Analysis Overview
Threat Level: Likely malicious
The file https://www.filehorse.com/download-brawl-stars/ was found to be: Likely malicious.
Malicious Activity Summary
Creates new service(s)
Manipulates Digital Signatures
Possible privilege escalation attempt
Downloads MZ/PE file
Loads dropped DLL
Modifies file permissions
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Enumerates connected drives
Launches sc.exe
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: LoadsDriver
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
NTFS ADS
Runs net.exe
Suspicious use of WriteProcessMemory
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-05 11:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-05 11:26
Reported
2024-10-05 11:30
Platform
win10v2004-20240910-en
Max time kernel
243s
Max time network
245s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\FuncName = "EncodeRecipientID" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainFinalProv" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.1.1\FuncName = "DecodeAttrSequence" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCertPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.4\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\2.5.29.32\FuncName = "FormatVerisignExtension" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2221\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2003\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\FuncName = "WVTAsn1SpcSigInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxHostChannel.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\capi.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetFltInstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-locale-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\ucrtbase.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxBugReport.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxRes.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-conio-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-util-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9VMMR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SDL.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxAutostartSvc.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\host_manager.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5WinExtras.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-sysinfo-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-filesystem-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\bldRTIsoMaker.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libssl-1_1-x64.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxExtPackHelperApp.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\DbgPlugInDiggers.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-sysinfo-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSharedFolders.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-interlocked-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxEFI32.fd | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\dpinst_64.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxManage.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-stdio-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-time-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_V2_utils.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9VirtualBox.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libcrypto-1_1-x64.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5Widgets.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\dasync.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\msvcp120.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetFltUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5Gui.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SUPLoggerCtl.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-time-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-debug-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ucrtbase.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDragAndDropSvc.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDTrace.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-utility-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5OpenGL.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxNetNAT.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l2-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-1.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_V2_utils2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp100.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dism.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00B1-4E9D-0000-11FA00F9D583} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-32E7-4F6C-85EE-422304C71B90}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\ = "IProgressTaskCompletedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\ = "PSFactoryBuffer" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B4A4-44CE-85A8-127AC5EB59DC}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\ = "IVirtualSystemDescription" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4430-499F-92C8-8BED814A567A}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7071-4894-93D6-DCBEC010FA91} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7708-444B-9EEF-C116CE423D39}\ = "IParallelPort" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-762E-4120-871C-A2014234A607}\ = "ICloudProviderManager" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}\ = "IDHCPGroupCondition" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\ = "IDnDSource" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3618-4EBC-B038-833BA829B4B2}\NumMethods\ = "32" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9B2D-4377-BFE6-9702E881516B} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-319C-4E7E-8150-C5837BD265F6}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-08A2-41AF-A05F-D7C661ABAEBE}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D612-47D3-89D4-DB3992533948}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\NumMethods\ = "24" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FD1C-411A-95C5-E9BB1414E632}\NumMethods\ = "23" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3534-4239-B2DE-8E1535D94C0B}\NumMethods\ = "13" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6038-422C-B45E-6D4A0503D9F1}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23}\ = "IChoiceFormValue" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC19-43FA-8EBF-BAECB6B9EC87}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DAD4-4496-85CF-3F76BCB3B5FA}\ = "ISnapshot" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E1B7-4339-A549-F0878115596E}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1f04-4191-aa2f-1fac9646ae4c} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7997-4595-A731-3A509DB604E5} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\NumMethods\ = "13" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8079-447A-A33E-47A69C7980DB} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E1B7-4339-A549-F0878115596E}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00C2-4484-0077-C057003D9C90}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\VersionIndependentProgID\ = "VirtualBox.VirtualBoxClient" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\ = "IDnDModeChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\ = "IMediumAttachment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\ = "IGuestFileStateChangedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3CF5-4C0A-BC90-9B8D4CC94D89}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ = "IVBoxSVCRegistration" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00A7-4104-0009-49BC00B2DA80}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 278086.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.filehorse.com/download-brawl-stars/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8297146f8,0x7ff829714708,0x7ff829714718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9040 /prefetch:8
C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_3040_ld.exe"
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=3040 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=328340
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\CA56D196-F113-46CA-90C7-5A55F18BF80A\dismhost.exe {1F7DC7E8-B2C1-4EFD-BC1B-DD914ECCF9F9}
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8297146f8,0x7ff829714708,0x7ff829714718
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.supercell.brawlstars|package=com.supercell.brawlstars
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x4ec
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7336 /prefetch:8
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8297146f8,0x7ff829714708,0x7ff829714718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16120392506772522998,9845382135858579394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.filehorse.com | udp |
| US | 104.20.1.51:443 | www.filehorse.com | tcp |
| US | 8.8.8.8:53 | static.filehorse.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | spn-v1.revampcdn.com | udp |
| US | 151.101.65.91:443 | spn-v1.revampcdn.com | tcp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 151.101.65.91:443 | spn-v1.revampcdn.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.1.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| IE | 3.162.142.187:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | apps.cpi.arturito.cloud | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| IE | 54.74.215.235:443 | id.crwdcntrl.net | tcp |
