 171a886be3a882bd04206295ce7f1db5b8b7035e
SHA256 10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1
SHA512 0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

\??\pipe\LOCAL\crashpad_2072_TESIHILLYJUJXFQU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7006aacd11b992cd29fca21e619e86ea
SHA1 f224b726a114d4c73d7379236739d5fbb8e7f7b7
SHA256 3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814
SHA512 6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd21a83c7d154489b257f751bd7cc616
SHA1 1e653d7d232c21a04883df64ceb6100a1f28ffb9
SHA256 7443d8958af51cabddcdec471783788de6d341605fa5a315532c10ef55a46aa2
SHA512 97fa530b3b6f546fe5aaa83fd5ed7860072186a8ac0a315859092688049c26d789177e18cda5fb5aad307fcf5973385a45bbb29298242c132dbdb3d6e7b58fb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 33d2d7c68772ac14df1e9344072dfd09
SHA1 9aeb467f57efdda6134f5161a64317ebf7c599e2
SHA256 532db04a5569cf41d91b2d56b2fbd8bf5b81c3f067a40d5f1f3ab6c82af0c361
SHA512 6559c35763e47a68568a3693a9d91c328c3afd5e62159c9d169c5541c201efc6542cf5efdf6d32c133148fbe5e9e401fc59881befabbda7a02e3f62237f49d8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21f3f14b86d4438a867113af98fb5cc7
SHA1 9e3964a9e61d5945f379e586bc1a69b4367919ef
SHA256 b3675c3ef5f015be9a023a8f22e239cce59a5d2af64fac592e2663674bc76b47
SHA512 59a7c038ab8c58b262913332b7bc881eea8426df085539246cc70a600d73eae2c713c846576fad4143ac3f9d92365a1d78426bb7724db5fda92a2e6ae6978a74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 a5cc79fbd666432c461daec09604f082
SHA1 9a3df93d85aca657c5c8b60f9b4063128319647e
SHA256 9a7f91177674363a59d898f41192d993f0dab2ce2c93a180b6d1042ea4b9e279
SHA512 f93ebbb16738cae18477a0bd833098abee3a77880b8623ae2a462ee8e209487045121700e013dd0da1c7c3f5c9f24a56f02a5cba837df4ac1f33c9f6e3522c62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 038b3d0307f80830bed8c3a6fe1a3b20
SHA1 05a43577f6a9ffdcd00432b6e55203fc69e01bee
SHA256 89a2f366420244ca02ee23c63d3506c82aa71dc8c40c466c14c52c92217bd4e3
SHA512 60df78685e446f9f6197aa1a2895826a0f106cc0bc0232d1e198ce402aa7e416933431878e96965a1dca7ea8bbef759ee13abc84a07ec02d2c25b4666aef427d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 feee70946e06a7676bb9e7ed7a74150e
SHA1 b92c630a38ab7a97f6aaae860f896d95017d4dcd
SHA256 5062cc713913765fb355e2d0ddce39b9d118e97123687ed08dd9bc9d414a3301
SHA512 ee1048d3bd30748557970df899346d207c304402bf224320e9184eeef928b989986d20fbeca551ec7ca8fa7825bfc421b5030b6e9af683a3cbafee67bdb2f0c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 d155610d38d34dccd977ac213ab42e1d
SHA1 a343e08abb19f7d4110c64de08aee504cac318d3
SHA256 6ec5dee6a9dfb42ef97cd410c2e3387f53d2eff7d1fcf159f96b5ab129036ab5
SHA512 eb735bd87238215d54613f6065e61d48e1578908117af2a215b88dbdc3c4d155cd2b60e035ff2cde17605445bd89129de07aceb74ce8c16dcd355e4214986c8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2e2df87fa21342b06d9a54ad9978bd26
SHA1 2855c58a38646eb105fe5ec94e401b743a6cd32e
SHA256 482ce0320c52b3b4e2d8693da8e2eebdb33f6323c281166576bc9c0d5575a60f
SHA512 9be4aad7b4cab4555437d7ac25dd8b7b6fed68a6af5d14342c967e6739c738574126d7de2baeb7453e499980da92f07f2838892544545e7a5a76885a9be532a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f6c.TMP

MD5 2a9bdc2b3f6fa1b3a4dbd0abb4ca83b1
SHA1 43a1a3e45f352eecb818cc5643c9eae1da5e4ed7
SHA256 a748e3687b672a1e22bf6b3fb76d3ec45c6c44f9c78d279e381681dc396358f7
SHA512 55f7a4d2dbbf7430f57d2ec9b2cff879dfae51a53ea856f2048c6ded978bc712e2a4bfee4749ef8572059e62e5b8830eaa7d382a30403d7409d2d292270310f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

MD5 74d08f3e49a4210f66236f4e84564a65
SHA1 fc5232cdcc3689d1f26ddf1fd9a0d567b8cd4bea
SHA256 f224b59ba25e458e2dfabb559d1e338019bb0f82139768561b03e42d7ebce7e9
SHA512 ac233a8d6a6b0a2894c89b33b7c159acb1084a06d1c8956a337e1c235c74f635b42cf95bbe723b2359b3b8fb09980dbe17f11e46f777749883af78cf5885f175

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

MD5 aa521e4e4c27306805ee2da1706959bb
SHA1 f2d27a4dc1eee1b9abbc241f7c20678c03c9e775
SHA256 ffec638750b623b96d54bad5e22d02efacf39d617e92747f603ff21b57da9b04
SHA512 b964d5fe188619ce4b3aa1493588d501bcb464ff574d4ca3b3d8ad34709bb279b689d386ca2b3658d1caa04d022b82b86af01dec6d811bba8e0ce34fec6ea3f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

MD5 91754b1113e2494f53cd63689ef38101
SHA1 c16c1f4b9c3172488fabca328126fd4feede7f95
SHA256 6026896c47c91beec5296f0477ac2cc08e63a7004fbb55b955d78b29da123384
SHA512 ddfe21ec8aa28fc5a76be0dd12851eb76da5a6e2b591c5659972ea978c3033b3e95d9f89426f7fe8b70edb1701be5a35b64176a87cca6412f4862707da6a4efb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 05e9679509b61424a07cc4d4efb7247f
SHA1 db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81
SHA256 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b
SHA512 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

MD5 1aca735014a6bb648f468ee476680d5b
SHA1 6d28e3ae6e42784769199948211e3aa0806fa62c
SHA256 e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

MD5 ef6466ff0982f49d4767bc3fe324e6ca
SHA1 a38515587090ca3e995343184b5625f6afb31396
SHA256 9a1ff99f235a6f3c46c7488bc0ed43cfb06ec6553b60e114dd7127e812c6a5e7
SHA512 681f2688778ad67b21a8d9e8e90411914673134dc39cede4f9fcdcc9d33fa99fe3a0f8c4949c68748cc92adeb8a55a169b7a610faef488c5821a6c886fba17e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 948f15ca16830ed2bee6619df537be9f
SHA1 ec28e7403ceb608b8dcc5541f0be4f7b913699d3
SHA256 5d2fd66457170ba3278adeb631945e35d4b9ea04a781120e98eec463d48d3cd8
SHA512 1b8d6a9ed30f48a31d4e50069ebfb1303f7a5c4de17ce290152d2a8997dfb2ab648a708263d359918e1cc3669b6d324dc373c1515e94a68fd8106d9c22366e97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 a38c9206d825e8a2717482fa597ab95d
SHA1 49c1b7f03931a3fc704ca851eec93d0faee39a3c
SHA256 cf3e21e3a888c6f1079295a535a4ddc3ea893b1e60fd57d1fd3227f140c23dff
SHA512 8b38730764dd6225859f4c6821e98b8331e42db24a775e6468b05c91214009987680aec098471c1e524676d721c3a7fddfab08beab601a2206b696563dd5396a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ff5a76ae9990d640982aaeb426a41630
SHA1 48170b71e56cee63c55cd477540f6ee51487e90e
SHA256 2c8898efe6f40e1558e1b2f2f490ec30f55893470a0abf5fcc48e9f7a9a5ee80
SHA512 85a0e3c744c5228f8b2acbe5e44328abdfb1973a9503041fc6fea4399986560693fe7f4f66a539ecc5a468bdc6629c3796584614ff704b9df8d6035cf288ec9e

C:\Users\Admin\Downloads\Unconfirmed 278086.crdownload

MD5 a64bd549d95bfc8be592833460f79fcc
SHA1 0aeeb9507ed39f14d82149c56011ec3aaed1bec9
SHA256 d285b5242f4583d49c63a7c7f83a72f082ab395f9eaff674ff56c8d2d0fa063d
SHA512 767bffb8861e81ce61cfec5b0462f6a62cf86d9fca8411126b6ee3f43bc7fccbbffae8fafe293e9c227f297d82562d70940b441f9d541e35b66b972f2b79fdae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 30289d825d93148a4ac7105e093027f2
SHA1 784da709430bd9741b78b78562d3d9ef65d35a1f
SHA256 78c899e4f11be48c5f8a1a8dd0dab271d43fa8271052d615c89377e1781c1647
SHA512 100b91a03a3b4d637a56434a1a5a6841bdabb466f6ecd7037e3ef3bad54b56493035271f886923231a3b198bb9c1a31328356fa7a4a0cb1840ae85e4a2347125

