Analysis Overview
Threat Level: Likely malicious
The file https://playedfun.org/roblox/getapp?_gl=1*1840o5e*_up*MQ..&gclid=Cj0KCQjwsJO4BhDoARIsADDv4vCinnrDnegAg-Mxq6-y9Kh2v_EWj6-39SEP0nh2MduAisyheAKjMCAaAuhJEALw_wcB was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Possible privilege escalation attempt
Creates new service(s)
Manipulates Digital Signatures
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
Enumerates connected drives
Checks installed software on the system
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Launches sc.exe
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious behavior: LoadsDriver
Modifies registry class
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
NTFS ADS
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-08 10:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-08 10:49
Reported
2024-10-08 10:56
Platform
win11-20241007-en
Max time kernel
412s
Max time network
414s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.3\FuncName = "WVTAsn1CatMemberInfo2Decode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2005\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\FuncName = "EncodeRecipientID" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\FuncName = "DecodeRecipientID" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2003\FuncName = "WVTAsn1SpcIndirectDataContentDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\FuncName = "WVTAsn1SpcSigInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\FuncName = "WVTAsn1SpcIndirectDataContentEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2223\FuncName = "WVTAsn1CatMemberInfo2Decode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLVERIFYINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6067991A-7C52-4BA1-8327-9F7B9FF37847\dismhost.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-runtime-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libeay32.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetLwfUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxCAPI.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-errorhandling-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-libraryloader-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetAdp6Install.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-sysinfo-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-timezone-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-handle-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\concrt140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\vccorlib140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf-PreW10.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\SUPLoggerCtl.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\platforms\qminimal.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDD2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-memory-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\platforms\qwindows.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5Gui.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ucrtbase.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-errorhandling-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-utility-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-utility-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDDU.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstVMREQ.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\vbox-img.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDbg.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSampleDriver.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\libcrypto-1_1.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\vccorlib140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5WinExtras.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxCpuReport.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxProxyStub.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-processthreads-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libOpenglRender.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxDDR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ossltest.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDragAndDropSvc.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxVMMPreload.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-multibyte-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_V2_utils2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\platforms\qoffscreen.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES12Translator.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\GLES_V2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\bldRTLdrCheckImports.