| DE | 162.19.138.119:443 | id5-sync.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 34.120.186.113:443 | apps.cpi.arturito.cloud | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | di-images.sftcdn.net | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| IE | 3.162.140.85:80 | crt.rootg2.amazontrust.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| IE | 13.224.68.126:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | 187.142.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.186.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.215.74.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.68.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1d365987bb417c79a8c9b8dabede182.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| IE | 3.162.148.221:443 | aax.amazon-adsystem.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| FR | 5.135.209.97:443 | prg.smartadserver.com | tcp |
| FR | 5.135.209.97:443 | prg.smartadserver.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| IE | 52.19.36.6:443 | ad.360yield.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 221.148.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.209.135.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.0.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.36.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 142.250.178.1:443 | d1d365987bb417c79a8c9b8dabede182.safeframe.googlesyndication.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | s.richaudience.com | udp |
| DE | 157.90.0.38:443 | s.richaudience.com | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| DE | 157.90.0.38:443 | s.richaudience.com | tcp |
| US | 8.8.8.8:53 | 111.39.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | events.cpi.arturito.cloud | udp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | udp |
| US | 34.120.139.235:443 | events.cpi.arturito.cloud | tcp |
| US | 8.8.8.8:53 | analytics.arturito.cloud | udp |
| US | 34.117.29.134:443 | analytics.arturito.cloud | tcp |
| US | 34.120.139.235:443 | events.cpi.arturito.cloud | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | articles-images.sftcdn.net | udp |
| US | 8.8.8.8:53 | 134.29.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.139.120.34.in-addr.arpa | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| US | 151.101.65.108:443 | acdn.adnxs.com | tcp |
| GB | 23.219.196.188:443 | ads.pubmatic.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| GB | 2.19.117.107:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| GB | 2.19.117.107:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| US | 44.218.137.49:443 | cs-server-s2s.yellowblue.io | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| NL | 89.149.193.116:443 | ssbsync.smartadserver.com | tcp |
| US | 44.218.137.49:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| US | 54.197.49.144:443 | api-2-0.spot.im | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 52.210.235.15:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| NL | 89.149.193.116:443 | ssbsync.smartadserver.com | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | 108.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.196.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.137.218.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.235.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.49.197.54.in-addr.arpa | udp |
| US | 34.117.29.134:443 | analytics.arturito.cloud | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 50.31.142.127:443 | b1sync.zemanta.com | tcp |
| US | 50.31.142.127:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 54.158.94.71:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| IE | 52.208.55.65:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| GB | 2.17.5.216:443 | eus.rubiconproject.com | tcp |
| GB | 2.17.5.216:443 | eus.rubiconproject.com | tcp |
| US | 54.158.94.71:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| IE | 52.208.55.65:443 | ap.lijit.com | tcp |
| IE | 54.247.162.123:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| DE | 51.89.9.253:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| NL | 81.17.55.123:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| GB | 2.17.5.216:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| US | 172.111.38.111:443 | tracker.open-adsyield.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.239.215.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.55.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.94.158.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.162.247.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.38.111.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| DE | 157.90.33.72:443 | push-sdk.com | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | 9d78b7b6dcef8eeffb816bc865359ae8.safeframe.googlesyndication.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.226.234:443 | aax-eu.amazon-adsystem.com | tcp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 72.33.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.72.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.226.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| NL | 185.89.210.122:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| GB | 163.181.154.242:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.242:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 242.154.181.163.in-addr.arpa | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 52.210.235.15:443 | match.prod.bidr.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | ads.creative-serving.com | udp |
| NL | 35.214.241.248:443 | ads.creative-serving.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| FR | 91.134.110.137:443 | rtb-csync.smartadserver.com | tcp |
| NL | 35.214.241.248:443 | ads.creative-serving.com | udp |
| US | 8.8.8.8:53 | 137.110.134.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.241.214.35.in-addr.arpa | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| GB | 142.250.187.246:443 | play-lh.googleusercontent.com | tcp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| GB | 142.250.187.246:443 | play-lh.googleusercontent.com | udp |
| US | 8.8.8.8:53 | res.ldrescdn.com | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.31.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.187.226:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| US | 8.8.8.8:53 | api.ldshop.gg | udp |
| US | 3.165.232.58:443 | apien.ldplayer.net | tcp |
| US | 3.165.232.58:443 | apien.ldplayer.net | tcp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| SG | 8.222.176.52:443 | api.ldshop.gg | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| SG | 8.222.176.52:443 | api.ldshop.gg | tcp |
| IE | 13.224.68.74:443 | tagan.adlightning.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.232.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.176.222.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.4.236.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.68.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 3.165.232.127:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 63.215.202.178:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | 230.175.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.232.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e47dbaf280088b9a08a152f0488b7558.safeframe.googlesyndication.com | udp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| FR | 5.135.209.97:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| FR | 163.5.194.37:443 | prebid.a-mo.net | tcp |
| DK | 37.157.6.232:443 | adx.adform.net | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| DK | 37.157.3.26:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.68.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.3.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | 337e11ccf3ab4afbc478106f4a76b778.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | node.setupad.com | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 223.25.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | ads.eu.criteo.com | udp |
| US | 8.8.8.8:53 | rtb.fr3.eu.criteo.com | udp |
| FR | 178.250.7.12:443 | rtb.fr3.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | 12.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.1.250.178.in-addr.arpa | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | cat.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | imageproxy.eu.criteo.net | udp |
| US | 8.8.8.8:53 | csm.eu.criteo.net | udp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 3bede9c6fe89d809940059b5c6cb95d0.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| US | 8.8.8.8:53 | cdn.mediago.io | udp |
| US | 8.8.8.8:53 | images.mediago.io | udp |
| US | 8.8.8.8:53 | trace-eu.mediago.io | udp |
| US | 34.111.60.239:443 | images.mediago.io | tcp |
| IE | 18.66.171.21:443 | cdn.mediago.io | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| IE | 18.66.171.21:443 | cdn.mediago.io | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | udp |
| US | 8.8.8.8:53 | gtrace.mediago.io | udp |
| US | 8.8.8.8:53 | 239.60.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.168.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | setupad-d.openx.net | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| FR | 163.5.194.37:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| NL | 185.89.210.122:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 19.158.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.ldrescdn.com | udp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| IE | 18.66.171.57:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.171.66.18.in-addr.arpa | udp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| US | 8.8.8.8:53 | 229.122.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.145.162.3.in-addr.arpa | udp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 97.136.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| FR | 5.135.209.97:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| FR | 5.135.209.97:443 | prg.smartadserver.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| IE | 18.66.171.20:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 3.165.229.26:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 20.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.229.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.ldrescdn.com | udp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 8.8.8.8:53 | apien.ldplayer.net | udp |