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 296e0e926181e3d8e3d18b0780a9f6a6
SHA1 440b8e99a5370253a2bfa721ccf18ff8f364de16
SHA256 2a9226d6a7a6747fefa8d1d15a708fd64f5287b3c081fda0b1d282f98ebfaa9f
SHA512 923ab521f785171079877179ae85c7160b9243d37e86981ed530f51a3f05272e0b3d97ac0ad1fcc8916354ab46c2cb3f66be3b555bcf16dab1eb55d3b6e070d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 78dda3eb683cc331f266cef9f4fb2ee0
SHA1 eff01588ad47208e1cbab924a2cd602b94fa795f
SHA256 cf2cb2c2633eb7d7c161619357f84ae7236a91faafd0f3a235799f905d962a07
SHA512 bc40e08cbc8ee5c833aa174a9b58ab0aa8ec13c78361415a0d7453505de2ee058bd2fe4544e2395c68b9bf052e467fb0ef2e59a4db85d4bdc02c4b82147e5c6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f1284fb5c923c2626e11fabbd672f82e
SHA1 406105dae19c3fbe365a76f62e475ff0997ddd32
SHA256 42ecf7cfcc0a4ec0222a472301600c4017b49247cf3850e16b4d371aa4a9eaf8
SHA512 2e8be1cc6283b73ff0dea320425a565d317649afd27887e0f503c744966116a9266052ae08db0f468c12adc31e860e99bcfa7ad55de7a73f02b42c9f3255ee86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1651f84719aef36f10e10bafae784a27
SHA1 e25729f8e33a08ede4ca4118c9cd7e8ad4145a50
SHA256 40e55dcaf2917e89e02a4f5b9056394952b775286eb5abd1d0f11343b6a03f24
SHA512 5d537c37693d4681c72bd92cef8f72d7910acc8235d3db206cbb5e7ca0a6f9be5cd02135440d72ef881f2b5a29f3e763ecb3990c070e77f264a8d6ae72a5061e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b7d6ac948b50fd5b9f5112dcb7e8921a
SHA1 da07c3bef281d28345aeb2d3e99b8b66d0409ce0
SHA256 0aa659d8782706176acddc995a1c81fbf0f6d470a74db0d38887895563844a61
SHA512 995e67a8b1be2ae2e4b41b9eb864d506b373edc7994673886c96ee8c64962a42bc85b02610274675331e6c0db58b3c9409b08751c8d9cb52468a8ec409d472c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 c5971531f18c2ba244d6d29ac1c0a7c9
SHA1 b771bc8d04ae30dac815b9a4ce95610fe571c609
SHA256 5e1902602f28a93da315d45e363dc5e4775677e0e61270394c4c64df3ef9e4bc
SHA512 74ccab7839ce79e0a8313f09599af7c9167d9338740e52ebfdc9aae941812f47b21fe35f85dd6f0df0b75417146e4a46d565ecb96e91b705c3f76fc2704d950f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 e6b63a478e9a077e286a024e9f795148
SHA1 2482a0a620b3c38f6c24cf5205e5e7579475512a
SHA256 42596916431c2a9866b19ff048f15ce7ebba0f2b0af85457d05209e4d527e87b
SHA512 199e2c0d75904f98e0aa93bf537bc48e9a4736c40aaea1f7e4119127243e142825df0e9ccada949d637691338032235ce914e8b9793523f59891e4ee8da3e534

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 cb24dad35e4c3a58649c42c732d40fff
SHA1 5c71bbb63a0505a72b2884d4d228f25ed80e8222
SHA256 f611cb66154078d9abe92b692674f7f5a4222a3e2568dd5066299f442c771cfa
SHA512 18350679868a826001802fa7732eb66d6a4951e74f2ad45fbf0f4a07237c2ec8aa3ce38a730728e5fc10a804493f3a6a1d1eabb99585b8ec13e533aa5a895029

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 3d099e65a158b534f59edb1af589726e
SHA1 0e28d2635d2ce5532ea8b8cf85814df268d149cb
SHA256 36a532a13939ab01fe43924d3e5541bb78170f9a24cd9acfd8ff08bed9626703
SHA512 fa741e01930c9ddd70017ccb9d6a8ae37287d9593eb74156739edf1cff06c8c9c432b252176b587e7ad47b581af58502841d9b0c34c36ef76206d179597a91fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 db0eb45b0336b8ff90c8830adea753c9
SHA1 f63a3d0075d4e6d99a58eb6b67959c33d2685fb6
SHA256 63cb447de2d8924e5eee9643be6bfb46ce9fd1c57efaa4f2cae720c72764f00b
SHA512 515e47e3f84339bf45dfe748f37b53af6b3b56331400b45ca6d6565bd2c6cc29f0cb5282ecdd983490b35969d0dfbf0ae9a4266cacfa53082645840bc3ffecc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 4d40e42454eb254513e6aa3e889378de
SHA1 99024247299a03bd15e7ba57edb143a36b26424c
SHA256 d8fa7ad39fc854a69eba556bb1e7fcbac30c602193b94bc69e81b200bca437da
SHA512 7163657cd87cf9095725a6f734b1e6d5bf8f19aa1206cf0ec8fc4af419b4e248129c0221aad5b411b26472c98fd6179ef6a97ebb26e45a40a469a33a04abcaa2

C:\LDPlayer\LDPlayer9\MSVCP120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\LDPlayer\LDPlayer9\dnrepairer.exe

MD5 cee286a3b75e2e3b92359a54a129a8cf
SHA1 d9708dc4a44c32a25d31eb93b7e0627155c5a871
SHA256 d6f0c9d7efe02de528a908285a989cc41903bc34b3448e5638af551ef12f77a5
SHA512 daf84e165437170d2ae029f2092ea9dbde03d6a34d85ac710e679e560333f8c17c6a2fc16ad69adad36ccf29c462f9c92346ca42e163e7a8c4069253456f06c1

C:\LDPlayer\LDPlayer9\MSVCR120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\Windows\Logs\DISM\dism.log

MD5 8a51656297a10ed31ba993fccd386f4b
SHA1 01b9aedc65991cef30135b16b4d8c57cc34a5ff9
SHA256 58ff6dcbf4fb84dd83361f7076ee4edcb19f15b5f52b055fbb67d45f4af035d2
SHA512 426902be913fb4cfda1ccb580dad9ce34696974f71de91ef66adb151fb648342ed8af15f2b0f41a90574a87fb66533bdd650bc0caf64c8f15b2fac05ee5a1230

memory/7084-1990-0x0000000004C70000-0x0000000004CA6000-memory.dmp

memory/7084-1991-0x00000000053E0000-0x0000000005A08000-memory.dmp

memory/7084-1992-0x0000000005360000-0x0000000005382000-memory.dmp

memory/7084-1993-0x0000000005B80000-0x0000000005BE6000-memory.dmp

memory/7084-1994-0x0000000005BF0000-0x0000000005C56000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c323lm4y.agt.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/7084-2004-0x0000000005C60000-0x0000000005FB4000-memory.dmp

memory/7084-2005-0x0000000006210000-0x000000000622E000-memory.dmp

memory/7084-2006-0x0000000006260000-0x00000000062AC000-memory.dmp

memory/7084-2007-0x00000000067D0000-0x0000000006802000-memory.dmp

memory/7084-2008-0x000000006F540000-0x000000006F58C000-memory.dmp

memory/7084-2018-0x0000000006810000-0x000000000682E000-memory.dmp

memory/7084-2019-0x0000000007440000-0x00000000074E3000-memory.dmp

memory/7084-2020-0x0000000007B80000-0x00000000081FA000-memory.dmp

memory/7084-2021-0x0000000007540000-0x000000000755A000-memory.dmp

memory/7084-2022-0x00000000075B0000-0x00000000075BA000-memory.dmp

memory/7084-2023-0x00000000077C0000-0x0000000007856000-memory.dmp

memory/7084-2024-0x0000000007740000-0x0000000007751000-memory.dmp

memory/7084-2025-0x0000000007790000-0x000000000779E000-memory.dmp

memory/7084-2026-0x0000000007860000-0x000000000787A000-memory.dmp

memory/4344-2031-0x0000000005840000-0x0000000005B94000-memory.dmp

memory/4344-2039-0x000000006F540000-0x000000006F58C000-memory.dmp

memory/6928-2059-0x000000006F540000-0x000000006F58C000-memory.dmp

C:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\LDPlayer\LDPlayer9\fonts\NanumGothicLight.otf

MD5 e2e37d20b47d7ee294b91572f69e323a
SHA1 afb760386f293285f679f9f93086037fc5e09dcc
SHA256 153161ab882db768c70a753af5e8129852b9c9cae5511a23653beb6414d834a2
SHA512 001500f527e2d3c3b404cd66188149c620d45ee6510a1f9902aacc25b51f8213e6654f0c1ecc927d6ff672ffbe7dc044a84ec470a9eb86d2cba2840df7390901