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-private-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-runtime-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-time-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libcurl.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\6067991A-7C52-4BA1-8327-9F7B9FF37847\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dism.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A161-41F1-B583-4892F4A9D5D5}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EBF9-4D5C-7AEA-877BFC4256BA}\NumMethods\ = "69" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5409-414b-bd16-77df7ba3451e} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\ = "IAdditionsStateChangedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3CF5-4C0A-BC90-9B8D4CC94D89}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-23d0-430a-a7ff-7ed7f05534bc} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC}\NumMethods\ = "18" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E1B7-4339-A549-F0878115596E}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C6FA-430E-6020-6A505D086387}\ = "IFsObjInfo" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\0\win64 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\VersionIndependentProgID | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1BCF-4218-9807-04E036CC70F1}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CLSID | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-81a9-4005-9d52-fc45a78bf3f5} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-394D-44D3-9EDB-AF2C4472C40A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5FDC-4ABA-AFF5-6A39BBD7C38B}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7e67-4144-bf34-41c38e8b4cc7} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}\ = "INATNetworkPortForwardEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-34B8-42D3-ACFB-7E96DAF77C22}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\NumMethods\ = "16" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\ = "IBooleanFormValue" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\NumMethods\ = "69" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}\ = "IUSBDeviceFilters" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\ = "IGuestSessionEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4022-DC80-5535-6FB116815604}\ = "INATNetworkAlterEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2D12-4D7C-BA6D-CE51D0D5B265}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\ = "IVRDEServerInfo" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9641-4397-854A-040439D0114B} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2354-4267-883F-2F417D216519}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\ = "IGuestMonitorChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\ = "IRuntimeErrorEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-394D-44D3-9EDB-AF2C4472C40A}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7}\ = "IBIOSSettings" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 539027.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://playedfun.org/roblox/getapp?_gl=1*1840o5e*_up*MQ..&gclid=Cj0KCQjwsJO4BhDoARIsADDv4vCinnrDnegAg-Mxq6-y9Kh2v_EWj6-39SEP0nh2MduAisyheAKjMCAaAuhJEALw_wcB
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff895623cb8,0x7ff895623cc8,0x7ff895623cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6620 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9572 /prefetch:8
C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe"
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=262408
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\6067991A-7C52-4BA1-8327-9F7B9FF37847\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\6067991A-7C52-4BA1-8327-9F7B9FF37847\dismhost.exe {00D2B485-C7F7-445E-A2B2-E4A2025B50EB}
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff895623cb8,0x7ff895623cc8,0x7ff895623cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=Fortnite|package=Fortnite
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=10460 /prefetch:8
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff895623cb8,0x7ff895623cc8,0x7ff895623cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,935062662370464639,1861311977304428804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | playedfun.org | udp |
| US | 172.67.132.209:443 | playedfun.org | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 172.67.70.115:443 | lib.wtg-ads.com | tcp |