| GB | 163.181.154.237:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.237:443 | res.ldrescdn.com | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 3.165.232.98:443 | apien.ldplayer.net | tcp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| GB | 163.181.154.237:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.237:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.237:443 | res.ldrescdn.com | tcp |
| US | 3.165.229.26:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 237.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.232.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.232.165.3.in-addr.arpa | udp |
| US | 3.165.232.98:443 | apien.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| GB | 163.181.154.237:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.237:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.237:443 | res.ldrescdn.com | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 163.181.154.239:443 | encdn.ldmnq.com | tcp |
| GB | 163.181.154.237:443 | encdn.ldmnq.com | tcp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 239.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| GB | 163.181.154.237:443 | encdn.ldmnq.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| GB | 163.181.154.237:443 | encdn.ldmnq.com | tcp |
| GB | 163.181.154.237:443 | encdn.ldmnq.com | tcp |
| GB | 163.181.154.237:443 | encdn.ldmnq.com | tcp |
| GB | 163.181.154.237:443 | encdn.ldmnq.com | tcp |
| GB | 163.181.154.237:443 | encdn.ldmnq.com | tcp |
| GB | 163.181.154.237:443 | encdn.ldmnq.com | tcp |
| GB | 163.181.154.237:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| IE | 18.66.171.32:80 | apien.ldmnq.com | tcp |
| IE | 18.66.171.32:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 32.171.66.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| IE | 18.66.171.32:443 | apien.ldmnq.com | tcp |
| N/A | 127.0.0.1:6467 | tcp | |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| N/A | 127.0.0.1:6468 | tcp | |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| GB | 163.181.154.237:443 | www.ldplayer.net | tcp |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | res.ldrescdn.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 163.181.154.242:443 | res.ldrescdn.com | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| N/A | 127.0.0.1:6471 | tcp | |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| GB | 216.58.201.102:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.212.193:443 | yt3.ggpht.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| DK | 37.157.6.232:443 | adx.adform.net | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| FR | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| DK | 37.157.3.26:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40343c5a03e7236899cae4dbcbcf19bc.safeframe.googlesyndication.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | e2493b0191dd5133369cd33befbbd1f2.safeframe.googlesyndication.com | udp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | f3ce25e1a71f0644224d2c620b43330e.safeframe.googlesyndication.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| US | 35.244.159.8:443 | setupad-d.openx.net | udp |
| US | 35.244.159.8:443 | setupad-d.openx.net | udp |
| N/A | 127.0.0.1:6472 | tcp | |
| US | 8.8.8.8:53 | mmentorapp.com | udp |
| US | 104.21.68.128:443 | mmentorapp.com | tcp |
| US | 104.21.68.128:443 | mmentorapp.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 128.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | b11c25a79a6639b5adcb776bacc33519.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 06120f2c34c96e065709ffcea9fc4216.safeframe.googlesyndication.com | udp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| MX | 192.178.52.163:443 | csi.gstatic.com | tcp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 163.52.178.192.in-addr.arpa | udp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 06e233669ae69ba3b515a14bdb106a3a.safeframe.googlesyndication.com | udp |
| MX | 192.178.52.163:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | d2c4b3389393916d4103fc46f7645a93.safeframe.googlesyndication.com | udp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | d810eff7505266d260997de7279139ba.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | adclick.g.doubleclick.net | udp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 7599322d53bb0437bd2e85cb0bb465d8.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 194a4201fbbaed88f564b3e0c2315741.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 428ea6c919d0f01406937923975ed7ba.safeframe.googlesyndication.com | udp |
| US | 3.165.232.70:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | www.temposearch.com | udp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 81.171.31.78:443 | www.temposearch.com | tcp |
| NL | 81.171.31.78:443 | www.temposearch.com | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | uk.temposearch.com | udp |
| NL | 81.171.31.78:443 | uk.temposearch.com | tcp |
| US | 8.8.8.8:53 | 78.31.171.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 142.250.178.1:443 | afs.googleusercontent.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 172.217.169.34:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 1b67ff0642759c01828d4165544fcdd1.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 3.165.232.35:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 35.232.165.3.in-addr.arpa | udp |
| US | 3.165.232.35:443 | ad.ldplayer.net | tcp |
| US | 3.165.232.35:443 | ad.ldplayer.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b80cf20d9e8cf6a579981bfaab1bdce2 |
| SHA1 | 171a886be3a882bd04206295ce7f1db5b8b7035e |
| SHA256 | 10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1 |
| SHA512 | 0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a |
\??\pipe\LOCAL\crashpad_2072_TESIHILLYJUJXFQU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7006aacd11b992cd29fca21e619e86ea |
| SHA1 | f224b726a114d4c73d7379236739d5fbb8e7f7b7 |
| SHA256 | 3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814 |
| SHA512 | 6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd21a83c7d154489b257f751bd7cc616 |
| SHA1 | 1e653d7d232c21a04883df64ceb6100a1f28ffb9 |
| SHA256 | 7443d8958af51cabddcdec471783788de6d341605fa5a315532c10ef55a46aa2 |
| SHA512 | 97fa530b3b6f546fe5aaa83fd5ed7860072186a8ac0a315859092688049c26d789177e18cda5fb5aad307fcf5973385a45bbb29298242c132dbdb3d6e7b58fb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 33d2d7c68772ac14df1e9344072dfd09 |
| SHA1 | 9aeb467f57efdda6134f5161a64317ebf7c599e2 |
| SHA256 | 532db04a5569cf41d91b2d56b2fbd8bf5b81c3f067a40d5f1f3ab6c82af0c361 |
| SHA512 | 6559c35763e47a68568a3693a9d91c328c3afd5e62159c9d169c5541c201efc6542cf5efdf6d32c133148fbe5e9e401fc59881befabbda7a02e3f62237f49d8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21f3f14b86d4438a867113af98fb5cc7 |
| SHA1 | 9e3964a9e61d5945f379e586bc1a69b4367919ef |
| SHA256 | b3675c3ef5f015be9a023a8f22e239cce59a5d2af64fac592e2663674bc76b47 |
| SHA512 | 59a7c038ab8c58b262913332b7bc881eea8426df085539246cc70a600d73eae2c713c846576fad4143ac3f9d92365a1d78426bb7724db5fda92a2e6ae6978a74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | a5cc79fbd666432c461daec09604f082 |
| SHA1 | 9a3df93d85aca657c5c8b60f9b4063128319647e |
| SHA256 | 9a7f91177674363a59d898f41192d993f0dab2ce2c93a180b6d1042ea4b9e279 |
| SHA512 | f93ebbb16738cae18477a0bd833098abee3a77880b8623ae2a462ee8e209487045121700e013dd0da1c7c3f5c9f24a56f02a5cba837df4ac1f33c9f6e3522c62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 038b3d0307f80830bed8c3a6fe1a3b20 |
| SHA1 | 05a43577f6a9ffdcd00432b6e55203fc69e01bee |
| SHA256 | 89a2f366420244ca02ee23c63d3506c82aa71dc8c40c466c14c52c92217bd4e3 |
| SHA512 | 60df78685e446f9f6197aa1a2895826a0f106cc0bc0232d1e198ce402aa7e416933431878e96965a1dca7ea8bbef759ee13abc84a07ec02d2c25b4666aef427d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | feee70946e06a7676bb9e7ed7a74150e |
| SHA1 | b92c630a38ab7a97f6aaae860f896d95017d4dcd |
| SHA256 | 5062cc713913765fb355e2d0ddce39b9d118e97123687ed08dd9bc9d414a3301 |
| SHA512 | ee1048d3bd30748557970df899346d207c304402bf224320e9184eeef928b989986d20fbeca551ec7ca8fa7825bfc421b5030b6e9af683a3cbafee67bdb2f0c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
| MD5 | d155610d38d34dccd977ac213ab42e1d |
| SHA1 | a343e08abb19f7d4110c64de08aee504cac318d3 |
| SHA256 | 6ec5dee6a9dfb42ef97cd410c2e3387f53d2eff7d1fcf159f96b5ab129036ab5 |
| SHA512 | eb735bd87238215d54613f6065e61d48e1578908117af2a215b88dbdc3c4d155cd2b60e035ff2cde17605445bd89129de07aceb74ce8c16dcd355e4214986c8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2e2df87fa21342b06d9a54ad9978bd26 |
| SHA1 | 2855c58a38646eb105fe5ec94e401b743a6cd32e |
| SHA256 | 482ce0320c52b3b4e2d8693da8e2eebdb33f6323c281166576bc9c0d5575a60f |
| SHA512 | 9be4aad7b4cab4555437d7ac25dd8b7b6fed68a6af5d14342c967e6739c738574126d7de2baeb7453e499980da92f07f2838892544545e7a5a76885a9be532a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f6c.TMP
| MD5 | 2a9bdc2b3f6fa1b3a4dbd0abb4ca83b1 |
| SHA1 | 43a1a3e45f352eecb818cc5643c9eae1da5e4ed7 |
| SHA256 | a748e3687b672a1e22bf6b3fb76d3ec45c6c44f9c78d279e381681dc396358f7 |
| SHA512 | 55f7a4d2dbbf7430f57d2ec9b2cff879dfae51a53ea856f2048c6ded978bc712e2a4bfee4749ef8572059e62e5b8830eaa7d382a30403d7409d2d292270310f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
| MD5 | 74d08f3e49a4210f66236f4e84564a65 |
| SHA1 | fc5232cdcc3689d1f26ddf1fd9a0d567b8cd4bea |
| SHA256 | f224b59ba25e458e2dfabb559d1e338019bb0f82139768561b03e42d7ebce7e9 |
| SHA512 | ac233a8d6a6b0a2894c89b33b7c159acb1084a06d1c8956a337e1c235c74f635b42cf95bbe723b2359b3b8fb09980dbe17f11e46f777749883af78cf5885f175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a
| MD5 | aa521e4e4c27306805ee2da1706959bb |
| SHA1 | f2d27a4dc1eee1b9abbc241f7c20678c03c9e775 |
| SHA256 | ffec638750b623b96d54bad5e22d02efacf39d617e92747f603ff21b57da9b04 |
| SHA512 | b964d5fe188619ce4b3aa1493588d501bcb464ff574d4ca3b3d8ad34709bb279b689d386ca2b3658d1caa04d022b82b86af01dec6d811bba8e0ce34fec6ea3f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c