C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

C:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 fa2c08e402cc1c1fca849ba2e4eb56aa
SHA1 133dbe827d469e8dcfb792734f1fced97690efca
SHA256 bd6ed960624c4ffb99ce82611f23365733df329b1ff3216590292ee8034a4421
SHA512 d96f84f06784f6d2c2182301ae4437303f5f3ab8936e6e3512606c28cc99de268bd186a4eb73b092c1e54995fa849c38080a26fe6dc2b8c1e7171781677d3eb6

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 38f88ca4211fb378c41412c23af886e2
SHA1 7c904c5fdf84d13ffd47703be39380861b5a6a7f
SHA256 6b149b8b72bf3631111f0e7b95b4dbe2646b786a3de1b414110438927d3f9c38
SHA512 6ff289ee872bb96de9de4a3ef82d043f93542545f1555885bd4b6aa008892a8e3fd5f59eb4ed76a402aaa884989725168206aaec6582ea37bd556e7f642d681b

memory/3512-2185-0x0000000035FC0000-0x0000000035FD0000-memory.dmp

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 395970be72d1bcc7755f95a04b3b303d
SHA1 f4019b43fd95f1748e2392d5cb1aa4486aadbc13
SHA256 5fa3f4cb4f4f603bd8b9a538b54658ebbcf9198d99f2b0e1ce447322b22fb312
SHA512 2f4968b8564bd3bbc624a6838ec33de22413afb8711e08cc36b082863f4e146212c1b6173921ea110c65a0dc20b97c9e187a8ef006005711efcf4237db0bcd1e

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fcb0c39c493d46625df1bf75f057222a
SHA1 7a758eac235b8984ae29df5247a7c1d8f8012b05
SHA256 2010736c65d8f92a4dc09ff53fadc14758451e86f1ce2bb4c17502f1541d399f
SHA512 a3b1e684e840f1d19c963e2afee8138d1102dba531b2f2bea2b287480052289065a422328e9e7d56e1179f561b20a554f574e262ea6e6dc7c29f6fc007a9db0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8c6c92a5c0133cc3dc0377792a682199
SHA1 3bc0cf4ff8e57354447e755d24144f4f07c51345
SHA256 c5b1d34f79ac2247f65e2cd69ac4441522e6715a38837895c6662ad5164d6c86
SHA512 e36f4eb426942eebbb58047bf4c1736f27888bdf208e9460f398438576284c22cb347ab9272c8f24db2c2f1caf06c336f6a7f2b0475655f922ca25287b8df915

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be2d874bfaa2794314c527fd03de5a22
SHA1 de1b9467c1db084fc93f18f63238cc0a67f4726e
SHA256 110f07dcd0ddf8c993a5a1fc53725dc44afe5aaefaeab899c9f76d648cec5bea
SHA512 e287babab98d086acbf19e2b1ab6372747b50998706046e711f60494352bd4ff5f561f27e66db9e50769d589283ace42b8c515162a95428bf1a98e29163dbfcd

memory/3512-2320-0x0000000070BC0000-0x0000000070C3E000-memory.dmp

memory/3512-2321-0x0000000070C40000-0x00000000711E6000-memory.dmp

memory/3512-2325-0x0000000070AE0000-0x0000000070B39000-memory.dmp

memory/3512-2322-0x0000000070B40000-0x0000000070BBA000-memory.dmp

memory/3512-2319-0x00000000711F0000-0x0000000072BEB000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 06d82bfe795e2dfbd3b78276c26db4e8
SHA1 96f5452203e64fb08d2a55b733a652b19d80c7c2
SHA256 23c7a6a2057149e2ef23dd2046a5cd59302727f6160993007db441001a3abc35
SHA512 4c3daa5c3d8832d928239b6294b019b2aa033f739e11efe2d0899e135b2febe3c6f461d418d0fd39f95d98cc83a4e60c9598f63f36706f070d1c5348b9ffa6eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 26a16f9a9824edd9310e9f962bd28a22
SHA1 e96541a91a7ed2d3429d9e3383fc503594f4f206
SHA256 2caaec097618eb9a612eb5866d4a70672bc849dc75990127eb5f14f988fa200f
SHA512 2248fd3159d2becacbdde99bfb2c0e637cbbaaca2a779d6cbd8eeb6fa10345bd241bb3d86d1143e28efafebf066821aa7b304d67ef1667a6ccbd7426ad22113c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 b093a97cc0320dbfc47a8ebd5afc03d2
SHA1 7d3d0d78fc1dcdf2427b0f3111a78bdd9f3b01fd
SHA256 4fddd93b3d903de9c3646243a29d57b07b3a4dec2353d8707f3b4dc873cbb495
SHA512 edec8e02fbc8c6a661d401eb62f95d7b92593cd1a754aaaacdbd5ffb0d8ba4d6bee517de7830f9edcf33479f5a095169eb1781237b14c4bc265cf0fc5f52f315

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 fceba656f5d1bebaf438f5ba3c25b4eb
SHA1 e1b97c2f9659f8cdea7e6e613e7248d4e43a7807
SHA256 62e64bc06197e88c89a678de3c7a4f5a927ad4327d03c1cc8ccd69a9a324a8e5
SHA512 60f75b9fd1e19e06adeea58e2fbe279dab5478361d81a4a69a1d104060eff7ad32ad78df34e7bb117d2578ce260c40ce307e150f584babcb3e0631bb6397291b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 c09b23a10ce12c0122b6a3d52f576059
SHA1 e214c79ade2ab8e5ab7adaa200cfe982381cede5
SHA256 335edc4bb8a28505e6fd253fb1f147f7541de511336120e7908a5b3217bca362
SHA512 0a27a5f3a6fb52d6afc044cf568b17a737153569e914917418a800a53578ac8968031e6277b6fa3d00860469530ea5a0633f1ac0ef27476fed72094798b1e463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 720bd519a405ee75239ff7fda90fb5e7
SHA1 4e3124110ef8839c319779877aff02e3cd9a6a0f
SHA256 19e0a2c8a6b9437a392ddc3e4b00dc7df56117efd0ef307f747589979ccf5fb3
SHA512 af19f96c5d27c45c7367508c0a06c7d62b17f0969e4ae44a10072f0e8cf7afaf3480203ccf4198eb62e9e253a721751931511b5c1d8eb8d22405025d934befdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 463c66bf0cce1145ffff7de835f4fc88
SHA1 774e8b5bd5846d84d31447feb326d2956b85bef8
SHA256 91377045fb4c13198cd8ff977f0bbf17944de098cf56e1ff918821791dd3d125
SHA512 5053e0ef371b78d4a663961afd38a5f313a81d3de6190504976f177f83950a47b0ca8e5f0fa35ee46c213f5024bfe208872ff6359dc98816a7e10f8986d0df87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 a7f18ced0b7ae5afc8646ad46af39dc1
SHA1 25b7bd51226f7684762b2ae2edea768086651cce
SHA256 d4f3edb3b631a952d95ee8135111be8de4b969581bffc465d1bdf7d92eecc38e
SHA512 cd03e35b0d75fd39343607ab487cf86420abad0c91ca6d9d4803ee942eccb3a5a6983a5f1bd7b0bd5f7921c61c05c18dd4ee6fe8621fc5f03fcdac9c53531dbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

MD5 8354249a52de108a0e1e4dba57bdb865
SHA1 f6de6520cbdf363f4ad00501e56e7b162164a0b4
SHA256 7af4110ab66064313829166bda677b435e70ed65e5a2f870656362ec13094eb5
SHA512 3cb5ba4469478cb0fdfed17c9ce1549cacbf623690a48d328376d7e3bdaac8cb31a89b9035c97fcf873ec03e9bb544d9d3eb6010654643237e71e2fa6bbc5d1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 5ee744b45a0b750b00065a7b599b4c31
SHA1 5afa5d067c151144b9b1d6a9956f9f5bcebf39b8
SHA256 94b2e7cc9d12c51a05c83858fa59a828462acf00aa715ad47e24eda5bcb629ed
SHA512 f0d00a873003f39fb9b29527843b4c191e2083b5d5a5aab2bf69d1a6c057df846610a29302fb81655f3308a96191ee82ebc201609e1cf193a89929491fb7c678

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 a5fc1a2b620728d15ede42fc6a442a9a
SHA1 dc3238e35b9e69f8352bdcf975140b0cabe68c24
SHA256 f59117567529802c60528b1fa9bb55fc141b99a9e7fc542f0d5e2548ead79f08
SHA512 c16b81a72e2bfae655fb25596d78cfccfba6904e4f10f95ebb5fb45693b5df87a8176a842b44cb0718cb45b4948d3042003a276aa0c209f874e0db3806573ba0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