| GB | 95.100.104.20:443 | consent.cookiebot.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.70.67.172.in-addr.arpa | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| GB | 172.217.169.2:443 | securepubads.g.doubleclick.net | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| GB | 23.218.75.88:443 | imgsct.cookiebot.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 172.217.169.2:443 | securepubads.g.doubleclick.net | udp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.187.193:443 | d490883012c46a967a8db49fe9dd7a70.safeframe.googlesyndication.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 23.218.75.88:443 | imgsct.cookiebot.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.195:443 | www.google.co.uk | tcp |
| GB | 74.125.206.156:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.195:443 | www.google.co.uk | udp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.2:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| IT | 142.250.180.131:443 | csi.gstatic.com | tcp |
| IT | 142.250.180.131:443 | csi.gstatic.com | tcp |
| BE | 74.125.71.157:443 | bid.g.doubleclick.net | tcp |
| IT | 142.250.180.131:443 | csi.gstatic.com | udp |
| GB | 172.217.169.74:443 | imasdk.googleapis.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.187.194:443 | www.googletagservices.com | tcp |
| GB | 142.250.187.194:443 | www.googletagservices.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 23.219.192.23:443 | is4-ssl.mzstatic.com | tcp |
| GB | 23.219.192.23:443 | is4-ssl.mzstatic.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| GB | 23.219.192.23:443 | is4-ssl.mzstatic.com | tcp |
| GB | 23.219.192.23:443 | is4-ssl.mzstatic.com | tcp |
| GB | 2.19.168.202:443 | www.apple.com | tcp |
| GB | 2.19.168.202:443 | www.apple.com | tcp |
| GB | 2.19.168.202:443 | www.apple.com | tcp |
| GB | 184.87.189.40:443 | js-cdn.music.apple.com | tcp |
| GB | 184.87.189.40:443 | js-cdn.music.apple.com | tcp |
| GB | 2.23.210.76:443 | amp-api-edge.apps.apple.com | tcp |
| GB | 23.219.192.23:443 | is4-ssl.mzstatic.com | tcp |
| GB | 23.219.192.23:443 | is4-ssl.mzstatic.com | tcp |
| GB | 23.219.192.23:443 | is4-ssl.mzstatic.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.195:443 | www.google.co.uk | udp |
| GB | 2.23.210.76:443 | amp-api-edge.apps.apple.com | tcp |
| GB | 23.219.192.23:443 | is4-ssl.mzstatic.com | tcp |
| GB | 23.219.192.23:443 | is4-ssl.mzstatic.com | tcp |
| GB | 23.219.192.23:443 | is4-ssl.mzstatic.com | tcp |
| GB | 23.219.192.23:443 | is4-ssl.mzstatic.com | tcp |
| GB | 23.219.192.23:443 | is4-ssl.mzstatic.com | tcp |
| GB | 92.123.128.187:443 | www.bing.com | tcp |
| GB | 92.123.128.159:443 | r.bing.com | tcp |
| GB | 92.123.128.159:443 | r.bing.com | tcp |
| GB | 92.123.128.139:443 | th.bing.com | tcp |
| GB | 92.123.128.139:443 | th.bing.com | tcp |
| IE | 40.126.31.73:443 | login.microsoftonline.com | tcp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 172.217.169.2:443 | securepubads.g.doubleclick.net | udp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| NL | 18.239.50.77:443 | sdk.privacy-center.org | tcp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| GB | 172.217.169.2:443 | securepubads.g.doubleclick.net | udp |
| NL | 18.239.70.203:443 | c.amazon-adsystem.com | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| GB | 142.250.187.238:443 | syndicatedsearch.goog | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | udp |
| NL | 18.239.70.203:443 | c.amazon-adsystem.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| GB | 142.250.179.251:443 | storage.googleapis.com | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| NL | 18.238.243.114:443 | config.aps.amazon-adsystem.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.7.141:443 | cdn.btmessage.com | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 227.197.45.139.in-addr.arpa | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 104.26.7.141:443 | cdn.btmessage.com | tcp |
| NL | 18.239.83.48:443 | api.privacy-center.org | tcp |
| GB | 142.250.187.238:443 | syndicatedsearch.goog | udp |
| US | 172.67.74.173:443 | wct.softonic.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| NL | 18.239.88.34:443 | aax.amazon-adsystem.com | tcp |
| IE | 63.34.78.4:443 | ap.lijit.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| DE | 138.201.23.12:443 | shb.richaudience.com | tcp |
| DE | 138.201.23.12:443 | shb.richaudience.com | tcp |
| DE | 138.201.23.12:443 | shb.richaudience.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| IE | 54.195.13.92:443 | ad.360yield.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| IE | 63.32.25.63:443 | id.crwdcntrl.net | tcp |
| NL | 18.239.18.12:443 | tags.crwdcntrl.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | partner.googleadservices.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| NL | 18.239.83.27:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 18.239.83.27:80 | crt.rootg2.amazontrust.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 142.250.187.195:443 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 74.125.206.156:443 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 172.67.74.173:443 | wct.softonic.com | tcp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.13.195.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.25.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| IE | 54.239.38.253:443 | aax-eu.amazon-adsystem.com | tcp |