| MD5 | 91754b1113e2494f53cd63689ef38101 |
| SHA1 | c16c1f4b9c3172488fabca328126fd4feede7f95 |
| SHA256 | 6026896c47c91beec5296f0477ac2cc08e63a7004fbb55b955d78b29da123384 |
| SHA512 | ddfe21ec8aa28fc5a76be0dd12851eb76da5a6e2b591c5659972ea978c3033b3e95d9f89426f7fe8b70edb1701be5a35b64176a87cca6412f4862707da6a4efb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | 05e9679509b61424a07cc4d4efb7247f |
| SHA1 | db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81 |
| SHA256 | 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b |
| SHA512 | 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055
| MD5 | 1aca735014a6bb648f468ee476680d5b |
| SHA1 | 6d28e3ae6e42784769199948211e3aa0806fa62c |
| SHA256 | e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a |
| SHA512 | 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
| MD5 | ef6466ff0982f49d4767bc3fe324e6ca |
| SHA1 | a38515587090ca3e995343184b5625f6afb31396 |
| SHA256 | 9a1ff99f235a6f3c46c7488bc0ed43cfb06ec6553b60e114dd7127e812c6a5e7 |
| SHA512 | 681f2688778ad67b21a8d9e8e90411914673134dc39cede4f9fcdcc9d33fa99fe3a0f8c4949c68748cc92adeb8a55a169b7a610faef488c5821a6c886fba17e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 948f15ca16830ed2bee6619df537be9f |
| SHA1 | ec28e7403ceb608b8dcc5541f0be4f7b913699d3 |
| SHA256 | 5d2fd66457170ba3278adeb631945e35d4b9ea04a781120e98eec463d48d3cd8 |
| SHA512 | 1b8d6a9ed30f48a31d4e50069ebfb1303f7a5c4de17ce290152d2a8997dfb2ab648a708263d359918e1cc3669b6d324dc373c1515e94a68fd8106d9c22366e97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | a38c9206d825e8a2717482fa597ab95d |
| SHA1 | 49c1b7f03931a3fc704ca851eec93d0faee39a3c |
| SHA256 | cf3e21e3a888c6f1079295a535a4ddc3ea893b1e60fd57d1fd3227f140c23dff |
| SHA512 | 8b38730764dd6225859f4c6821e98b8331e42db24a775e6468b05c91214009987680aec098471c1e524676d721c3a7fddfab08beab601a2206b696563dd5396a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff5a76ae9990d640982aaeb426a41630 |
| SHA1 | 48170b71e56cee63c55cd477540f6ee51487e90e |
| SHA256 | 2c8898efe6f40e1558e1b2f2f490ec30f55893470a0abf5fcc48e9f7a9a5ee80 |
| SHA512 | 85a0e3c744c5228f8b2acbe5e44328abdfb1973a9503041fc6fea4399986560693fe7f4f66a539ecc5a468bdc6629c3796584614ff704b9df8d6035cf288ec9e |
C:\Users\Admin\Downloads\Unconfirmed 278086.crdownload
| MD5 | a64bd549d95bfc8be592833460f79fcc |
| SHA1 | 0aeeb9507ed39f14d82149c56011ec3aaed1bec9 |
| SHA256 | d285b5242f4583d49c63a7c7f83a72f082ab395f9eaff674ff56c8d2d0fa063d |
| SHA512 | 767bffb8861e81ce61cfec5b0462f6a62cf86d9fca8411126b6ee3f43bc7fccbbffae8fafe293e9c227f297d82562d70940b441f9d541e35b66b972f2b79fdae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 30289d825d93148a4ac7105e093027f2 |
| SHA1 | 784da709430bd9741b78b78562d3d9ef65d35a1f |
| SHA256 | 78c899e4f11be48c5f8a1a8dd0dab271d43fa8271052d615c89377e1781c1647 |
| SHA512 | 100b91a03a3b4d637a56434a1a5a6841bdabb466f6ecd7037e3ef3bad54b56493035271f886923231a3b198bb9c1a31328356fa7a4a0cb1840ae85e4a2347125 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 296e0e926181e3d8e3d18b0780a9f6a6 |
| SHA1 | 440b8e99a5370253a2bfa721ccf18ff8f364de16 |
| SHA256 | 2a9226d6a7a6747fefa8d1d15a708fd64f5287b3c081fda0b1d282f98ebfaa9f |
| SHA512 | 923ab521f785171079877179ae85c7160b9243d37e86981ed530f51a3f05272e0b3d97ac0ad1fcc8916354ab46c2cb3f66be3b555bcf16dab1eb55d3b6e070d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 78dda3eb683cc331f266cef9f4fb2ee0 |
| SHA1 | eff01588ad47208e1cbab924a2cd602b94fa795f |
| SHA256 | cf2cb2c2633eb7d7c161619357f84ae7236a91faafd0f3a235799f905d962a07 |
| SHA512 | bc40e08cbc8ee5c833aa174a9b58ab0aa8ec13c78361415a0d7453505de2ee058bd2fe4544e2395c68b9bf052e467fb0ef2e59a4db85d4bdc02c4b82147e5c6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f1284fb5c923c2626e11fabbd672f82e |
| SHA1 | 406105dae19c3fbe365a76f62e475ff0997ddd32 |
| SHA256 | 42ecf7cfcc0a4ec0222a472301600c4017b49247cf3850e16b4d371aa4a9eaf8 |
| SHA512 | 2e8be1cc6283b73ff0dea320425a565d317649afd27887e0f503c744966116a9266052ae08db0f468c12adc31e860e99bcfa7ad55de7a73f02b42c9f3255ee86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1651f84719aef36f10e10bafae784a27 |
| SHA1 | e25729f8e33a08ede4ca4118c9cd7e8ad4145a50 |
| SHA256 | 40e55dcaf2917e89e02a4f5b9056394952b775286eb5abd1d0f11343b6a03f24 |
| SHA512 | 5d537c37693d4681c72bd92cef8f72d7910acc8235d3db206cbb5e7ca0a6f9be5cd02135440d72ef881f2b5a29f3e763ecb3990c070e77f264a8d6ae72a5061e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b7d6ac948b50fd5b9f5112dcb7e8921a |
| SHA1 | da07c3bef281d28345aeb2d3e99b8b66d0409ce0 |
| SHA256 | 0aa659d8782706176acddc995a1c81fbf0f6d470a74db0d38887895563844a61 |
| SHA512 | 995e67a8b1be2ae2e4b41b9eb864d506b373edc7994673886c96ee8c64962a42bc85b02610274675331e6c0db58b3c9409b08751c8d9cb52468a8ec409d472c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | c5971531f18c2ba244d6d29ac1c0a7c9 |
| SHA1 | b771bc8d04ae30dac815b9a4ce95610fe571c609 |
| SHA256 | 5e1902602f28a93da315d45e363dc5e4775677e0e61270394c4c64df3ef9e4bc |
| SHA512 | 74ccab7839ce79e0a8313f09599af7c9167d9338740e52ebfdc9aae941812f47b21fe35f85dd6f0df0b75417146e4a46d565ecb96e91b705c3f76fc2704d950f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | e6b63a478e9a077e286a024e9f795148 |
| SHA1 | 2482a0a620b3c38f6c24cf5205e5e7579475512a |
| SHA256 | 42596916431c2a9866b19ff048f15ce7ebba0f2b0af85457d05209e4d527e87b |
| SHA512 | 199e2c0d75904f98e0aa93bf537bc48e9a4736c40aaea1f7e4119127243e142825df0e9ccada949d637691338032235ce914e8b9793523f59891e4ee8da3e534 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | cb24dad35e4c3a58649c42c732d40fff |
| SHA1 | 5c71bbb63a0505a72b2884d4d228f25ed80e8222 |
| SHA256 | f611cb66154078d9abe92b692674f7f5a4222a3e2568dd5066299f442c771cfa |
| SHA512 | 18350679868a826001802fa7732eb66d6a4951e74f2ad45fbf0f4a07237c2ec8aa3ce38a730728e5fc10a804493f3a6a1d1eabb99585b8ec13e533aa5a895029 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 3d099e65a158b534f59edb1af589726e |
| SHA1 | 0e28d2635d2ce5532ea8b8cf85814df268d149cb |
| SHA256 | 36a532a13939ab01fe43924d3e5541bb78170f9a24cd9acfd8ff08bed9626703 |
| SHA512 | fa741e01930c9ddd70017ccb9d6a8ae37287d9593eb74156739edf1cff06c8c9c432b252176b587e7ad47b581af58502841d9b0c34c36ef76206d179597a91fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | db0eb45b0336b8ff90c8830adea753c9 |
| SHA1 | f63a3d0075d4e6d99a58eb6b67959c33d2685fb6 |
| SHA256 | 63cb447de2d8924e5eee9643be6bfb46ce9fd1c57efaa4f2cae720c72764f00b |
| SHA512 | 515e47e3f84339bf45dfe748f37b53af6b3b56331400b45ca6d6565bd2c6cc29f0cb5282ecdd983490b35969d0dfbf0ae9a4266cacfa53082645840bc3ffecc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 4d40e42454eb254513e6aa3e889378de |
| SHA1 | 99024247299a03bd15e7ba57edb143a36b26424c |
| SHA256 | d8fa7ad39fc854a69eba556bb1e7fcbac30c602193b94bc69e81b200bca437da |
| SHA512 | 7163657cd87cf9095725a6f734b1e6d5bf8f19aa1206cf0ec8fc4af419b4e248129c0221aad5b411b26472c98fd6179ef6a97ebb26e45a40a469a33a04abcaa2 |
C:\LDPlayer\LDPlayer9\MSVCP120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\dnrepairer.exe
| MD5 | cee286a3b75e2e3b92359a54a129a8cf |
| SHA1 | d9708dc4a44c32a25d31eb93b7e0627155c5a871 |
| SHA256 | d6f0c9d7efe02de528a908285a989cc41903bc34b3448e5638af551ef12f77a5 |
| SHA512 | daf84e165437170d2ae029f2092ea9dbde03d6a34d85ac710e679e560333f8c17c6a2fc16ad69adad36ccf29c462f9c92346ca42e163e7a8c4069253456f06c1 |
C:\LDPlayer\LDPlayer9\MSVCR120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\Windows\Logs\DISM\dism.log
| MD5 | 8a51656297a10ed31ba993fccd386f4b |
| SHA1 | 01b9aedc65991cef30135b16b4d8c57cc34a5ff9 |
| SHA256 | 58ff6dcbf4fb84dd83361f7076ee4edcb19f15b5f52b055fbb67d45f4af035d2 |
| SHA512 | 426902be913fb4cfda1ccb580dad9ce34696974f71de91ef66adb151fb648342ed8af15f2b0f41a90574a87fb66533bdd650bc0caf64c8f15b2fac05ee5a1230 |
memory/7084-1990-0x0000000004C70000-0x0000000004CA6000-memory.dmp
memory/7084-1991-0x00000000053E0000-0x0000000005A08000-memory.dmp
memory/7084-1992-0x0000000005360000-0x0000000005382000-memory.dmp
memory/7084-1993-0x0000000005B80000-0x0000000005BE6000-memory.dmp
memory/7084-1994-0x0000000005BF0000-0x0000000005C56000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c323lm4y.agt.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/7084-2004-0x0000000005C60000-0x0000000005FB4000-memory.dmp
memory/7084-2005-0x0000000006210000-0x000000000622E000-memory.dmp
memory/7084-2006-0x0000000006260000-0x00000000062AC000-memory.dmp
memory/7084-2007-0x00000000067D0000-0x0000000006802000-memory.dmp
memory/7084-2008-0x000000006F540000-0x000000006F58C000-memory.dmp
memory/7084-2018-0x0000000006810000-0x000000000682E000-memory.dmp
memory/7084-2019-0x0000000007440000-0x00000000074E3000-memory.dmp
memory/7084-2020-0x0000000007B80000-0x00000000081FA000-memory.dmp
memory/7084-2021-0x0000000007540000-0x000000000755A000-memory.dmp
memory/7084-2022-0x00000000075B0000-0x00000000075BA000-memory.dmp
memory/7084-2023-0x00000000077C0000-0x0000000007856000-memory.dmp
memory/7084-2024-0x0000000007740000-0x0000000007751000-memory.dmp
memory/7084-2025-0x0000000007790000-0x000000000779E000-memory.dmp
memory/7084-2026-0x0000000007860000-0x000000000787A000-memory.dmp
memory/4344-2031-0x0000000005840000-0x0000000005B94000-memory.dmp
memory/4344-2039-0x000000006F540000-0x000000006F58C000-memory.dmp
memory/6928-2059-0x000000006F540000-0x000000006F58C000-memory.dmp
C:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\LDPlayer\LDPlayer9\fonts\NanumGothicLight.otf
| MD5 | e2e37d20b47d7ee294b91572f69e323a |
| SHA1 | afb760386f293285f679f9f93086037fc5e09dcc |
| SHA256 | 153161ab882db768c70a753af5e8129852b9c9cae5511a23653beb6414d834a2 |
| SHA512 | 001500f527e2d3c3b404cd66188149c620d45ee6510a1f9902aacc25b51f8213e6654f0c1ecc927d6ff672ffbe7dc044a84ec470a9eb86d2cba2840df7390901 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | fa2c08e402cc1c1fca849ba2e4eb56aa |
| SHA1 | 133dbe827d469e8dcfb792734f1fced97690efca |
| SHA256 | bd6ed960624c4ffb99ce82611f23365733df329b1ff3216590292ee8034a4421 |
| SHA512 | d96f84f06784f6d2c2182301ae4437303f5f3ab8936e6e3512606c28cc99de268bd186a4eb73b092c1e54995fa849c38080a26fe6dc2b8c1e7171781677d3eb6 |