MD5 2f0df8dddbf34221926f8c81bf7b1d94
SHA1 4fc3cfd5a0ce94cc99c4160dcf533d0815457434
SHA256 842582e3fa4bfda598619551de51fadc9ec9b15bc28a9c30e7f2a6c2d5987c06
SHA512 33ee4ff4f076b6976fd8e7032be7ebecb468c0ece156c1460401bb219703e2da57400967be44cd2902eed8bd59b5e3f2e79bcf00b3178ba232f21627aa1001a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 cfa2ab4f9278c82c01d2320d480258fe
SHA1 ba1468b2006b74fe48be560d3e87f181e8d8ba77
SHA256 d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e
SHA512 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdff3907e497c060_0

MD5 47ec4c662d64eaa4e957f4274377d7ea
SHA1 b3448d466beea4f744f2fbddc680e938c48bef3f
SHA256 4dcff23d32d53ea43f9175d7d5eec53c2bc00ad2f176a7e8e4b8bdbe492b1cdb
SHA512 ae622393e25dadf731c5e6f1b29e3f4d38f8c1851670c613fbcb170a1b02d9f2dd3c35172c8881e21c868596126be60b05096662399777595d833b47667bd167

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

MD5 8a42ba5472aa4afa3d3ac12f31d47408
SHA1 2add574424ac47c1e83b0b7fae5d040c46ac38a7
SHA256 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4
SHA512 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 934620b2a14f6afa5a962d98bda636a2
SHA1 67af007d4bf958077dbcba016eb20d39726660fc
SHA256 f56968d51a952b727dd52313a2b1b659d5edbe5e5777042793d8dc9cb10af2a3
SHA512 13f9a8a26fd3a56f1bd4f3e64fed94ca9adc65d00deb9727e8d29be091d84cc1019586d5d636766812e6d127c2986f230559e468346421da449cbdfd87ad0c80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

MD5 6b04ab52540bdc8a646d6e42255a6c4b
SHA1 4cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA256 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA512 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 0aaa843cc75c1de6f1fd7e2383f529f2
SHA1 05bf143b610623e1d1227d606c33fdb72248e2a2
SHA256 af7a9d0a1c78c09c3e88f25e9127d9fce4cd2279cc39c7a0a59f50f1ed723d2f
SHA512 10e5059da50646e5a046c8596e68f7a259a271317bf3b9adc1f75a41374834fe8af4ad24ece2e39c234743a9a8b1f9b970aff4239522db6d180729487d3ae0a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 b3696c85ce4fe13e866b19c3ddf0e9d1
SHA1 88b2b575ef4384cc467de6380de18c6ef4e74f5d
SHA256 e31460012085e6b435189f927ccd3ec225967583de62fd1a9f3dfbd080a38f69
SHA512 6d491b4611847d91db5fe7c54b829ba0ad98ff4aa04a213b3025125ce63bcd6f4b78ccc466bd66238d637359676085f4d6381331100ebfa5f4b34576bc1f146a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 847c4e34c9162acf4b6857812cd3dc2d
SHA1 d4ee14a3794041fb661cb8d497684c3a30032f28
SHA256 bfd486b27ce892b5c77ca52d096a02020ebdc2b10615a53ab3dcf77079ae2b88
SHA512 2a9da1bb2e7010abc28a055f778e62a7282a9b215793bebd56ade2cced2dfeec6ea29b5d7a2c103e33fc7251ca608ffc5087375da3dddd3421e79337fa81644e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

MD5 4165e15c0e8e7f5313aba85f1fa09233
SHA1 15566d6448757cbbf77ba502d1451b9751a9de0d
SHA256 cb66c6e5653cc31df85d918477a83b8ce0e896f5bdd5878a09d00810eaf9ec90
SHA512 ee14c5f30f35b0e40d8fa082fbbbba642943d1c1039f7bf8c37ef83fedd15495946150074a1c4b603e581be3029ef9fa1e78e235286aaf276899823ce025bc19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 ee388f5d50b1310c2a2cbc7d021b61bc
SHA1 4d560d8fc86bec64ef1777ff911909f3c0d0c0a0
SHA256 ae53ee26ca19ff0a2260ca410daacf8acd81a376c99e54c51d1b3853d3b55cfd
SHA512 957b14ad6d470ad941b1e39161328882c779f30a8e9565860ae7faeabe8f2f4c01dbd147264306c6b825a34fb46a0ce6580191cd058272ba8675b81db2318f24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1d5aec48789dcd7_0

MD5 e606a3faf678d9b39627b81f87edfcaa
SHA1 e6eda00d977ec56435940441686d1d509132b5d1
SHA256 4d497734e3c287098951ac1d0fd07bae3c515b62a6687ca99a621bd14a78bb4f
SHA512 875f1cd649efc939397f2e941fa4f723619f56dcacf3774f94b99a95bef7457be3d52fd518659732b62493a765916777df2b2358a7508d2c15e019710449a69c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e2b8b60d7738ea6_0

MD5 57c21059aea3c66f054c738934643da4
SHA1 80cdd95c25c57ae3cacfa4bba688af79d413555a
SHA256 a1aba143b6039d26636f4aa9274e8e92a12cfa54d04147863997723b08e37837
SHA512 5481cd9b0184a22e4df97e40ea42b860c04c41812ce0bec0589f4744347f532ba6d2eda303986be92b7ee5cebf33ccb60b90337ed6783bc4f16076d341ca6f7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

MD5 d4573f829b4f14307ba330cb30e84a4f
SHA1 914f31667c202743a1f761d6e5d97af867692822
SHA256 153998221610cf51fb52561639d94a86a7e027225571296ce96aa1d716916828
SHA512 a2df48fdd73f7615c370c063e175d76f35c3e73e6c7b06f8c96c222b0810ac0694044084dc824f57c4a67dc783fcf92412c89927abb358f2c4af260bfca737bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\66df74b3a5a62c69_0

MD5 529fc6180501912cc50273cacd6900af
SHA1 1b2406e4d60f59a075fb649bc3bbd2c4c3220e5c
SHA256 05cd0f9e89787da04a69881634389e51a4c23363691f4866a0beaf8f35bef017
SHA512 1ba6ada3b6b617337b7f1639c799c704ba87a6d6e1811e501884b96dcb77f335ac7243284df0b7bd739d97da028ceb525f220a5214a9b34300b6f4993d1c3fc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8172256176818c44_0

MD5 9391a01afc107f12a9fa5382d41c810f
SHA1 f4dada29fdc70b3828197e8b6c31962f963406f9
SHA256 22f3c58d6c92c64eff471d5c1fa7b227920d0fa56c48fb0d22be59a6db817a0b
SHA512 6c526deaf998777b0ab5753d4124eab3680707ec7eb93aed1765ed0c4dcb65edff5d706e00b63a2502a621de751108da096127edc22648519af92b13fa4ed6e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\689471a49c9589a5_0

MD5 84ae1a2ffa6fef83e57b226a3492c939
SHA1 035bf0a1a26263b01eedf2c326a15665da3df52c
SHA256 fbfb995e772232c8f002213dfdbfdcaa97437c87ad5762ba1d7c8d2eb796aa57
SHA512 be980645bb995f1b98d0936869b89fdaeadee3d83d3e3372c34d3eeb8f963028dda80637954adfeed6bf64f7bbcb8fad50721618e36fc5429af355fddc80a350

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

MD5 a0e80d593e77c9a87c4a1140456daf7b
SHA1 bae7364e48a633dcba90293670489eb422a54e97
SHA256 953c84027fedd064a40f44e885941f619d1eb63530f82c29f084fb4bc68e340c
SHA512 b07eac576c6045563447c7306f84ac4dcc99af68ad261424665766ed55a85a9879627aefb0608f50eb0c34c80367a6db72b7ca1449ff25b9be57595311c1ccae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26194a6bb1db1642_0

MD5 0a8159f5b065c8306f6c82ded767f8fd
SHA1 3c869e181d75ed76b83a13840a5622f8cdb1de0b
SHA256 fec4ff3e7c510a271d9f0ee3fcc1cf8e159ffb7acbcc60e960ce0c714af42169
SHA512 6327495a661c4e66bc8d496f83242efd95c62c1a2a2c0756278068437b449a08ab108b4e80fef88a8eefe9a6b7ed3981eb7e5317f7a50d77d7cb4e8ea261b538

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78cbc79e992c9bc2_0

MD5 6e6c7a27967aeb1a06afcc227ea967be
SHA1 7ae7220b679d761d9c1b1ffa5a7967fe4f958f89
SHA256 275611c88c9e56d16404c52b10118ac39e52261457b4656ca8f61f09d90d1e69
SHA512 f1d89f084d244cff5f6d8aadb90841309632faf7911bcdb059949d5a866256e39fc337c4d4e31cb0d7fb297cbbf87111858be12c6b246be36b91c2a76d5e3d50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7ef9e06abb9080ce_0

MD5 4263832446dd8ef8400ad9e9665c9869
SHA1 85b12c7c583ae2c4646d34e5e19e6fff49b17c6a
SHA256 f21a2b778e8b72924498ef44c1ac103be4af02d26bd939aecf82c31cb3d496a3
SHA512 c9793a7d3807b75914196b41da7b43c247d6489b5af4b1d34c4a73fb13241385b378441449a4e21f57487cb37ce955698b081506f50bf5c1efbfd1ccbffbcad8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cedbcacb50cc047b_0