| GB | 2.23.204.244:443 | ads.pubmatic.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 151.101.129.108:443 | acdn.adnxs.com | tcp |
| DE | 162.55.233.29:443 | sync.richaudience.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| GB | 2.17.4.21:443 | contextual.media.net | tcp |
| DE | 162.55.233.29:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 44.218.137.49:443 | cs-server-s2s.yellowblue.io | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| IE | 34.253.109.63:443 | match.prod.bidr.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 54.157.243.69:443 | sync.srv.stackadapt.com | tcp |
| GB | 2.19.117.107:443 | player.aniview.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 54.90.182.189:443 | api-2-0.spot.im | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| DE | 37.252.171.52:443 | secure.adnxs.com | tcp |
| DE | 37.252.171.52:443 | secure.adnxs.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| FR | 164.132.25.180:443 | ssbsync.smartadserver.com | tcp |
| US | 44.218.137.49:443 | cs-server-s2s.yellowblue.io | tcp |
| GB | 2.19.117.107:443 | player.aniview.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| FR | 164.132.25.180:443 | ssbsync.smartadserver.com | tcp |
| DE | 37.252.171.52:443 | secure.adnxs.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 54.90.182.189:443 | api-2-0.spot.im | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| IE | 34.253.109.63:443 | match.prod.bidr.io | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 54.157.243.69:443 | sync.srv.stackadapt.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| IE | 52.208.42.71:443 | jadserve.postrelease.com | tcp |
| US | 172.111.38.111:443 | tracker.open-adsyield.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.25.132.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.109.253.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.137.218.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.182.90.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.243.157.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.42.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.38.111.172.in-addr.arpa | udp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| NL | 89.207.16.204:443 | equativ-match.dotomi.com | tcp |
| NL | 18.239.94.101:443 | s.ad.smaato.net | tcp |
| FR | 164.132.25.184:443 | rtb-csync.smartadserver.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 89.149.193.117:443 | ssbsync-global.smartadserver.com | tcp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| FR | 164.132.25.184:443 | rtb-csync.smartadserver.com | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | udp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 98.82.156.107:443 | s.amazon-adsystem.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| GB | 2.17.5.216:443 | eus.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 151.101.193.91:443 | en.softonic.com | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 151.101.193.91:443 | en.softonic.com | udp |
| FR | 164.132.25.180:443 | ssbsync.smartadserver.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| IE | 34.253.109.63:443 | match.prod.bidr.io | tcp |
| US | 54.157.243.69:443 | sync.srv.stackadapt.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| IE | 34.253.109.63:443 | match.prod.bidr.io | tcp |
| FR | 164.132.25.184:443 | rtb-csync.smartadserver.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| NL | 18.239.85.223:443 | m.media-amazon.com | tcp |
| NL | 18.239.85.223:443 | m.media-amazon.com | tcp |
| NL | 18.239.85.223:443 | m.media-amazon.com | tcp |
| NL | 18.239.85.223:443 | m.media-amazon.com | tcp |
| NL | 18.239.85.223:443 | m.media-amazon.com | tcp |
| NL | 18.239.85.223:443 | m.media-amazon.com | tcp |
| NL | 18.239.36.54:443 | ts.amazon-adsystem.com | tcp |
| NL | 18.239.85.223:443 | m.media-amazon.com | tcp |
| NL | 18.239.85.223:443 | m.media-amazon.com | tcp |
| NL | 18.239.85.223:443 | m.media-amazon.com | tcp |
| NL | 18.239.85.223:443 | m.media-amazon.com | tcp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| NL | 18.239.36.54:443 | ts.amazon-adsystem.com | tcp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| IE | 3.254.239.69:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| NL | 108.156.60.62:443 | tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev | tcp |