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 38f88ca4211fb378c41412c23af886e2 |
| SHA1 | 7c904c5fdf84d13ffd47703be39380861b5a6a7f |
| SHA256 | 6b149b8b72bf3631111f0e7b95b4dbe2646b786a3de1b414110438927d3f9c38 |
| SHA512 | 6ff289ee872bb96de9de4a3ef82d043f93542545f1555885bd4b6aa008892a8e3fd5f59eb4ed76a402aaa884989725168206aaec6582ea37bd556e7f642d681b |
memory/3512-2185-0x0000000035FC0000-0x0000000035FD0000-memory.dmp
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | 395970be72d1bcc7755f95a04b3b303d |
| SHA1 | f4019b43fd95f1748e2392d5cb1aa4486aadbc13 |
| SHA256 | 5fa3f4cb4f4f603bd8b9a538b54658ebbcf9198d99f2b0e1ce447322b22fb312 |
| SHA512 | 2f4968b8564bd3bbc624a6838ec33de22413afb8711e08cc36b082863f4e146212c1b6173921ea110c65a0dc20b97c9e187a8ef006005711efcf4237db0bcd1e |
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fcb0c39c493d46625df1bf75f057222a |
| SHA1 | 7a758eac235b8984ae29df5247a7c1d8f8012b05 |
| SHA256 | 2010736c65d8f92a4dc09ff53fadc14758451e86f1ce2bb4c17502f1541d399f |
| SHA512 | a3b1e684e840f1d19c963e2afee8138d1102dba531b2f2bea2b287480052289065a422328e9e7d56e1179f561b20a554f574e262ea6e6dc7c29f6fc007a9db0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8c6c92a5c0133cc3dc0377792a682199 |
| SHA1 | 3bc0cf4ff8e57354447e755d24144f4f07c51345 |
| SHA256 | c5b1d34f79ac2247f65e2cd69ac4441522e6715a38837895c6662ad5164d6c86 |
| SHA512 | e36f4eb426942eebbb58047bf4c1736f27888bdf208e9460f398438576284c22cb347ab9272c8f24db2c2f1caf06c336f6a7f2b0475655f922ca25287b8df915 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be2d874bfaa2794314c527fd03de5a22 |
| SHA1 | de1b9467c1db084fc93f18f63238cc0a67f4726e |
| SHA256 | 110f07dcd0ddf8c993a5a1fc53725dc44afe5aaefaeab899c9f76d648cec5bea |
| SHA512 | e287babab98d086acbf19e2b1ab6372747b50998706046e711f60494352bd4ff5f561f27e66db9e50769d589283ace42b8c515162a95428bf1a98e29163dbfcd |
memory/3512-2320-0x0000000070BC0000-0x0000000070C3E000-memory.dmp
memory/3512-2321-0x0000000070C40000-0x00000000711E6000-memory.dmp
memory/3512-2325-0x0000000070AE0000-0x0000000070B39000-memory.dmp
memory/3512-2322-0x0000000070B40000-0x0000000070BBA000-memory.dmp
memory/3512-2319-0x00000000711F0000-0x0000000072BEB000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 06d82bfe795e2dfbd3b78276c26db4e8 |
| SHA1 | 96f5452203e64fb08d2a55b733a652b19d80c7c2 |
| SHA256 | 23c7a6a2057149e2ef23dd2046a5cd59302727f6160993007db441001a3abc35 |
| SHA512 | 4c3daa5c3d8832d928239b6294b019b2aa033f739e11efe2d0899e135b2febe3c6f461d418d0fd39f95d98cc83a4e60c9598f63f36706f070d1c5348b9ffa6eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 26a16f9a9824edd9310e9f962bd28a22 |
| SHA1 | e96541a91a7ed2d3429d9e3383fc503594f4f206 |
| SHA256 | 2caaec097618eb9a612eb5866d4a70672bc849dc75990127eb5f14f988fa200f |
| SHA512 | 2248fd3159d2becacbdde99bfb2c0e637cbbaaca2a779d6cbd8eeb6fa10345bd241bb3d86d1143e28efafebf066821aa7b304d67ef1667a6ccbd7426ad22113c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | b093a97cc0320dbfc47a8ebd5afc03d2 |
| SHA1 | 7d3d0d78fc1dcdf2427b0f3111a78bdd9f3b01fd |
| SHA256 | 4fddd93b3d903de9c3646243a29d57b07b3a4dec2353d8707f3b4dc873cbb495 |
| SHA512 | edec8e02fbc8c6a661d401eb62f95d7b92593cd1a754aaaacdbd5ffb0d8ba4d6bee517de7830f9edcf33479f5a095169eb1781237b14c4bc265cf0fc5f52f315 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | fceba656f5d1bebaf438f5ba3c25b4eb |
| SHA1 | e1b97c2f9659f8cdea7e6e613e7248d4e43a7807 |
| SHA256 | 62e64bc06197e88c89a678de3c7a4f5a927ad4327d03c1cc8ccd69a9a324a8e5 |
| SHA512 | 60f75b9fd1e19e06adeea58e2fbe279dab5478361d81a4a69a1d104060eff7ad32ad78df34e7bb117d2578ce260c40ce307e150f584babcb3e0631bb6397291b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | c09b23a10ce12c0122b6a3d52f576059 |
| SHA1 | e214c79ade2ab8e5ab7adaa200cfe982381cede5 |
| SHA256 | 335edc4bb8a28505e6fd253fb1f147f7541de511336120e7908a5b3217bca362 |
| SHA512 | 0a27a5f3a6fb52d6afc044cf568b17a737153569e914917418a800a53578ac8968031e6277b6fa3d00860469530ea5a0633f1ac0ef27476fed72094798b1e463 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 720bd519a405ee75239ff7fda90fb5e7 |
| SHA1 | 4e3124110ef8839c319779877aff02e3cd9a6a0f |
| SHA256 | 19e0a2c8a6b9437a392ddc3e4b00dc7df56117efd0ef307f747589979ccf5fb3 |
| SHA512 | af19f96c5d27c45c7367508c0a06c7d62b17f0969e4ae44a10072f0e8cf7afaf3480203ccf4198eb62e9e253a721751931511b5c1d8eb8d22405025d934befdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 463c66bf0cce1145ffff7de835f4fc88 |
| SHA1 | 774e8b5bd5846d84d31447feb326d2956b85bef8 |
| SHA256 | 91377045fb4c13198cd8ff977f0bbf17944de098cf56e1ff918821791dd3d125 |
| SHA512 | 5053e0ef371b78d4a663961afd38a5f313a81d3de6190504976f177f83950a47b0ca8e5f0fa35ee46c213f5024bfe208872ff6359dc98816a7e10f8986d0df87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | a7f18ced0b7ae5afc8646ad46af39dc1 |
| SHA1 | 25b7bd51226f7684762b2ae2edea768086651cce |
| SHA256 | d4f3edb3b631a952d95ee8135111be8de4b969581bffc465d1bdf7d92eecc38e |
| SHA512 | cd03e35b0d75fd39343607ab487cf86420abad0c91ca6d9d4803ee942eccb3a5a6983a5f1bd7b0bd5f7921c61c05c18dd4ee6fe8621fc5f03fcdac9c53531dbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
| MD5 | 8354249a52de108a0e1e4dba57bdb865 |
| SHA1 | f6de6520cbdf363f4ad00501e56e7b162164a0b4 |
| SHA256 | 7af4110ab66064313829166bda677b435e70ed65e5a2f870656362ec13094eb5 |
| SHA512 | 3cb5ba4469478cb0fdfed17c9ce1549cacbf623690a48d328376d7e3bdaac8cb31a89b9035c97fcf873ec03e9bb544d9d3eb6010654643237e71e2fa6bbc5d1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | 5ee744b45a0b750b00065a7b599b4c31 |
| SHA1 | 5afa5d067c151144b9b1d6a9956f9f5bcebf39b8 |
| SHA256 | 94b2e7cc9d12c51a05c83858fa59a828462acf00aa715ad47e24eda5bcb629ed |
| SHA512 | f0d00a873003f39fb9b29527843b4c191e2083b5d5a5aab2bf69d1a6c057df846610a29302fb81655f3308a96191ee82ebc201609e1cf193a89929491fb7c678 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | a5fc1a2b620728d15ede42fc6a442a9a |
| SHA1 | dc3238e35b9e69f8352bdcf975140b0cabe68c24 |
| SHA256 | f59117567529802c60528b1fa9bb55fc141b99a9e7fc542f0d5e2548ead79f08 |
| SHA512 | c16b81a72e2bfae655fb25596d78cfccfba6904e4f10f95ebb5fb45693b5df87a8176a842b44cb0718cb45b4948d3042003a276aa0c209f874e0db3806573ba0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
| MD5 | 2f0df8dddbf34221926f8c81bf7b1d94 |
| SHA1 | 4fc3cfd5a0ce94cc99c4160dcf533d0815457434 |
| SHA256 | 842582e3fa4bfda598619551de51fadc9ec9b15bc28a9c30e7f2a6c2d5987c06 |
| SHA512 | 33ee4ff4f076b6976fd8e7032be7ebecb468c0ece156c1460401bb219703e2da57400967be44cd2902eed8bd59b5e3f2e79bcf00b3178ba232f21627aa1001a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042
| MD5 | 89a574ff00e6b0ec61d995d059ce6e65 |
| SHA1 | aea09e96808ab77165ffa712eaa58b8f056d0bb6 |
| SHA256 | e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44 |
| SHA512 | 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
| MD5 | cfa2ab4f9278c82c01d2320d480258fe |
| SHA1 | ba1468b2006b74fe48be560d3e87f181e8d8ba77 |
| SHA256 | d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e |
| SHA512 | 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdff3907e497c060_0
| MD5 | 47ec4c662d64eaa4e957f4274377d7ea |
| SHA1 | b3448d466beea4f744f2fbddc680e938c48bef3f |
| SHA256 | 4dcff23d32d53ea43f9175d7d5eec53c2bc00ad2f176a7e8e4b8bdbe492b1cdb |
| SHA512 | ae622393e25dadf731c5e6f1b29e3f4d38f8c1851670c613fbcb170a1b02d9f2dd3c35172c8881e21c868596126be60b05096662399777595d833b47667bd167 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045
| MD5 | 8a42ba5472aa4afa3d3ac12f31d47408 |
| SHA1 | 2add574424ac47c1e83b0b7fae5d040c46ac38a7 |
| SHA256 | 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4 |
| SHA512 | 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 934620b2a14f6afa5a962d98bda636a2 |
| SHA1 | 67af007d4bf958077dbcba016eb20d39726660fc |
| SHA256 | f56968d51a952b727dd52313a2b1b659d5edbe5e5777042793d8dc9cb10af2a3 |
| SHA512 | 13f9a8a26fd3a56f1bd4f3e64fed94ca9adc65d00deb9727e8d29be091d84cc1019586d5d636766812e6d127c2986f230559e468346421da449cbdfd87ad0c80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 0aaa843cc75c1de6f1fd7e2383f529f2 |
| SHA1 | 05bf143b610623e1d1227d606c33fdb72248e2a2 |
| SHA256 | af7a9d0a1c78c09c3e88f25e9127d9fce4cd2279cc39c7a0a59f50f1ed723d2f |
| SHA512 | 10e5059da50646e5a046c8596e68f7a259a271317bf3b9adc1f75a41374834fe8af4ad24ece2e39c234743a9a8b1f9b970aff4239522db6d180729487d3ae0a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | b3696c85ce4fe13e866b19c3ddf0e9d1 |
| SHA1 | 88b2b575ef4384cc467de6380de18c6ef4e74f5d |
| SHA256 | e31460012085e6b435189f927ccd3ec225967583de62fd1a9f3dfbd080a38f69 |
| SHA512 | 6d491b4611847d91db5fe7c54b829ba0ad98ff4aa04a213b3025125ce63bcd6f4b78ccc466bd66238d637359676085f4d6381331100ebfa5f4b34576bc1f146a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 847c4e34c9162acf4b6857812cd3dc2d |
| SHA1 | d4ee14a3794041fb661cb8d497684c3a30032f28 |
| SHA256 | bfd486b27ce892b5c77ca52d096a02020ebdc2b10615a53ab3dcf77079ae2b88 |
| SHA512 | 2a9da1bb2e7010abc28a055f778e62a7282a9b215793bebd56ade2cced2dfeec6ea29b5d7a2c103e33fc7251ca608ffc5087375da3dddd3421e79337fa81644e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086
| MD5 | 4165e15c0e8e7f5313aba85f1fa09233 |
| SHA1 | 15566d6448757cbbf77ba502d1451b9751a9de0d |
| SHA256 | cb66c6e5653cc31df85d918477a83b8ce0e896f5bdd5878a09d00810eaf9ec90 |
| SHA512 | ee14c5f30f35b0e40d8fa082fbbbba642943d1c1039f7bf8c37ef83fedd15495946150074a1c4b603e581be3029ef9fa1e78e235286aaf276899823ce025bc19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | ee388f5d50b1310c2a2cbc7d021b61bc |
| SHA1 | 4d560d8fc86bec64ef1777ff911909f3c0d0c0a0 |
| SHA256 | ae53ee26ca19ff0a2260ca410daacf8acd81a376c99e54c51d1b3853d3b55cfd |
| SHA512 | 957b14ad6d470ad941b1e39161328882c779f30a8e9565860ae7faeabe8f2f4c01dbd147264306c6b825a34fb46a0ce6580191cd058272ba8675b81db2318f24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1d5aec48789dcd7_0
| MD5 | e606a3faf678d9b39627b81f87edfcaa |
| SHA1 | e6eda00d977ec56435940441686d1d509132b5d1 |
| SHA256 | 4d497734e3c287098951ac1d0fd07bae3c515b62a6687ca99a621bd14a78bb4f |