MD5 8c2b4e9df05bd913d6b9a42a65daa489
SHA1 921c416ea3c043a84a8a43ae624024d8d7b20355
SHA256 5c113382ad473c489c79c4d4005764ae0ac8752df1df7e1c215aaa0a0ef20988
SHA512 7aa390857db41d16c67e58d87d3a7cd455fee6ed0e27813de9e95acc7ab8d7212ff8c21d748aefbd04ee335dcc6a03238a087a0b152250529639f2880430bcf2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92063f2bbd648a4f_0

MD5 fe28e31719502e9ff28d6410e75c247f
SHA1 265b05cd5f2aa8856351da58018570eeac96e691
SHA256 c3d9bed5cf5aff3f6deb9eda30f1402df69d120a5a6330ce60ab8d44d7e4c9ef
SHA512 56b9e2e73f510f98802619b13e77bc1b55274c519667c0841cf5cf6296eb9f8ace30ea72183f2e2cc3d6bdd4478473c1fa502928cc640389bf895ae28850274b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a5fb85f552512ad_0

MD5 ed13f6eb36630f3881d00da4304f94c3
SHA1 1c68cf3a5c7d3bc5f050e2ed6fbe5a50ece50557
SHA256 0e10193898bbb705dc80d14e251d09aab84c25ca8bee832891b2015beff6c43a
SHA512 0a4902228f3aafa442c376f2081c071adea16e66f1e1fd59ba065c812961872feca43023c1da6ae71b1353b3daa79445b04563271a2915ef129cc50e170f6f8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4e9e66b8a32fd8c_0

MD5 53998d94e5b514b63a9f0b90590a9cde
SHA1 0c4785a85068ff8026c325abb8a886ef2e4293f2
SHA256 f204767d9865ad33e0ba8db83e8770c4ba88d8a216b6e2b1b464ed07ea6666e1
SHA512 6da2dfd6cab7dea2d6fc47a7f4277417fa24a4843d67dbc3fc19b7d139e6d87c07c291d84f82faa3a7c6edf13aaeaa5e9fc030a80f4f150fbd8dd658b465e85f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635c5a48473ec11e_0

MD5 ef832e9224ad2d8c3d1ce107a123a906
SHA1 f0f1a3b7e465fa4285b0f36a332da660f5336820
SHA256 5a66db918455e554d5f171f3abbfc7c1d245bde2cd682e577c4a325a0e464a17
SHA512 c9e3c173b3f4cd74c5db29a8c5851aa071a0c3e62284ed3ee1c4dad7c73b0731a18b091cc3e12de825101ed6554be0064f5b52fbedd5c685084674c10053a507

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e5a299538970bf4a_0

MD5 4ed7fcbedeea9c4111b77f77746f1385
SHA1 e83ece807267acbe3615879ad74a3f73d5ea9e07
SHA256 fc51d1ccd6f3cd27229a6ce061d9db6cb4cae1c120f0dc7f78010794410fd9b3
SHA512 1d6323ad7ae3bec08f5b0db50ef3f9c1e8cb0b0e30c7f0bc9d019347ee18006895923bccc8ede6b1e7e6b08eedc466b87c5657a9e8b17309782b3dac53fcb0d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53b92fbc4d68952f_0

MD5 5ddfad92943a7b02740e4b74f807a2ed
SHA1 cce8973926291cca0a45f7a8c8c9bfe504064c08
SHA256 4ebc0fd3e3886d8e0b6e5c4648104900abf69cb8ae635dabdcf7d40083e63cf1
SHA512 bb4cdd627212031f617eedb8d8012404039f188b2cd23644237afbc8d074da1c7b39bb0d99c81a601524883400b2720f3c329d34ca336a3738c846d33c1c3bdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\802bfbb1eee3d9d4_0

MD5 e4b94ac500e7746d04a6474ae9c6a6a1
SHA1 40e587bf0b9ba78b2149b292b1d6f15dc7d48417
SHA256 64c58fcf0e534de97f17a77d63ecf3280eba4ff13c3f7fc4e792ccb1dd33a842
SHA512 f523416ec70a2aedabc81645c6e88ac81e3fe5d304210c05072aa904708f4941ce0c7ed881c4c8161df55d91d95775b2af7c177082f698afd209c50b084c6ac1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\224915b792d1eeee_0

MD5 aca9b1dffab6b4fd4b434c5a44f48b7b
SHA1 ac48bda1553c7185f69dbf8402e7d0860ecb8ebe
SHA256 4adafa018029e8b4d44e4dfa19b163ec86c3521ea9ef655b175044aa5a5b4eb5
SHA512 cd2447179bb1db474aae499b50b5ff27d2ace94c0fae6e1b5107a13dfad938266c709b61a0a7a448196974cbae9ca21dd1e5c3ca48430fa6d5a6f2d72c4e9a24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c644062b95acf88_0

MD5 99758ecfaf1b62e0b380b399b7876479
SHA1 58bd8c8929ff558119508e488ad0daaca53778be
SHA256 10e012617871a3279605eb9ba00e03bed1808c65405c8ea577d860065cdf5e00
SHA512 dc975d693957539df92622b99174489efaed276b89f441d34615437f7f26788ae757a58ec4d019b5b962b2b087fcec04b9b533e22869d951e2efaec273e143b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\07aad75a0a1501aa_0

MD5 f38054db745e25a792d6e1147ba2d7f8
SHA1 67acb2e30242744a8bdcb048c14cdf444dd0c6da
SHA256 66dcebe204d7d603216f4f8dccfd022355821f6901397d43170b2026780ff34e
SHA512 61b05a56213c646f257ce24ada44d08fcb8b931cfd6c1d250b1ebe8507b8fe6e239de6c8456fe550fe8a061ba7158dd878c311365d0510a7c7599ea0a3d004e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23051a30be234785_0

MD5 ba5bf1d0ab7cbdbe747d879c4b505a02
SHA1 bc038e5b84b37e76d24446f49e34be60f6e55975
SHA256 2f970a5b564f5e039c1fbcb8505d0731b025701f7b9e2da1e9caa5b7f0a58740
SHA512 df552e08d04876a8666b13104395d5d595067167da5f6b14d379f93e16cf15bde660e06a2a691871fa9f8f0dde5f00d0c0b83f7604227ad6149d1c119af09083

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83b2c7445a00f61c_0

MD5 6e718f832deb6c0f5dd9b707b6ccf7fe
SHA1 932cce530123b0ee545f481b36af229081c945c4
SHA256 7caaabb55aa036e5c0d3c11411a362c222fafb4568f266de760a2ac059379be9
SHA512 e92b32132bd48da65f10de76cc0ea9e4e915b5aa57b0f9c0c699f3fd29d3c189cdd012d3c4d6f3f610ae0da7473ba0a2a1525125b034423fcf3f91cd02fd5c92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d821854e2379af7ce7077cc671b28fdb
SHA1 cc58af71280b37fbd9091767763954e20320b181
SHA256 97ac50f11ceea566415b0930f5c425a93cbb79e399a3a4fe8e04ac25d95a5336
SHA512 b9b9b15ffebfd76ef5987bd30612c55816ee70954940041ae0d4e3f7489ecfaff6486225f7d9276f33f26d730cd5f7436bba05489b3840cd5e3b5ce904631572

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb7d4e00c2a87847_0

MD5 c8d7acc252e451bc0a46204ae0680dcd
SHA1 3963188e3571e4526c033c305daeef59387e2e57
SHA256 0ca8a13f08b21398fc717d17a735b9bd5c0146fc908f1d6eee87cd081c4921e5
SHA512 bd8484cc7cb2a0dec45ec7f31c2ede89300fca1905b24391170762dcb7967de214748c71bc40115cd85ac8d0e69e6d8fc4416db1993ccd4b7e596a0fddbb330e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce03f86b39affb26_0

MD5 07cddb7c305418438e66744be4e5df93
SHA1 a685d53a4ed2b257c53956a7e7dda32dd5b4abe3
SHA256 61da91f85e9c5b0aeda765fb7584abd981a099237c83e22b783dd49614f99b72
SHA512 f23323dbd8aa46cd923c2030aa72cc70957e0c62eda2dff359cdbbd340fe5f63238c65f7ad0336548f91659994176e59b36116afddb516e436f0da14c5beef48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\583501846d4bf9aa_0

MD5 528747dd3d118ec892498ceb41cafd4b
SHA1 3f854ab149ba6181b008196b5fc23d078854c477
SHA256 edee2a49f92c116451150a195bbf2d892237ed43e12e142156cd2c55c4f3048b
SHA512 cabad0f402f4045ae824a1f594bac8011b8a74d63c8eab8688badd9c450d573b7b1ae996ec9ac65a9a4fb687e2165923043c0d25954213603bf463ca88b5a3f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf3fc8ce1a143568_0