| GB | 163.181.154.244:443 | www.ldplayer.net | tcp |
| GB | 172.217.169.2:443 | securepubads.g.doubleclick.net | udp |
| GB | 163.181.154.242:443 | www.ldplayer.net | tcp |
| US | 151.101.131.52:443 | img.utdstc.com | tcp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| US | 192.124.249.36:80 | certificates.starfieldtech.com | tcp |
| US | 151.101.131.52:443 | img.utdstc.com | tcp |
| US | 151.101.131.52:443 | img.utdstc.com | tcp |
| US | 151.101.131.52:443 | img.utdstc.com | tcp |
| US | 151.101.131.52:443 | img.utdstc.com | tcp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| GB | 142.250.179.238:443 | fundingchoicesmessages.google.com | udp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| GB | 163.181.154.239:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.239:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.239:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.239:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.239:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.239:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 239.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| NL | 18.239.50.126:443 | js.adscale.de | tcp |
| GB | 142.250.187.194:443 | www.googletagservices.com | udp |
| DE | 18.158.205.15:443 | ih.adscale.de | tcp |
| GB | 142.250.180.14:443 | apis.google.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| NL | 18.239.18.75:443 | apien.ldplayer.net | tcp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| GB | 142.250.180.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.180.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.180.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.180.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.180.22:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.180.22:443 | play-lh.googleusercontent.com | tcp |
| SG | 8.219.96.60:443 | invite.ldplayer.net | tcp |
| SG | 8.222.254.73:443 | usersdk.ldmnq.com | tcp |
| SG | 8.219.96.60:443 | invite.ldplayer.net | tcp |
| SG | 8.222.254.73:443 | usersdk.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.22:443 | play-lh.googleusercontent.com | udp |
| GB | 142.250.180.14:443 | apis.google.com | udp |
| NL | 18.65.39.76:443 | tagan.adlightning.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | udp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | 76.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.175.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| NL | 63.215.202.178:443 | proc.ad.cpe.dotomi.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| DE | 178.63.248.57:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| DK | 37.157.6.254:443 | adx.adform.net | tcp |
| FR | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| NL | 89.149.192.65:443 | prg.smartadserver.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| NL | 178.250.1.10:443 | rtb.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.22:443 | staticassets-creator-design.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| DK | 37.157.6.232:443 | adx.adform.net | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 89.149.193.117:443 | ssbsync-global.smartadserver.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| FR | 178.250.7.12:443 | rtb.fr3.eu.criteo.com | tcp |
| FR | 178.250.7.12:443 | rtb.fr3.eu.criteo.com | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| FR | 164.132.25.180:443 | ssbsync.smartadserver.com | tcp |
| DE | 37.252.171.52:443 | secure.adnxs.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| FR | 164.132.25.184:443 | rtb-csync.smartadserver.com | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| IE | 34.253.109.63:443 | match.prod.bidr.io | tcp |
| NL | 35.214.204.186:443 | csync.loopme.me | tcp |
| DK | 37.157.5.132:443 | c1.adform.net | tcp |
| US | 54.157.243.69:443 | sync.srv.stackadapt.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| DE | 157.90.33.72:443 | push-sdk.com | tcp |
| DE | 157.90.33.72:443 | push-sdk.com | tcp |
| FR | 163.5.194.35:443 | prebid.a-mo.net | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| NL | 18.239.69.83:443 | apien.ldmnq.com | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.241:443 | res.ldrescdn.com | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 89.149.192.65:443 | prg.smartadserver.com | tcp |
| GB | 172.217.169.2:443 | securepubads.g.doubleclick.net | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 18.239.69.111:443 | setupad-tagan.adlightning.com | tcp |
| NL | 18.239.69.111:443 | setupad-tagan.adlightning.com | tcp |
| NL | 18.239.69.111:443 | setupad-tagan.adlightning.com | tcp |
| NL | 18.239.69.111:443 | setupad-tagan.adlightning.com | tcp |
| NL | 18.239.69.111:443 | setupad-tagan.adlightning.com | tcp |