| SHA512 | 875f1cd649efc939397f2e941fa4f723619f56dcacf3774f94b99a95bef7457be3d52fd518659732b62493a765916777df2b2358a7508d2c15e019710449a69c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e2b8b60d7738ea6_0
| MD5 | 57c21059aea3c66f054c738934643da4 |
| SHA1 | 80cdd95c25c57ae3cacfa4bba688af79d413555a |
| SHA256 | a1aba143b6039d26636f4aa9274e8e92a12cfa54d04147863997723b08e37837 |
| SHA512 | 5481cd9b0184a22e4df97e40ea42b860c04c41812ce0bec0589f4744347f532ba6d2eda303986be92b7ee5cebf33ccb60b90337ed6783bc4f16076d341ca6f7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094
| MD5 | d4573f829b4f14307ba330cb30e84a4f |
| SHA1 | 914f31667c202743a1f761d6e5d97af867692822 |
| SHA256 | 153998221610cf51fb52561639d94a86a7e027225571296ce96aa1d716916828 |
| SHA512 | a2df48fdd73f7615c370c063e175d76f35c3e73e6c7b06f8c96c222b0810ac0694044084dc824f57c4a67dc783fcf92412c89927abb358f2c4af260bfca737bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\66df74b3a5a62c69_0
| MD5 | 529fc6180501912cc50273cacd6900af |
| SHA1 | 1b2406e4d60f59a075fb649bc3bbd2c4c3220e5c |
| SHA256 | 05cd0f9e89787da04a69881634389e51a4c23363691f4866a0beaf8f35bef017 |
| SHA512 | 1ba6ada3b6b617337b7f1639c799c704ba87a6d6e1811e501884b96dcb77f335ac7243284df0b7bd739d97da028ceb525f220a5214a9b34300b6f4993d1c3fc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8172256176818c44_0
| MD5 | 9391a01afc107f12a9fa5382d41c810f |
| SHA1 | f4dada29fdc70b3828197e8b6c31962f963406f9 |
| SHA256 | 22f3c58d6c92c64eff471d5c1fa7b227920d0fa56c48fb0d22be59a6db817a0b |
| SHA512 | 6c526deaf998777b0ab5753d4124eab3680707ec7eb93aed1765ed0c4dcb65edff5d706e00b63a2502a621de751108da096127edc22648519af92b13fa4ed6e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\689471a49c9589a5_0
| MD5 | 84ae1a2ffa6fef83e57b226a3492c939 |
| SHA1 | 035bf0a1a26263b01eedf2c326a15665da3df52c |
| SHA256 | fbfb995e772232c8f002213dfdbfdcaa97437c87ad5762ba1d7c8d2eb796aa57 |
| SHA512 | be980645bb995f1b98d0936869b89fdaeadee3d83d3e3372c34d3eeb8f963028dda80637954adfeed6bf64f7bbcb8fad50721618e36fc5429af355fddc80a350 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089
| MD5 | a0e80d593e77c9a87c4a1140456daf7b |
| SHA1 | bae7364e48a633dcba90293670489eb422a54e97 |
| SHA256 | 953c84027fedd064a40f44e885941f619d1eb63530f82c29f084fb4bc68e340c |
| SHA512 | b07eac576c6045563447c7306f84ac4dcc99af68ad261424665766ed55a85a9879627aefb0608f50eb0c34c80367a6db72b7ca1449ff25b9be57595311c1ccae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26194a6bb1db1642_0
| MD5 | 0a8159f5b065c8306f6c82ded767f8fd |
| SHA1 | 3c869e181d75ed76b83a13840a5622f8cdb1de0b |
| SHA256 | fec4ff3e7c510a271d9f0ee3fcc1cf8e159ffb7acbcc60e960ce0c714af42169 |
| SHA512 | 6327495a661c4e66bc8d496f83242efd95c62c1a2a2c0756278068437b449a08ab108b4e80fef88a8eefe9a6b7ed3981eb7e5317f7a50d77d7cb4e8ea261b538 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78cbc79e992c9bc2_0
| MD5 | 6e6c7a27967aeb1a06afcc227ea967be |
| SHA1 | 7ae7220b679d761d9c1b1ffa5a7967fe4f958f89 |
| SHA256 | 275611c88c9e56d16404c52b10118ac39e52261457b4656ca8f61f09d90d1e69 |
| SHA512 | f1d89f084d244cff5f6d8aadb90841309632faf7911bcdb059949d5a866256e39fc337c4d4e31cb0d7fb297cbbf87111858be12c6b246be36b91c2a76d5e3d50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7ef9e06abb9080ce_0
| MD5 | 4263832446dd8ef8400ad9e9665c9869 |
| SHA1 | 85b12c7c583ae2c4646d34e5e19e6fff49b17c6a |
| SHA256 | f21a2b778e8b72924498ef44c1ac103be4af02d26bd939aecf82c31cb3d496a3 |
| SHA512 | c9793a7d3807b75914196b41da7b43c247d6489b5af4b1d34c4a73fb13241385b378441449a4e21f57487cb37ce955698b081506f50bf5c1efbfd1ccbffbcad8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cedbcacb50cc047b_0
| MD5 | 8c2b4e9df05bd913d6b9a42a65daa489 |
| SHA1 | 921c416ea3c043a84a8a43ae624024d8d7b20355 |
| SHA256 | 5c113382ad473c489c79c4d4005764ae0ac8752df1df7e1c215aaa0a0ef20988 |
| SHA512 | 7aa390857db41d16c67e58d87d3a7cd455fee6ed0e27813de9e95acc7ab8d7212ff8c21d748aefbd04ee335dcc6a03238a087a0b152250529639f2880430bcf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92063f2bbd648a4f_0
| MD5 | fe28e31719502e9ff28d6410e75c247f |
| SHA1 | 265b05cd5f2aa8856351da58018570eeac96e691 |
| SHA256 | c3d9bed5cf5aff3f6deb9eda30f1402df69d120a5a6330ce60ab8d44d7e4c9ef |
| SHA512 | 56b9e2e73f510f98802619b13e77bc1b55274c519667c0841cf5cf6296eb9f8ace30ea72183f2e2cc3d6bdd4478473c1fa502928cc640389bf895ae28850274b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a5fb85f552512ad_0
| MD5 | ed13f6eb36630f3881d00da4304f94c3 |
| SHA1 | 1c68cf3a5c7d3bc5f050e2ed6fbe5a50ece50557 |
| SHA256 | 0e10193898bbb705dc80d14e251d09aab84c25ca8bee832891b2015beff6c43a |
| SHA512 | 0a4902228f3aafa442c376f2081c071adea16e66f1e1fd59ba065c812961872feca43023c1da6ae71b1353b3daa79445b04563271a2915ef129cc50e170f6f8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4e9e66b8a32fd8c_0
| MD5 | 53998d94e5b514b63a9f0b90590a9cde |
| SHA1 | 0c4785a85068ff8026c325abb8a886ef2e4293f2 |
| SHA256 | f204767d9865ad33e0ba8db83e8770c4ba88d8a216b6e2b1b464ed07ea6666e1 |
| SHA512 | 6da2dfd6cab7dea2d6fc47a7f4277417fa24a4843d67dbc3fc19b7d139e6d87c07c291d84f82faa3a7c6edf13aaeaa5e9fc030a80f4f150fbd8dd658b465e85f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635c5a48473ec11e_0
| MD5 | ef832e9224ad2d8c3d1ce107a123a906 |
| SHA1 | f0f1a3b7e465fa4285b0f36a332da660f5336820 |
| SHA256 | 5a66db918455e554d5f171f3abbfc7c1d245bde2cd682e577c4a325a0e464a17 |
| SHA512 | c9e3c173b3f4cd74c5db29a8c5851aa071a0c3e62284ed3ee1c4dad7c73b0731a18b091cc3e12de825101ed6554be0064f5b52fbedd5c685084674c10053a507 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e5a299538970bf4a_0
| MD5 | 4ed7fcbedeea9c4111b77f77746f1385 |
| SHA1 | e83ece807267acbe3615879ad74a3f73d5ea9e07 |
| SHA256 | fc51d1ccd6f3cd27229a6ce061d9db6cb4cae1c120f0dc7f78010794410fd9b3 |
| SHA512 | 1d6323ad7ae3bec08f5b0db50ef3f9c1e8cb0b0e30c7f0bc9d019347ee18006895923bccc8ede6b1e7e6b08eedc466b87c5657a9e8b17309782b3dac53fcb0d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53b92fbc4d68952f_0
| MD5 | 5ddfad92943a7b02740e4b74f807a2ed |
| SHA1 | cce8973926291cca0a45f7a8c8c9bfe504064c08 |
| SHA256 | 4ebc0fd3e3886d8e0b6e5c4648104900abf69cb8ae635dabdcf7d40083e63cf1 |
| SHA512 | bb4cdd627212031f617eedb8d8012404039f188b2cd23644237afbc8d074da1c7b39bb0d99c81a601524883400b2720f3c329d34ca336a3738c846d33c1c3bdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\802bfbb1eee3d9d4_0
| MD5 | e4b94ac500e7746d04a6474ae9c6a6a1 |
| SHA1 | 40e587bf0b9ba78b2149b292b1d6f15dc7d48417 |
| SHA256 | 64c58fcf0e534de97f17a77d63ecf3280eba4ff13c3f7fc4e792ccb1dd33a842 |
| SHA512 | f523416ec70a2aedabc81645c6e88ac81e3fe5d304210c05072aa904708f4941ce0c7ed881c4c8161df55d91d95775b2af7c177082f698afd209c50b084c6ac1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\224915b792d1eeee_0
| MD5 | aca9b1dffab6b4fd4b434c5a44f48b7b |
| SHA1 | ac48bda1553c7185f69dbf8402e7d0860ecb8ebe |
| SHA256 | 4adafa018029e8b4d44e4dfa19b163ec86c3521ea9ef655b175044aa5a5b4eb5 |
| SHA512 | cd2447179bb1db474aae499b50b5ff27d2ace94c0fae6e1b5107a13dfad938266c709b61a0a7a448196974cbae9ca21dd1e5c3ca48430fa6d5a6f2d72c4e9a24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c644062b95acf88_0
| MD5 | 99758ecfaf1b62e0b380b399b7876479 |
| SHA1 | 58bd8c8929ff558119508e488ad0daaca53778be |
| SHA256 | 10e012617871a3279605eb9ba00e03bed1808c65405c8ea577d860065cdf5e00 |
| SHA512 | dc975d693957539df92622b99174489efaed276b89f441d34615437f7f26788ae757a58ec4d019b5b962b2b087fcec04b9b533e22869d951e2efaec273e143b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\07aad75a0a1501aa_0
| MD5 | f38054db745e25a792d6e1147ba2d7f8 |
| SHA1 | 67acb2e30242744a8bdcb048c14cdf444dd0c6da |
| SHA256 | 66dcebe204d7d603216f4f8dccfd022355821f6901397d43170b2026780ff34e |
| SHA512 | 61b05a56213c646f257ce24ada44d08fcb8b931cfd6c1d250b1ebe8507b8fe6e239de6c8456fe550fe8a061ba7158dd878c311365d0510a7c7599ea0a3d004e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23051a30be234785_0
| MD5 | ba5bf1d0ab7cbdbe747d879c4b505a02 |
| SHA1 | bc038e5b84b37e76d24446f49e34be60f6e55975 |
| SHA256 | 2f970a5b564f5e039c1fbcb8505d0731b025701f7b9e2da1e9caa5b7f0a58740 |
| SHA512 | df552e08d04876a8666b13104395d5d595067167da5f6b14d379f93e16cf15bde660e06a2a691871fa9f8f0dde5f00d0c0b83f7604227ad6149d1c119af09083 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83b2c7445a00f61c_0
| MD5 | 6e718f832deb6c0f5dd9b707b6ccf7fe |
| SHA1 | 932cce530123b0ee545f481b36af229081c945c4 |
| SHA256 | 7caaabb55aa036e5c0d3c11411a362c222fafb4568f266de760a2ac059379be9 |
| SHA512 | e92b32132bd48da65f10de76cc0ea9e4e915b5aa57b0f9c0c699f3fd29d3c189cdd012d3c4d6f3f610ae0da7473ba0a2a1525125b034423fcf3f91cd02fd5c92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d821854e2379af7ce7077cc671b28fdb |
| SHA1 | cc58af71280b37fbd9091767763954e20320b181 |
| SHA256 | 97ac50f11ceea566415b0930f5c425a93cbb79e399a3a4fe8e04ac25d95a5336 |
| SHA512 | b9b9b15ffebfd76ef5987bd30612c55816ee70954940041ae0d4e3f7489ecfaff6486225f7d9276f33f26d730cd5f7436bba05489b3840cd5e3b5ce904631572 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb7d4e00c2a87847_0
| MD5 | c8d7acc252e451bc0a46204ae0680dcd |
| SHA1 | 3963188e3571e4526c033c305daeef59387e2e57 |
| SHA256 | 0ca8a13f08b21398fc717d17a735b9bd5c0146fc908f1d6eee87cd081c4921e5 |
| SHA512 | bd8484cc7cb2a0dec45ec7f31c2ede89300fca1905b24391170762dcb7967de214748c71bc40115cd85ac8d0e69e6d8fc4416db1993ccd4b7e596a0fddbb330e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce03f86b39affb26_0
| MD5 | 07cddb7c305418438e66744be4e5df93 |
| SHA1 | a685d53a4ed2b257c53956a7e7dda32dd5b4abe3 |
| SHA256 | 61da91f85e9c5b0aeda765fb7584abd981a099237c83e22b783dd49614f99b72 |
| SHA512 | f23323dbd8aa46cd923c2030aa72cc70957e0c62eda2dff359cdbbd340fe5f63238c65f7ad0336548f91659994176e59b36116afddb516e436f0da14c5beef48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\583501846d4bf9aa_0
| MD5 | 528747dd3d118ec892498ceb41cafd4b |
| SHA1 | 3f854ab149ba6181b008196b5fc23d078854c477 |
| SHA256 | edee2a49f92c116451150a195bbf2d892237ed43e12e142156cd2c55c4f3048b |
| SHA512 | cabad0f402f4045ae824a1f594bac8011b8a74d63c8eab8688badd9c450d573b7b1ae996ec9ac65a9a4fb687e2165923043c0d25954213603bf463ca88b5a3f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf3fc8ce1a143568_0