MD5 6006454f4ab071329b5142ffe47d25c3
SHA1 da97094fe09e3b737796c088af495a807c8f2eff
SHA256 8e174cfb25ec1b9c074a21dbc97cedef51bbec6a15c2a2e6c4123ae618cb2131
SHA512 3478de356a9f634559c63b1c84f4666cbabd02850d698ecfc74f34375dfeb9d9afd53573ed0e8fcd7142280367dbeaba0525448912ffa64b67c98b439a170094

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

MD5 c03ff64e7985603de96e7f84ec7dd438
SHA1 dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA256 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512 bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a64a9f07060a6a1db8d78bc04e0b15c9
SHA1 59335314ab7f662b5242c182aff9c50d365a7c41
SHA256 dd7d8998f88be9ec1dc0d5c4c3177d14a51cdd20fd159f20be08b0ffc83ef743
SHA512 d3df605c645587307af031e5933a3e7d1ee0a6a03d47bf8071b11b21c0ef9dda40eb17973a7061c7d280493b8cb14f1504473311d34b194a55bd9dc9626114b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 582c2984a2e3a69f8001b5ae7cebe738
SHA1 03cebe2c9d11e282c8e3f4cb2b500679bf009b74
SHA256 632812d7447a02ee9e6124243bdbb29374f0a716e83f09475f463551645efdef
SHA512 3cd6491275912b5c731b3205b84e905952e9ce87ef8ee57f38491f664efffeeccdb0ea2227e3cfa5b4729c72937c81c92c8c075c9fdd497efce2a099671e31be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

MD5 f0f0d0ca6b43ae9a3473001b27b53512
SHA1 f4b84f305bf0cb1670186eb95af85c3ddba653d5
SHA256 ebf4f51255387d1ec395571499b3e415c392eccad756d63e084609c95f843b88
SHA512 50a097f068b47d5c2139013565801aee3b09e0b24d38758e3e894ebbc083126d20919e46e919b0f5aa9ab471fa9828fbb78bb6fdd60cfe467a072491025bbdd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2667e55261d86d3_0

MD5 61ffb6c4800c6f1b80cd80141ff3e10f
SHA1 8bf18e409cd3a8320b4b23f56ee98383fdd15367
SHA256 6a3a0e687d353fadb42864e3ce71165d5469f59f26c4d746cb8f8b30776f8062
SHA512 c10bcd02d0c2b3ccb86599f204320cfbc0f16ccba4eee00636bbc65b7a38935f139f92a9b964e26d7bad1fd559796dade769a21b94db26e693dd3425c69e6bf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083

MD5 a29afde61bf49e90b1fcf6d121c05fdf
SHA1 1bb7ad9e012d1fd6efdb21178960a20cfae12c80
SHA256 ea52f64a22ffea8b40e905928c4273ec9a9f4961b307bd35750b9c4fe84a7248
SHA512 c0df15dc65ebd270c3a294d2fb42882cd443da45b1b54738330c61981d2f5a346c02f2b9ba846c5cda9010e255043adc32ad823689663fa7b830e8094c805612

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

MD5 6f6b948dc3fff4c3803d73909ad6e1ce
SHA1 2d8eb9475e95f14bb19de1906ee3252c3a55d576
SHA256 a0ccfc2a84e967737ccb5ef8c6d9bb149c834580bd7ecbd38107ec0d7c53a5b4
SHA512 eb08c733856760172932b6c3ea02274641d1366709a8454f42ce286db0ccec9e08734e056b1d088aad0173a9445a427c346ab522348381c204989cdb5a610144

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

MD5 0b2cb411df0c267c83abb83802dee87a
SHA1 cc65aec20bacb8bee07f10981658dec751b6b270
SHA256 77177367eae44aa70ec5fd107ccd6c589092ff93e9166b9bdd19a0477d2d2e42
SHA512 17fb4be12d013d7fc19d6e26a6e25131e88ce6272fec1bce23a94d6a6a3e309ea9dbad75fe91b80862fc014de1687016b3418215d962836bfd0d536c4f95b22c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

MD5 26b132bc1eee4e25853a713a1d48b07e
SHA1 04955293a25c377d61cd29319c21b0bb9871e60a
SHA256 fe9addfde9ffe92b669266a2797a730dedbd49eadee84cc33b5428d7e0be3878
SHA512 a045386af798b1e1e321e33050c87637e3c536fa5a69574a1ca9fed2677dd6440a01d2c7806c043c087ccaf6655dc4a256cc945906ec956b051aa95514561ee4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

MD5 c25f7b2839da9e7ab4c19fec58f52679
SHA1 dce5080e1c510f5a4ea8921a8944671eb65da97c
SHA256 b48e0ddde09660ad0e2a4fcce024ab65fab4e3a893b80b196718793236a2e57e
SHA512 bf9526d831b598318bf9011c6c035a522124f8a287f3aad6c7178d161412acf279c10fe1071513325576aa69d2299c9a66415d3575fc2a0412882eff4af9635a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

MD5 b862d8547d73c026cfd59e160b249fb5
SHA1 1d49c63baf6f5e446a7868dcb7651bb1b6581c67
SHA256 19031a7d81e62a76825b4ccd19c996c40e9ea11bddc6dbc5c0b390df289879dd
SHA512 52da8bf1b258e6f08f4e19a84d515c9bbfeeb0eadd7e8db5815899029499826ff5a9e581c83fab0b872e1794fc4601d4004eaa597df2e24d157795f329c2f358

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

MD5 edca36530bf4806ab1b8b9d61ec6be68
SHA1 b27bd32e3cbb9b81279828897e4b6c8dbff8240d
SHA256 421d3ef8606f5dd3972a9e831fff636e2ddc3510447e4014d331e7a547a8d5f5
SHA512 6ba2031f974dcfa2cc127031a63afe0a4cfbae967acfafaab4678e5d82be26b625ef26496144015413d40d61b0de8ed52ea3dfcdf59f480a8b7814d2773e0a75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

MD5 3e29898e9c0a3b9850fdbcef8f1f030d
SHA1 9b3876c6d3330a65dbe6599f268946caf471dbc4
SHA256 1f57c944a4b92552c741c007f2629bb388170400817dfdb96d4a8675f7c81611
SHA512 4e1c0a435d4b4cca5c1392f0fb5fdc12249701ef1a20a7abdd650bb695d0f595c3ddae5766f7c212de37663dfe0ff4a6c999845b86b6bd501daa4f9f848a35b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

MD5 2d634b65767a471811d950ef0a933b97
SHA1 ccb4cfce187457f9f9022de2b5539b6870bd7111
SHA256 012e1636370367c02a561413d48afea9fa78c47d7c64418771caa77015855537
SHA512 8773afd8d11605b268f6678dbf07aff3a6fe1266ff7f576175604a8da8e03c0f99d5278ff309b281cf1179db7cd359bcdbf589eb73cf47999f40551c143db82f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

MD5 41755e3dca3cd8ec8f3292ed5f92719d
SHA1 9f42a5c8fa55b2d34f91e1ff3dd6c94316c70d07
SHA256 d7cddfbc08f958a8f07d4c09f55b15967e847755d2c03cc92ef549e28c9d74d9
SHA512 f6b82be25d6e8902889498eed6f9941f5a2f00fa39a62c8f164c5b7a0cea329b1694953ce416602b00f45c1bd24a1523758ad6eb728fe48d18d5e326260d513f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

MD5 07e64c500d05a735c3e2ee2589e7bc11
SHA1 0c0dad34c54e6fee6d09dcf5bb5ea57effe2532a
SHA256 6f35e24ed7631a933c551ffd3013b0df539764340d76aa43d0d302489a609d75
SHA512 c39f587a3f5a01156f5e80a4ada565a29ed6793f6e6ef7cbf577957180bcccfbe4c15cf3854c3d26ef26c04f4786d3ecbcdcb5944b03f7c9423843554571efb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000088

MD5 5f112b5e4ce7990fdd26ad846bd9cdc2
SHA1 3a5acf60decb4fb0c2c2a4abeaa225ee514dc529
SHA256 0d7a4b692dc4586a02050f6b96b7433b6bfcc380dc7e04360c849dc1f3827846
SHA512 5b3a9297466a25fafa81f016a92258e0ed167dc63db9e507382eb1629653c13b794fdb914873c76119d3a5ab850f4b8e3ddf81d68cb6b781e8ef6aa9c713c6c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

MD5 394d947356805f8b14ddacabe9c79ceb
SHA1 8c453a8f4d613a90dcce207ff22d097f74c07f95
SHA256 adfeb48182ef0a5965b3c12ab533b12a18abb7e893454e71fdff281202da905f
SHA512 b01bfc93743bcaee33ed64def01181e21c81b87f90784a6b504962f9ba995503fdc69e26ff9dac0debbbd27dea33607aefaf383eb7b789da6bfc4c61694c7db4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a