| NL | 18.239.69.111:443 | setupad-tagan.adlightning.com | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| IE | 63.32.151.81:443 | ad.360yield.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| DE | 178.63.241.79:443 | s.richaudience.com | tcp |
| DE | 178.63.241.79:443 | s.richaudience.com | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 89.149.193.81:443 | prg.smartadserver.com | tcp |
| NL | 89.149.193.81:443 | prg.smartadserver.com | tcp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| NL | 18.239.69.121:443 | apien.ldmnq.com | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| NL | 89.149.193.81:443 | prg.smartadserver.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| GB | 172.217.169.2:443 | securepubads.g.doubleclick.net | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| GB | 172.217.169.2:443 | securepubads.g.doubleclick.net | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 8.8.8.8:53 | res.ldrescdn.com | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| NL | 18.238.243.84:443 | ad.ldplayer.net | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| NL | 18.239.18.74:443 | apien.ldplayer.net | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| US | 8.8.8.8:53 | 74.18.239.18.in-addr.arpa | udp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| US | 8.8.8.8:53 | 84.243.238.18.in-addr.arpa | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| GB | 163.181.154.238:443 | res.ldrescdn.com | tcp |
| NL | 18.239.83.98:443 | alliance.ldplayer.net | tcp |
| NL | 18.239.69.121:80 | apien.ldmnq.com | tcp |
| NL | 18.239.69.121:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| GB | 163.181.154.237:443 | leap.ldplayer.gg | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| GB | 172.217.169.2:443 | securepubads.g.doubleclick.net | udp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| GB | 163.181.154.239:443 | leap.ldplayer.gg | tcp |
| NL | 18.239.69.121:443 | apien.ldmnq.com | tcp |
| GB | 142.250.179.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 163.181.154.243:443 | res.ldrescdn.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 243.154.181.163.in-addr.arpa | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 216.58.201.97:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| GB | 172.217.169.10:443 | jnn-pa.googleapis.com | tcp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| GB | 172.217.169.10:443 | jnn-pa.googleapis.com | udp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| GB | 216.58.204.78:443 | play.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| GB | 216.58.204.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DK | 37.157.6.232:443 | adx.adform.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| DE | 159.89.25.223:443 | node.setupad.com | tcp |
| GB | 216.58.212.193:443 | cdn.ampproject.org | udp |
| DE | 162.19.138.119:443 | id5-sync.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| FR | 163.5.194.35:443 | sync.a-mo.net | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.10:443 | rtb.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| GB | 216.58.204.78:443 | play.google.com | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.2:443 | securepubads.g.doubleclick.net | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| DE | 138.201.23.12:443 | shb.richaudience.com | tcp |
| IE | 52.213.199.88:443 | ad.360yield.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| IE | 54.229.84.122:443 | ap.lijit.com | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 151.101.193.91:443 | fortnite.en.softonic.com | udp |
| US | 151.101.193.91:443 | fortnite.en.softonic.com | udp |
| NL | 18.239.68.199:443 | aax.amazon-adsystem.com | tcp |
| NL | 18.239.70.203:443 | c.amazon-adsystem.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 151.101.193.91:443 | fortnite.en.softonic.com | udp |
| GB | 142.250.187.195:443 | www.google.co.uk | udp |
| US | 151.101.65.91:443 | fortnite.en.softonic.com | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| BE | 74.125.206.157:443 | stats.g.doubleclick.net | udp |
| DE | 162.19.138.119:443 | id5-sync.com | tcp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| CA | 185.170.62.164:443 | a4392.casalemedia.com | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.34:443 | googleads4.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| DE | 162.55.233.28:443 | sync.richaudience.com | tcp |
| GB | 2.17.4.21:443 | contextual.media.net | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 52.208.42.71:443 | jadserve.postrelease.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| FR | 91.134.110.133:443 | ssbsync.smartadserver.com | tcp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 52.86.42.133:443 | sync.srv.stackadapt.com | tcp |