| MD5 | 6006454f4ab071329b5142ffe47d25c3 |
| SHA1 | da97094fe09e3b737796c088af495a807c8f2eff |
| SHA256 | 8e174cfb25ec1b9c074a21dbc97cedef51bbec6a15c2a2e6c4123ae618cb2131 |
| SHA512 | 3478de356a9f634559c63b1c84f4666cbabd02850d698ecfc74f34375dfeb9d9afd53573ed0e8fcd7142280367dbeaba0525448912ffa64b67c98b439a170094 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a64a9f07060a6a1db8d78bc04e0b15c9 |
| SHA1 | 59335314ab7f662b5242c182aff9c50d365a7c41 |
| SHA256 | dd7d8998f88be9ec1dc0d5c4c3177d14a51cdd20fd159f20be08b0ffc83ef743 |
| SHA512 | d3df605c645587307af031e5933a3e7d1ee0a6a03d47bf8071b11b21c0ef9dda40eb17973a7061c7d280493b8cb14f1504473311d34b194a55bd9dc9626114b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 582c2984a2e3a69f8001b5ae7cebe738 |
| SHA1 | 03cebe2c9d11e282c8e3f4cb2b500679bf009b74 |
| SHA256 | 632812d7447a02ee9e6124243bdbb29374f0a716e83f09475f463551645efdef |
| SHA512 | 3cd6491275912b5c731b3205b84e905952e9ce87ef8ee57f38491f664efffeeccdb0ea2227e3cfa5b4729c72937c81c92c8c075c9fdd497efce2a099671e31be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079
| MD5 | f0f0d0ca6b43ae9a3473001b27b53512 |
| SHA1 | f4b84f305bf0cb1670186eb95af85c3ddba653d5 |
| SHA256 | ebf4f51255387d1ec395571499b3e415c392eccad756d63e084609c95f843b88 |
| SHA512 | 50a097f068b47d5c2139013565801aee3b09e0b24d38758e3e894ebbc083126d20919e46e919b0f5aa9ab471fa9828fbb78bb6fdd60cfe467a072491025bbdd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2667e55261d86d3_0
| MD5 | 61ffb6c4800c6f1b80cd80141ff3e10f |
| SHA1 | 8bf18e409cd3a8320b4b23f56ee98383fdd15367 |
| SHA256 | 6a3a0e687d353fadb42864e3ce71165d5469f59f26c4d746cb8f8b30776f8062 |
| SHA512 | c10bcd02d0c2b3ccb86599f204320cfbc0f16ccba4eee00636bbc65b7a38935f139f92a9b964e26d7bad1fd559796dade769a21b94db26e693dd3425c69e6bf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083
| MD5 | a29afde61bf49e90b1fcf6d121c05fdf |
| SHA1 | 1bb7ad9e012d1fd6efdb21178960a20cfae12c80 |
| SHA256 | ea52f64a22ffea8b40e905928c4273ec9a9f4961b307bd35750b9c4fe84a7248 |
| SHA512 | c0df15dc65ebd270c3a294d2fb42882cd443da45b1b54738330c61981d2f5a346c02f2b9ba846c5cda9010e255043adc32ad823689663fa7b830e8094c805612 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084
| MD5 | 6f6b948dc3fff4c3803d73909ad6e1ce |
| SHA1 | 2d8eb9475e95f14bb19de1906ee3252c3a55d576 |
| SHA256 | a0ccfc2a84e967737ccb5ef8c6d9bb149c834580bd7ecbd38107ec0d7c53a5b4 |
| SHA512 | eb08c733856760172932b6c3ea02274641d1366709a8454f42ce286db0ccec9e08734e056b1d088aad0173a9445a427c346ab522348381c204989cdb5a610144 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085
| MD5 | 0b2cb411df0c267c83abb83802dee87a |
| SHA1 | cc65aec20bacb8bee07f10981658dec751b6b270 |
| SHA256 | 77177367eae44aa70ec5fd107ccd6c589092ff93e9166b9bdd19a0477d2d2e42 |
| SHA512 | 17fb4be12d013d7fc19d6e26a6e25131e88ce6272fec1bce23a94d6a6a3e309ea9dbad75fe91b80862fc014de1687016b3418215d962836bfd0d536c4f95b22c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081
| MD5 | 26b132bc1eee4e25853a713a1d48b07e |
| SHA1 | 04955293a25c377d61cd29319c21b0bb9871e60a |
| SHA256 | fe9addfde9ffe92b669266a2797a730dedbd49eadee84cc33b5428d7e0be3878 |
| SHA512 | a045386af798b1e1e321e33050c87637e3c536fa5a69574a1ca9fed2677dd6440a01d2c7806c043c087ccaf6655dc4a256cc945906ec956b051aa95514561ee4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080
| MD5 | c25f7b2839da9e7ab4c19fec58f52679 |
| SHA1 | dce5080e1c510f5a4ea8921a8944671eb65da97c |
| SHA256 | b48e0ddde09660ad0e2a4fcce024ab65fab4e3a893b80b196718793236a2e57e |
| SHA512 | bf9526d831b598318bf9011c6c035a522124f8a287f3aad6c7178d161412acf279c10fe1071513325576aa69d2299c9a66415d3575fc2a0412882eff4af9635a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f
| MD5 | b862d8547d73c026cfd59e160b249fb5 |
| SHA1 | 1d49c63baf6f5e446a7868dcb7651bb1b6581c67 |
| SHA256 | 19031a7d81e62a76825b4ccd19c996c40e9ea11bddc6dbc5c0b390df289879dd |
| SHA512 | 52da8bf1b258e6f08f4e19a84d515c9bbfeeb0eadd7e8db5815899029499826ff5a9e581c83fab0b872e1794fc4601d4004eaa597df2e24d157795f329c2f358 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c
| MD5 | edca36530bf4806ab1b8b9d61ec6be68 |
| SHA1 | b27bd32e3cbb9b81279828897e4b6c8dbff8240d |
| SHA256 | 421d3ef8606f5dd3972a9e831fff636e2ddc3510447e4014d331e7a547a8d5f5 |
| SHA512 | 6ba2031f974dcfa2cc127031a63afe0a4cfbae967acfafaab4678e5d82be26b625ef26496144015413d40d61b0de8ed52ea3dfcdf59f480a8b7814d2773e0a75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d
| MD5 | 3e29898e9c0a3b9850fdbcef8f1f030d |
| SHA1 | 9b3876c6d3330a65dbe6599f268946caf471dbc4 |
| SHA256 | 1f57c944a4b92552c741c007f2629bb388170400817dfdb96d4a8675f7c81611 |
| SHA512 | 4e1c0a435d4b4cca5c1392f0fb5fdc12249701ef1a20a7abdd650bb695d0f595c3ddae5766f7c212de37663dfe0ff4a6c999845b86b6bd501daa4f9f848a35b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b
| MD5 | 2d634b65767a471811d950ef0a933b97 |
| SHA1 | ccb4cfce187457f9f9022de2b5539b6870bd7111 |
| SHA256 | 012e1636370367c02a561413d48afea9fa78c47d7c64418771caa77015855537 |
| SHA512 | 8773afd8d11605b268f6678dbf07aff3a6fe1266ff7f576175604a8da8e03c0f99d5278ff309b281cf1179db7cd359bcdbf589eb73cf47999f40551c143db82f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a
| MD5 | 41755e3dca3cd8ec8f3292ed5f92719d |
| SHA1 | 9f42a5c8fa55b2d34f91e1ff3dd6c94316c70d07 |
| SHA256 | d7cddfbc08f958a8f07d4c09f55b15967e847755d2c03cc92ef549e28c9d74d9 |
| SHA512 | f6b82be25d6e8902889498eed6f9941f5a2f00fa39a62c8f164c5b7a0cea329b1694953ce416602b00f45c1bd24a1523758ad6eb728fe48d18d5e326260d513f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e
| MD5 | 07e64c500d05a735c3e2ee2589e7bc11 |
| SHA1 | 0c0dad34c54e6fee6d09dcf5bb5ea57effe2532a |
| SHA256 | 6f35e24ed7631a933c551ffd3013b0df539764340d76aa43d0d302489a609d75 |
| SHA512 | c39f587a3f5a01156f5e80a4ada565a29ed6793f6e6ef7cbf577957180bcccfbe4c15cf3854c3d26ef26c04f4786d3ecbcdcb5944b03f7c9423843554571efb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000088
| MD5 | 5f112b5e4ce7990fdd26ad846bd9cdc2 |
| SHA1 | 3a5acf60decb4fb0c2c2a4abeaa225ee514dc529 |
| SHA256 | 0d7a4b692dc4586a02050f6b96b7433b6bfcc380dc7e04360c849dc1f3827846 |
| SHA512 | 5b3a9297466a25fafa81f016a92258e0ed167dc63db9e507382eb1629653c13b794fdb914873c76119d3a5ab850f4b8e3ddf81d68cb6b781e8ef6aa9c713c6c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087
| MD5 | 394d947356805f8b14ddacabe9c79ceb |
| SHA1 | 8c453a8f4d613a90dcce207ff22d097f74c07f95 |
| SHA256 | adfeb48182ef0a5965b3c12ab533b12a18abb7e893454e71fdff281202da905f |
| SHA512 | b01bfc93743bcaee33ed64def01181e21c81b87f90784a6b504962f9ba995503fdc69e26ff9dac0debbbd27dea33607aefaf383eb7b789da6bfc4c61694c7db4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a
| MD5 | 3f2acc2adac176845192339b31aae91b |
| SHA1 | a48f30e0517c0e5e99f1722f18b9d07050750612 |
| SHA256 | 7878ebf782413917cb18c292f9cb6b98eca4f7baa2c7dcf56bf92f63d5f288eb |
| SHA512 | 0f271973bc4a6003495ae29298fab0efb34442ae76b00a1bafde2c80f6029d7360f8b062723088b61c34649c4e7ad351bc4cee09a227fa4ee7688ec45ad98913 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f59cb41c7f6a27be_0
| MD5 | fe9cd7f4b563927d75ce62c7315865a0 |
| SHA1 | 4d094ef31fac2ea8cd4af04eb81c5789a3568e8b |
| SHA256 | 1e43c55795651fd4857d7082c27a30d97eb1dac047cd9a9423794be554d2428e |
| SHA512 | dc07722e9c1d0cbd4bc0e67788c6593affc5c2334ab3acd4fb812862f7bf8ac6230ef01df5fc27a4609b2a85cc73a1875a588199e4c83125da75385064415edc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b233c2bb1dd64753_0
| MD5 | 1a3f67288e7a21e41095a1b6aacd05e9 |
| SHA1 | 2fd2a1e8c7044678d9cfae374c2878a0ff30ba17 |
| SHA256 | c1e6f0909766aedcf6530e649704b87c2295aeee7a26858ec65ef9df555585af |
| SHA512 | 83b5982e0e3bdb30eed8e6fcc30f060627d21f7e7273d5d697312c996ea8468c138556b50927776ddea38d841818ae9bdb599b74e69f913f162259cba9920806 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061
| MD5 | 8af805a3e41280587c99c6b5e5952076 |
| SHA1 | 33845d1ffc6079f4cda1dd72ef99a70d06da63b2 |
| SHA256 | 6e779b3a773c70ca74447a4d6724e06cbf6e98b21d7becfb6ef00c4ccbae313f |
| SHA512 | 95b0c2e816c0ce2e46518389b43d3d1bc851365ce9f926d0e016821fd24a9cc3dfff7195d9bd4d29a7f1e66823726c4872a5f737ac62ee56e9268489cbaaef3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0
| MD5 | 12b3dea66501f05b7b44ab3af97527c7 |
| SHA1 | 2a122e7f483800e9bb48a41c397a6ac53b9a63bd |
| SHA256 | 871c1c1b1d52a1f2b993c42c458d1da8aab5f5a9e1b25c692486887fdc73f59e |
| SHA512 | 8c3d68dd280025340d86d1b4b5ef159b3a4fdc78f55894c5cb8504424cba9541f46800e30bbd22508cd26c4926c1d29b37d1f203fa8b369849943c63cd18ba6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3355c555ad5e31aa_0
| MD5 | dc62dcf5a4f6210146ada208aae3e398 |
| SHA1 | 48235671ecfbc259a694b18e41e42a6da794a85d |
| SHA256 | 07a4697f3d49e0c86e10f8262e796a87eb0efa3584b09413480bde805ae9d710 |
| SHA512 | 6425105ea50996f02f0210dea2ec8c02e0955f47b856ba1afe256093e9800f5aed51c0648ce29c4a7edbe8f65d753ef9eddb0b3981f6892e4df2fba4e9bd6eea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a74bc4926ad9c8_0
| MD5 | a9199823d0a5ff2a362eba21a26ca0f9 |
| SHA1 | 9661ba2cb948820e681917626903d10e123eba41 |
| SHA256 | 6597e161aa3e4e3e74e45a2830ec30b6998b8bdd97d9c3d800cea8f827d96548 |
| SHA512 | d614a9a516070b109fb28c7b19b0685f032ff1d3bc37f140422b11bd2df32f626f9c26ddca391165150a5130a4d6f6650aa339aaa085f8ec0f423c0e896f4bc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091
| MD5 | 0466d6c947a9a3c89a0f3a9ba25b11ae |
| SHA1 | c2673305186b014a2df914ce33c6b03c02363d5f |
| SHA256 | c0c81256f8210a7d46baef0c5434624177bd1ab913ebcd8763b226964bdfe23b |
| SHA512 | 16a32c67ca2908712a0495da8b46765f90b47457dc774bf39845733cd7fa2519e82bc231df54a2c2defbdae76aaeeb752805b6260dab2e49efc498eaedee31b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092
| MD5 | 4b9f2aff9903728a97cf2345071595a4 |
| SHA1 | f7bc04ef2c16ea8007b3b91b51bb27e873d2de7d |
| SHA256 | a6aeb0099a39a7e609e1f0674dcaa128594122e26098cf9f28877b608f857a63 |
| SHA512 | d7014bac79419f06c755ede14c37c152c652b7557c9e0ba2acc0906c70092449352118101d7f097fb9d1311e2877db84920dca9aee2b83dde73e31177a04acd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093
| MD5 | fc03edc2c67353b7608b593ee05565c6 |