MD5 3f2acc2adac176845192339b31aae91b
SHA1 a48f30e0517c0e5e99f1722f18b9d07050750612
SHA256 7878ebf782413917cb18c292f9cb6b98eca4f7baa2c7dcf56bf92f63d5f288eb
SHA512 0f271973bc4a6003495ae29298fab0efb34442ae76b00a1bafde2c80f6029d7360f8b062723088b61c34649c4e7ad351bc4cee09a227fa4ee7688ec45ad98913

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f59cb41c7f6a27be_0

MD5 fe9cd7f4b563927d75ce62c7315865a0
SHA1 4d094ef31fac2ea8cd4af04eb81c5789a3568e8b
SHA256 1e43c55795651fd4857d7082c27a30d97eb1dac047cd9a9423794be554d2428e
SHA512 dc07722e9c1d0cbd4bc0e67788c6593affc5c2334ab3acd4fb812862f7bf8ac6230ef01df5fc27a4609b2a85cc73a1875a588199e4c83125da75385064415edc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b233c2bb1dd64753_0

MD5 1a3f67288e7a21e41095a1b6aacd05e9
SHA1 2fd2a1e8c7044678d9cfae374c2878a0ff30ba17
SHA256 c1e6f0909766aedcf6530e649704b87c2295aeee7a26858ec65ef9df555585af
SHA512 83b5982e0e3bdb30eed8e6fcc30f060627d21f7e7273d5d697312c996ea8468c138556b50927776ddea38d841818ae9bdb599b74e69f913f162259cba9920806

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 8af805a3e41280587c99c6b5e5952076
SHA1 33845d1ffc6079f4cda1dd72ef99a70d06da63b2
SHA256 6e779b3a773c70ca74447a4d6724e06cbf6e98b21d7becfb6ef00c4ccbae313f
SHA512 95b0c2e816c0ce2e46518389b43d3d1bc851365ce9f926d0e016821fd24a9cc3dfff7195d9bd4d29a7f1e66823726c4872a5f737ac62ee56e9268489cbaaef3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0

MD5 12b3dea66501f05b7b44ab3af97527c7
SHA1 2a122e7f483800e9bb48a41c397a6ac53b9a63bd
SHA256 871c1c1b1d52a1f2b993c42c458d1da8aab5f5a9e1b25c692486887fdc73f59e
SHA512 8c3d68dd280025340d86d1b4b5ef159b3a4fdc78f55894c5cb8504424cba9541f46800e30bbd22508cd26c4926c1d29b37d1f203fa8b369849943c63cd18ba6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3355c555ad5e31aa_0

MD5 dc62dcf5a4f6210146ada208aae3e398
SHA1 48235671ecfbc259a694b18e41e42a6da794a85d
SHA256 07a4697f3d49e0c86e10f8262e796a87eb0efa3584b09413480bde805ae9d710
SHA512 6425105ea50996f02f0210dea2ec8c02e0955f47b856ba1afe256093e9800f5aed51c0648ce29c4a7edbe8f65d753ef9eddb0b3981f6892e4df2fba4e9bd6eea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a74bc4926ad9c8_0

MD5 a9199823d0a5ff2a362eba21a26ca0f9
SHA1 9661ba2cb948820e681917626903d10e123eba41
SHA256 6597e161aa3e4e3e74e45a2830ec30b6998b8bdd97d9c3d800cea8f827d96548
SHA512 d614a9a516070b109fb28c7b19b0685f032ff1d3bc37f140422b11bd2df32f626f9c26ddca391165150a5130a4d6f6650aa339aaa085f8ec0f423c0e896f4bc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

MD5 0466d6c947a9a3c89a0f3a9ba25b11ae
SHA1 c2673305186b014a2df914ce33c6b03c02363d5f
SHA256 c0c81256f8210a7d46baef0c5434624177bd1ab913ebcd8763b226964bdfe23b
SHA512 16a32c67ca2908712a0495da8b46765f90b47457dc774bf39845733cd7fa2519e82bc231df54a2c2defbdae76aaeeb752805b6260dab2e49efc498eaedee31b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

MD5 4b9f2aff9903728a97cf2345071595a4
SHA1 f7bc04ef2c16ea8007b3b91b51bb27e873d2de7d
SHA256 a6aeb0099a39a7e609e1f0674dcaa128594122e26098cf9f28877b608f857a63
SHA512 d7014bac79419f06c755ede14c37c152c652b7557c9e0ba2acc0906c70092449352118101d7f097fb9d1311e2877db84920dca9aee2b83dde73e31177a04acd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

MD5 fc03edc2c67353b7608b593ee05565c6
SHA1 72106071998b0ef5f145ea4f9d53459e52a33e9f
SHA256 14be4114dcfde74652f19f9ffae8c9bb50707e9e88bd2b1fcd86fb50224109e7
SHA512 444759b488bd8724b40429e1b0e05c5e11a4a1b9a2defc03cde8e9156e237510a943c4d24fe312e0c7a5fb3929f47222fe1d44027ec242a58087a0a57be388d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6517efae5af72507244e0bad2dfc7192
SHA1 2fd5018407f6c565e681d41169864206a6e5d3ac
SHA256 5a62d3784f796fecc317b7e8dd92e0c3831409f040e63da65544a09686dbc1aa
SHA512 af48e583c52efa85b8caef750d087eedef5167b9a06e4d149a2e1b1d4357bfa76c5dec2ef1f5e7144d9dda381e5a8bbe87b8ddeeb5bbc9e3feff10e0d975cf5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9e507544ddec92b09541aacb5f7e9a3d
SHA1 41ac4ea535f90298a428bd6dd223e4ebc2fd8a12
SHA256 a0763de0fde9c9b403ba1bcc14d7e3eb15bafd9cc949f37715660f3016858cd1
SHA512 1001188bfd672597d9cc17453837ba5ad84931bc100e4ab78bbe9991f33f153bd11498c843e772f6b1f554d6c27bd9e39aa9ced4c364d3aef49793e83fcf579e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0efdeccd42e10fba_0

MD5 5dd038981b23eb4b607034b4cde595a3
SHA1 3956b76ecd404b77cc8ebfea69cb716b32c21898
SHA256 706c1b25b99655e08879a4e180a16872b9b1df42ba03414afe0c099dc5bb2894
SHA512 eb99d898fe28875e1850562b33d28d26d9af51e8e0e96d5980726b99500a50b2d136ed06bf24abebfeaaf8d52820ae30bb7929996165b24c443553610f87400c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5041123dedb670d2_0

MD5 aca25e2b776b0a04ca5dde88774eb762
SHA1 dc30a04cb1e6dbdc2d3894b21819b9f3f50eceda
SHA256 cd62d4b8d72d6b0003becaca6219ffd2b216d50da7fa6c367282ff4b2b98864b
SHA512 201447adcf8dfabc7fdf544659fc5cff35afa355439e14688f7bbad5e0997b5bfd6dfa6f06a93a471be796c6e31864d2b1faf240b4f5aabea94eaaa5fca5b354

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89c513ac2895b809_0

MD5 c4e7192ca57b060405db5967dbf93784
SHA1 879bccb2095a8eb6cc1a32226a0248e1b7b046a1
SHA256 ba5d324d5ac7ab4436edaa568c4062acd184a1a4525be9929d7b99a4d3544ae0
SHA512 6b3ce5eb0c89293d977253d02eb7248ad3b9270264c4c20b8dd5cc04b6d7bd89ed9c44392c23d866dcdd5fe3eb4c7e2889834fc8c34cbd84936fea4603d3c063

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de0de015ae77bf33_0

MD5 602b2af469e38ae1a35e97e8ee85964f
SHA1 388ec8667994ee2c41fdbc4bd0c481f434fd8749
SHA256 9432b2bdfb900a95cc95436e8442dbb12ea965751d10f39ca7c1872f4ca83822
SHA512 c95ecef251e8738c882a68ae48eb8add6053f814a95c17336a71e6c0e4555dc513957965b5c20eb7d3616a49527394dddce557ddb6efd7301b466d31c9695f2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c3ba1c4f627c5d9_0

MD5 c06b4d2a0697a9060e9cba113ca415d3
SHA1 d95173c3cef2e81134e8529d35f888560d8bc7c8
SHA256 9ae4990a10b7584861836bcbb3addb253d6f26538261424b58c205f372b97024
SHA512 d032da064e8f761b06b14c20416abe349ead0cb13e98bbed29d7ccab6fbb1a07642c64d2457f3cbd8f53117ba1c9399b2d86b50c780ed79f58735ccb063d4fdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b27e8b246dce2d4c_0

MD5 ae1d27c1c88c5b1a1f0db0c3f72b5bc5
SHA1 fd14a533d2590a8a40b887663cd4ef831613feb9
SHA256 943c03210d7687cc38753369ec831cd02d8cd4d89917533d8789b8d27f45857a
SHA512 ff62aa1ef3066c26ffeb4733218f36410641cb94ba0e026859555b4b117653737eeb10f13443382c5b4d0711fde7be01b0ba37ff8f8a69eafeab658713ad688a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9f23f71d85ac1a7_0

MD5 a3d8679b6fadbb23bdb4e22afbecb88c
SHA1 a120bec3e78ea34a5a1386c5be3650e7e06d84b4
SHA256 cc00b8dcfea316efe3f905531c6926d6eb7395b78c8327961096a4a22bf07319
SHA512 313b42e21cdd54205b26001994408624169218240589d8d3295ac2120cbf9262f0a0d6200d3e8c00ab9979c9ce586d2801e45151c2ead4f627c60ba48be4c890

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7251f188d57e93ed_0

MD5 6e58a2d785749eb446aebe56d8d3373b
SHA1 413eec99b077f7709bebe179d18081617c0bd930
SHA256 217f5d42830d081268c2556373e0e7d5cfdb11ef7e8ce5c2c2b3ca211fe724cf
SHA512 4323f5df76d83b6a710a238e120c8fcd12058d79bedbe070438e7fab34b5fedbcf77099c26ac913d47a2eaf6553f6e553e3296a176f416fbe499aae68a82896a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\698ecfa6f0f941fe_0

MD5 a1ad812f9ec15391a21e5c3d56fc26a0
SHA1 014cb4ae1918bd3bfc5e095d719bda3071816101
SHA256 b72cd8b2ab0af550aaa6da45233503e2a265eecdf831651a5f7b5454ab392c17
SHA512 b6800b79fc2330bfde3bd7215db1f3c923ac84a9d237b7576180ec5ca43aee7bde5708309a1fb7af9b88e09b9a874f4dbee7485c2e8bd23d14d3c1f3481bfd23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb9eef1a4e773848_0

MD5 cd1ac85f4ee00ef65131fef2bade7b61
SHA1 518e3d1e04b1d8c3102fab984020a095e4b6baa8
SHA256 eecd6f0adc8866f3cc89b31700bb2f679fa961964cb061e2fe636c95612b437b
SHA512 cbd4dd7e22ba6c4a26bf3e895439c72649be8b9cea99822ed77fc28d91e0ec8b91b6a0d76ff9b66553ffcdedc33d4ed43166508ac91d42fe27bbec9e41a629be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dc34cabdacfbffce_0

MD5 99dc47a67f4a93bd6e08cdf16a9f70f4
SHA1 350ba044d8c6092d8e91e4b5cfc518f2851d5931
SHA256 892dc711ea3f30e53e30ac8b130686962ba024eb69d45d620bab5e07f138a1f3
SHA512 19fd2487215f9caf6047ad1454f32aabd0ffd72e59c501ac9004e3ed023829187bd80e466e64ceedf9b3db1bd0b76a7f045b7e46308f3fe0f8295f61c2d9bf3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ea03ff49b72d51ef_0

MD5 c5b2eaecb94a28ed6851bb900e8655d6
SHA1 d5f21adb0e4d7953ee0118af5908b54a18080fd2
SHA256 eb91952f4c06e39c1179a7633e6c9eafd56c16b2dfcd2ab49bbc9affd986978e
SHA512 dccc01c516e994e87e19a43069b3954ea9cd2aca9eadd756be6b1ab15d1d4827713c51bd77eef7528054f132fb29bdbd1c3b940d9886c7daa65b27d191041c07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\44eedf7ff3efb79c_0

MD5 f26cceded61a6caa896f5d92e39939c2
SHA1 4adc872807754f4e0542c2689006923dbfccc74c
SHA256 cf287556af4bbac214c37c9ae16d7925c39825a4c56a78b47700994b2af47b81
SHA512 15dad3ba0b0c37d571850032b2ba506f699f9eab812f12e642c1fb95c6ca02b4d217bc8519ad2506d30b3f628b189f1d88e02363c50f15644581ef16273ecaa8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e04b264b57572896_0

MD5 b84025d37055b3d539d50486cc76e7d7
SHA1 a571bc1d1da1429ce5cc21db581238612afdc84d
SHA256 d679bdf8137dc59922d7b424e54bc552944c7657f8ed71f58661105542d9c1f4
SHA512 4f3f30e91fee1ff5f9cb94fde60f3b5e2578ea7590a7865c234ede2b58d144e07b9dac3b802dd11a811308ba2e01e27330accb9c90ff4fbcbdb9b4b86f8b85b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0

MD5 25311d4c431c527485e06e58603a85ce
SHA1 8a1fab14d6e0352297c7292429296d5f51ed70e4
SHA256 de71fde448f1880fd3763a4e551fbc9a1197863945643cc1bf132e31da8e115b
SHA512 a87cab3ab9ed9daa00f5968eb3096622d6e6d0623f4742ff002da79b4d150e016e132bca5ea7f569f6aeb9574530d9a19a8f13cc72914d911efe4bc01ed08f4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

MD5 dde4ad2a52b29295d7dbe27ae171f01a
SHA1 2beca6461ce6e9399b16ad463fe1c97bf34c7baa
SHA256 d4fc95fe159912c53616344145e553780a0e8861151eec1bcc6b70b2d50945c2
SHA512 146222bb6bc388efc882a9f3d96835676394b13c95f9e35dc04e751a10e7d2ea521dfdb572c5fba3e37805bd7b7bdf92fe0abd2c061b87a7b39006bd6b633c94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\39cc8b3389daa7d8_0

MD5 2a47e98013597713b71a36142ade5723
SHA1 22459548930c7b75f46bcd454bf8151143c24fef
SHA256 f1deeca1270a6c432bf1de6bbb4c9376e0658ffab3cdb8a5946e3a19f32b0d43
SHA512 0ac14e7d8adedc118558fc7a73aa2e058a4ded933788dd64a0805fd4d9e2f2881e3ff3719a7c540526b91b09562dce3ea09947f56c7b443fac26083f2ec0576e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782f56b8ce6cff0f_0

MD5 734e55c5034b5b1770e92e9a04e468fc
SHA1 b039d8c0459f2b30cf98deec67df0c32d15d4b72
SHA256 470d5dee8c5e81f7aa2b6fe6cfa59a2119e9baa1770ab14ea0b9a60b82e3fc3b
SHA512 94c362917886f99363dc01cd2228fa51fc4c528843d18f4c816df481a97a059c345fd1885dce163c2b9ba4fc48151c13c0dfc7c8a82912e5efe767dc484093d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6e8e4640f0de454_0

MD5 5ed5746c0a5d60b102783bdda8b94ccd
SHA1 52168b1d0eb956bae5d69a15a767ecceb2613e59
SHA256 5e6416aff929624263073521fe1a72e864ac9582afccd823e16202dbf63c21b3
SHA512 e84e59f187f0ad1e2e65f9077a23ced2977f740fe03c71ceb258fa81532defd8b2384035ecfa0951da83b005222d5062e7a4885797263db0dbeacccd4943a217

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a71e5046306f8a1_0

MD5 5134bd110dd87eafd56b20d976c4d0bc
SHA1 ff58728f8bb7865590d38981321a6ae4618000ef
SHA256 9fe448484d6115d08889a65686fda319c83b941802a3af51c59ad6b68f6cb90a
SHA512 ed335b414c6e9e11eb449dd76858cb858598639435e4012cbe7b03c33c9fc220ad03f4dc00521ff97e6092ce45f891338e61570953c72f773f615ff8f4ac0f50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8

MD5 99e35b3b58efd89d0322af8bbcb87178
SHA1 dc72968c535925c4cc809c40cb96acaeca460dad
SHA256 5e0ad4e28e5d5123002dd3bc76a20528aeb619f5d0cfbe6c59e0212a09b53187
SHA512 e8ff05054a7a0b3271ed342ae98ba505bde3a140a6131c757641f73281b85cf50f617744511ba7e4c90518bcb83e44f00963109b705a038c68603627c0e925a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d12bc83013ac0aec8c5d67d6cc8f013f
SHA1 146e9012656b437cdc9da01279a2fcdf427a274a
SHA256 6b18a32d4d69cb8f2f765bbeb61786794959fdf1965cf3136e199d51e42b01ee
SHA512 e647a6bd6e7e7096b2fb224bef1aa9aba0331589801bf5ea4ff07504003e83fc527ab800ba90d275a4db0e9e618bfd858adff8feec8ffa5154d41b1af88943af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e0552cd880904cc789aaa8379cd03f56
SHA1 bee8919b93402a07a8dd57ad2397ad655fe4dcc7
SHA256 2a174fde507100dbe80a94b5050c5231553d58168f36c63e9dda85bdd28b162e
SHA512 37399e8a3ac26f27b075815b63e19a80f9b4f1a53be836c18a5441f61df0a1b2f189b503c1a02c9041245f2384d0e46f9cb0426ca0a1ab56f13e6f2893b6b6b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8d760fa74fdcd68313a275126388e758
SHA1 0c56fdae08d4868f8791490585c787862d3e00a5
SHA256 4469239e82ea57657e8a0dccfeee5f91a0f99279fb0c858a71115d3c6fb8ed48
SHA512 e5d75619fd30f22b0de53303f178963de1068b1f76bcf9cb28438c0be97abdba60d0e26d2b9a9b9b194cad069c9e2df1907a5a3646e5be7cf507238153e49991