| SHA1 | 72106071998b0ef5f145ea4f9d53459e52a33e9f |
| SHA256 | 14be4114dcfde74652f19f9ffae8c9bb50707e9e88bd2b1fcd86fb50224109e7 |
| SHA512 | 444759b488bd8724b40429e1b0e05c5e11a4a1b9a2defc03cde8e9156e237510a943c4d24fe312e0c7a5fb3929f47222fe1d44027ec242a58087a0a57be388d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6517efae5af72507244e0bad2dfc7192 |
| SHA1 | 2fd5018407f6c565e681d41169864206a6e5d3ac |
| SHA256 | 5a62d3784f796fecc317b7e8dd92e0c3831409f040e63da65544a09686dbc1aa |
| SHA512 | af48e583c52efa85b8caef750d087eedef5167b9a06e4d149a2e1b1d4357bfa76c5dec2ef1f5e7144d9dda381e5a8bbe87b8ddeeb5bbc9e3feff10e0d975cf5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9e507544ddec92b09541aacb5f7e9a3d |
| SHA1 | 41ac4ea535f90298a428bd6dd223e4ebc2fd8a12 |
| SHA256 | a0763de0fde9c9b403ba1bcc14d7e3eb15bafd9cc949f37715660f3016858cd1 |
| SHA512 | 1001188bfd672597d9cc17453837ba5ad84931bc100e4ab78bbe9991f33f153bd11498c843e772f6b1f554d6c27bd9e39aa9ced4c364d3aef49793e83fcf579e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0efdeccd42e10fba_0
| MD5 | 5dd038981b23eb4b607034b4cde595a3 |
| SHA1 | 3956b76ecd404b77cc8ebfea69cb716b32c21898 |
| SHA256 | 706c1b25b99655e08879a4e180a16872b9b1df42ba03414afe0c099dc5bb2894 |
| SHA512 | eb99d898fe28875e1850562b33d28d26d9af51e8e0e96d5980726b99500a50b2d136ed06bf24abebfeaaf8d52820ae30bb7929996165b24c443553610f87400c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5041123dedb670d2_0
| MD5 | aca25e2b776b0a04ca5dde88774eb762 |
| SHA1 | dc30a04cb1e6dbdc2d3894b21819b9f3f50eceda |
| SHA256 | cd62d4b8d72d6b0003becaca6219ffd2b216d50da7fa6c367282ff4b2b98864b |
| SHA512 | 201447adcf8dfabc7fdf544659fc5cff35afa355439e14688f7bbad5e0997b5bfd6dfa6f06a93a471be796c6e31864d2b1faf240b4f5aabea94eaaa5fca5b354 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89c513ac2895b809_0
| MD5 | c4e7192ca57b060405db5967dbf93784 |
| SHA1 | 879bccb2095a8eb6cc1a32226a0248e1b7b046a1 |
| SHA256 | ba5d324d5ac7ab4436edaa568c4062acd184a1a4525be9929d7b99a4d3544ae0 |
| SHA512 | 6b3ce5eb0c89293d977253d02eb7248ad3b9270264c4c20b8dd5cc04b6d7bd89ed9c44392c23d866dcdd5fe3eb4c7e2889834fc8c34cbd84936fea4603d3c063 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de0de015ae77bf33_0
| MD5 | 602b2af469e38ae1a35e97e8ee85964f |
| SHA1 | 388ec8667994ee2c41fdbc4bd0c481f434fd8749 |
| SHA256 | 9432b2bdfb900a95cc95436e8442dbb12ea965751d10f39ca7c1872f4ca83822 |
| SHA512 | c95ecef251e8738c882a68ae48eb8add6053f814a95c17336a71e6c0e4555dc513957965b5c20eb7d3616a49527394dddce557ddb6efd7301b466d31c9695f2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c3ba1c4f627c5d9_0
| MD5 | c06b4d2a0697a9060e9cba113ca415d3 |
| SHA1 | d95173c3cef2e81134e8529d35f888560d8bc7c8 |
| SHA256 | 9ae4990a10b7584861836bcbb3addb253d6f26538261424b58c205f372b97024 |
| SHA512 | d032da064e8f761b06b14c20416abe349ead0cb13e98bbed29d7ccab6fbb1a07642c64d2457f3cbd8f53117ba1c9399b2d86b50c780ed79f58735ccb063d4fdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b27e8b246dce2d4c_0
| MD5 | ae1d27c1c88c5b1a1f0db0c3f72b5bc5 |
| SHA1 | fd14a533d2590a8a40b887663cd4ef831613feb9 |
| SHA256 | 943c03210d7687cc38753369ec831cd02d8cd4d89917533d8789b8d27f45857a |
| SHA512 | ff62aa1ef3066c26ffeb4733218f36410641cb94ba0e026859555b4b117653737eeb10f13443382c5b4d0711fde7be01b0ba37ff8f8a69eafeab658713ad688a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9f23f71d85ac1a7_0
| MD5 | a3d8679b6fadbb23bdb4e22afbecb88c |
| SHA1 | a120bec3e78ea34a5a1386c5be3650e7e06d84b4 |
| SHA256 | cc00b8dcfea316efe3f905531c6926d6eb7395b78c8327961096a4a22bf07319 |
| SHA512 | 313b42e21cdd54205b26001994408624169218240589d8d3295ac2120cbf9262f0a0d6200d3e8c00ab9979c9ce586d2801e45151c2ead4f627c60ba48be4c890 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7251f188d57e93ed_0
| MD5 | 6e58a2d785749eb446aebe56d8d3373b |
| SHA1 | 413eec99b077f7709bebe179d18081617c0bd930 |
| SHA256 | 217f5d42830d081268c2556373e0e7d5cfdb11ef7e8ce5c2c2b3ca211fe724cf |
| SHA512 | 4323f5df76d83b6a710a238e120c8fcd12058d79bedbe070438e7fab34b5fedbcf77099c26ac913d47a2eaf6553f6e553e3296a176f416fbe499aae68a82896a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\698ecfa6f0f941fe_0
| MD5 | a1ad812f9ec15391a21e5c3d56fc26a0 |
| SHA1 | 014cb4ae1918bd3bfc5e095d719bda3071816101 |
| SHA256 | b72cd8b2ab0af550aaa6da45233503e2a265eecdf831651a5f7b5454ab392c17 |
| SHA512 | b6800b79fc2330bfde3bd7215db1f3c923ac84a9d237b7576180ec5ca43aee7bde5708309a1fb7af9b88e09b9a874f4dbee7485c2e8bd23d14d3c1f3481bfd23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb9eef1a4e773848_0
| MD5 | cd1ac85f4ee00ef65131fef2bade7b61 |
| SHA1 | 518e3d1e04b1d8c3102fab984020a095e4b6baa8 |
| SHA256 | eecd6f0adc8866f3cc89b31700bb2f679fa961964cb061e2fe636c95612b437b |
| SHA512 | cbd4dd7e22ba6c4a26bf3e895439c72649be8b9cea99822ed77fc28d91e0ec8b91b6a0d76ff9b66553ffcdedc33d4ed43166508ac91d42fe27bbec9e41a629be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dc34cabdacfbffce_0
| MD5 | 99dc47a67f4a93bd6e08cdf16a9f70f4 |
| SHA1 | 350ba044d8c6092d8e91e4b5cfc518f2851d5931 |
| SHA256 | 892dc711ea3f30e53e30ac8b130686962ba024eb69d45d620bab5e07f138a1f3 |
| SHA512 | 19fd2487215f9caf6047ad1454f32aabd0ffd72e59c501ac9004e3ed023829187bd80e466e64ceedf9b3db1bd0b76a7f045b7e46308f3fe0f8295f61c2d9bf3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ea03ff49b72d51ef_0
| MD5 | c5b2eaecb94a28ed6851bb900e8655d6 |
| SHA1 | d5f21adb0e4d7953ee0118af5908b54a18080fd2 |
| SHA256 | eb91952f4c06e39c1179a7633e6c9eafd56c16b2dfcd2ab49bbc9affd986978e |
| SHA512 | dccc01c516e994e87e19a43069b3954ea9cd2aca9eadd756be6b1ab15d1d4827713c51bd77eef7528054f132fb29bdbd1c3b940d9886c7daa65b27d191041c07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\44eedf7ff3efb79c_0
| MD5 | f26cceded61a6caa896f5d92e39939c2 |
| SHA1 | 4adc872807754f4e0542c2689006923dbfccc74c |
| SHA256 | cf287556af4bbac214c37c9ae16d7925c39825a4c56a78b47700994b2af47b81 |
| SHA512 | 15dad3ba0b0c37d571850032b2ba506f699f9eab812f12e642c1fb95c6ca02b4d217bc8519ad2506d30b3f628b189f1d88e02363c50f15644581ef16273ecaa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e04b264b57572896_0
| MD5 | b84025d37055b3d539d50486cc76e7d7 |
| SHA1 | a571bc1d1da1429ce5cc21db581238612afdc84d |
| SHA256 | d679bdf8137dc59922d7b424e54bc552944c7657f8ed71f58661105542d9c1f4 |
| SHA512 | 4f3f30e91fee1ff5f9cb94fde60f3b5e2578ea7590a7865c234ede2b58d144e07b9dac3b802dd11a811308ba2e01e27330accb9c90ff4fbcbdb9b4b86f8b85b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0
| MD5 | 25311d4c431c527485e06e58603a85ce |
| SHA1 | 8a1fab14d6e0352297c7292429296d5f51ed70e4 |
| SHA256 | de71fde448f1880fd3763a4e551fbc9a1197863945643cc1bf132e31da8e115b |
| SHA512 | a87cab3ab9ed9daa00f5968eb3096622d6e6d0623f4742ff002da79b4d150e016e132bca5ea7f569f6aeb9574530d9a19a8f13cc72914d911efe4bc01ed08f4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0
| MD5 | dde4ad2a52b29295d7dbe27ae171f01a |
| SHA1 | 2beca6461ce6e9399b16ad463fe1c97bf34c7baa |
| SHA256 | d4fc95fe159912c53616344145e553780a0e8861151eec1bcc6b70b2d50945c2 |
| SHA512 | 146222bb6bc388efc882a9f3d96835676394b13c95f9e35dc04e751a10e7d2ea521dfdb572c5fba3e37805bd7b7bdf92fe0abd2c061b87a7b39006bd6b633c94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\39cc8b3389daa7d8_0
| MD5 | 2a47e98013597713b71a36142ade5723 |
| SHA1 | 22459548930c7b75f46bcd454bf8151143c24fef |
| SHA256 | f1deeca1270a6c432bf1de6bbb4c9376e0658ffab3cdb8a5946e3a19f32b0d43 |
| SHA512 | 0ac14e7d8adedc118558fc7a73aa2e058a4ded933788dd64a0805fd4d9e2f2881e3ff3719a7c540526b91b09562dce3ea09947f56c7b443fac26083f2ec0576e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782f56b8ce6cff0f_0
| MD5 | 734e55c5034b5b1770e92e9a04e468fc |
| SHA1 | b039d8c0459f2b30cf98deec67df0c32d15d4b72 |
| SHA256 | 470d5dee8c5e81f7aa2b6fe6cfa59a2119e9baa1770ab14ea0b9a60b82e3fc3b |
| SHA512 | 94c362917886f99363dc01cd2228fa51fc4c528843d18f4c816df481a97a059c345fd1885dce163c2b9ba4fc48151c13c0dfc7c8a82912e5efe767dc484093d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6e8e4640f0de454_0
| MD5 | 5ed5746c0a5d60b102783bdda8b94ccd |
| SHA1 | 52168b1d0eb956bae5d69a15a767ecceb2613e59 |
| SHA256 | 5e6416aff929624263073521fe1a72e864ac9582afccd823e16202dbf63c21b3 |
| SHA512 | e84e59f187f0ad1e2e65f9077a23ced2977f740fe03c71ceb258fa81532defd8b2384035ecfa0951da83b005222d5062e7a4885797263db0dbeacccd4943a217 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a71e5046306f8a1_0
| MD5 | 5134bd110dd87eafd56b20d976c4d0bc |
| SHA1 | ff58728f8bb7865590d38981321a6ae4618000ef |
| SHA256 | 9fe448484d6115d08889a65686fda319c83b941802a3af51c59ad6b68f6cb90a |
| SHA512 | ed335b414c6e9e11eb449dd76858cb858598639435e4012cbe7b03c33c9fc220ad03f4dc00521ff97e6092ce45f891338e61570953c72f773f615ff8f4ac0f50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8
| MD5 | 99e35b3b58efd89d0322af8bbcb87178 |
| SHA1 | dc72968c535925c4cc809c40cb96acaeca460dad |
| SHA256 | 5e0ad4e28e5d5123002dd3bc76a20528aeb619f5d0cfbe6c59e0212a09b53187 |
| SHA512 | e8ff05054a7a0b3271ed342ae98ba505bde3a140a6131c757641f73281b85cf50f617744511ba7e4c90518bcb83e44f00963109b705a038c68603627c0e925a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d12bc83013ac0aec8c5d67d6cc8f013f |
| SHA1 | 146e9012656b437cdc9da01279a2fcdf427a274a |
| SHA256 | 6b18a32d4d69cb8f2f765bbeb61786794959fdf1965cf3136e199d51e42b01ee |
| SHA512 | e647a6bd6e7e7096b2fb224bef1aa9aba0331589801bf5ea4ff07504003e83fc527ab800ba90d275a4db0e9e618bfd858adff8feec8ffa5154d41b1af88943af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e0552cd880904cc789aaa8379cd03f56 |
| SHA1 | bee8919b93402a07a8dd57ad2397ad655fe4dcc7 |
| SHA256 | 2a174fde507100dbe80a94b5050c5231553d58168f36c63e9dda85bdd28b162e |
| SHA512 | 37399e8a3ac26f27b075815b63e19a80f9b4f1a53be836c18a5441f61df0a1b2f189b503c1a02c9041245f2384d0e46f9cb0426ca0a1ab56f13e6f2893b6b6b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8d760fa74fdcd68313a275126388e758 |
| SHA1 | 0c56fdae08d4868f8791490585c787862d3e00a5 |
| SHA256 | 4469239e82ea57657e8a0dccfeee5f91a0f99279fb0c858a71115d3c6fb8ed48 |
| SHA512 | e5d75619fd30f22b0de53303f178963de1068b1f76bcf9cb28438c0be97abdba60d0e26d2b9a9b9b194cad069c9e2df1907a5a3646e5be7cf507238153e49991 |