| US | 34.195.107.194:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 172.111.38.54:443 | tracker.open-adsyield.com | tcp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| IE | 52.208.7.156:443 | match.prod.bidr.io | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.107.195.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.42.86.52.in-addr.arpa | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | udp |
| US | 151.101.66.49:443 | sync-tm.everesttech.net | tcp |
| NL | 89.207.16.201:443 | equativ-match.dotomi.com | tcp |
| NL | 188.42.196.115:443 | ads.betweendigital.com | tcp |
| FR | 217.182.178.233:443 | rtb-csync.smartadserver.com | tcp |
| GB | 216.58.212.194:443 | ade.googlesyndication.com | tcp |
| GB | 216.58.212.194:443 | ade.googlesyndication.com | udp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| N/A | 127.0.0.1:6467 | tcp | |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| N/A | 127.0.0.1:6471 | tcp | |
| N/A | 127.0.0.1:6472 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 46e6ad711a84b5dc7b30b75297d64875 |
| SHA1 | 8ca343bfab1e2c04e67b9b16b8e06ba463b4f485 |
| SHA256 | 77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f |
| SHA512 | 8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e |
\??\pipe\LOCAL\crashpad_3404_SQBJJIAXNUKVGJPH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fdee96b970080ef7f5bfa5964075575e |
| SHA1 | 2c821998dc2674d291bfa83a4df46814f0c29ab4 |
| SHA256 | a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0 |
| SHA512 | 20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 459bbfa4ce8a1c9715c9174cc19562d6 |
| SHA1 | 94ec13361d30fee32e8f39dc2949a8a46566b3f7 |
| SHA256 | a151fbf26efc3dd130071f07ac9d8bf06dfc8434d18d3343b29a60ef0ccfc18f |
| SHA512 | 06ec7f592b05e0af24c1caf962c2f861c9e00326f2272d6278cfc8516d0ea0208648950e338adfdac5467cd2577e37ecd744b7f26a5e859ffe4d993a9d97f1fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | f942900ff0a10f251d338c612c456948 |
| SHA1 | 4a283d3c8f3dc491e43c430d97c3489ee7a3d320 |
| SHA256 | 38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6 |
| SHA512 | 9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3ad777f7874bd6630bb53463b57d4152 |
| SHA1 | 35b8f09be2926413e5535c0c8959612c96b19f9b |
| SHA256 | ac607958f50f0d697fe1b979006175b8ee7eae0bc521cc1914f75c0844ce70d0 |
| SHA512 | 950971cb760cd8debd227776fdaec98c156db0ab2683ba4fe7af0e10ea6dfaa4e5a6a40aafbf5009a688964543bd73069f568ed4db5b6a3026afd6304b9ceea3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 843edeb49574338d1ba179625f0c6509 |
| SHA1 | b2be55302403235a74bc6828816ede61c3764392 |
| SHA256 | 3f30e60fab525c5b56e6eb0a9e48a04f28ea5f01a063c7dfc8f0b889aa8ffeca |
| SHA512 | b27a05b459a400f9cf43863e96608004f1ec6f90a5147d0f3a02e9e8e415d8ad6c18102ffab3f32c7150aec9e50996cc921abb9d4b11f68edd88a05c10d3baa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4257151473e88bdaa0cc9a3da2d592e5 |
| SHA1 | 263e47e1edf1a043cf74347731a3eaa723f42a76 |
| SHA256 | eadc5cff8c29de62a16688b687e525f30d633b4e48653997815c94c75707cffb |
| SHA512 | 2c01e1de2eb6540dfa0aa315ed129a782a1f43f8919829c9f8ed8fc7be4b83547b292f18be51889514649e1282a368caf565892e4030f54d397f7dfe35d52fee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a62680753923081139eda0c84637533c |
| SHA1 | 67165f883c0d560bfca403ef2f9fba1b07049da8 |
| SHA256 | e5db86a998b46c12af43a34ab6f05c1151dfecd559ef3ddf5bca125f552cc5a6 |
| SHA512 | d6d267d175297eb341cdb0c156e9af34b89c6ec183d56413477feac90b7be95cac4818be1c38b768321e6b28a9cc47ab4138919abd6f536617edda442f6605bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582333.TMP
| MD5 | 58904ed105ebd1ab80a1ce2f0fff40af |
| SHA1 | a49697fd09bf676732dd72b347ce34eddcab0202 |
| SHA256 | 74bb80efdffdfc66978ea12b8aff90968a3d1b0b2bca95cd213c15a7bc2e324b |
| SHA512 | 6a27b353733a4d17c6c296e5d83441fd06b86b9e023b7c321cd42a70293708dc07787df403fe5bd6f9e09e8c7979ad007c2850bcf3c17ea227653b9401c7ba33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a5a60cba79cc6cad69a64f0da3a04d01 |
| SHA1 | 56f580298d73d1d395f69228fe18a8c5b5b6e9d4 |
| SHA256 | 1b890b0656c6a08c68300d3206c0cd58c3726c701d4952dd4a8eec4f284e119b |
| SHA512 | 7a48b30523d1c9215cd163345171fdf44aea684dd72a5e032550d36cb8f4ee0774c6fba87bacbb42eed54afb63134e564a666fcda2e7ac9bb002af10c1de210c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74b4050e6cf8024fc186f8d2b586b6e7 |
| SHA1 | be53a658be173f9b22a762313ef6f1f6c0a6308e |
| SHA256 | 5b1b713e1215ff0bc4064a2e9caa858949c9e1edad9ce975c53e53d1d8b62d19 |
| SHA512 | 45978f9907b4444a7c3fcd48b048905fc1f3e869755a51f6dab88626459be38584477022962648f10d7de98338b7232aa3a7e5d8c723b787355c996cacabbdfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3917fb5306fcaed744d1e7d00e38d680 |
| SHA1 | d1dfb542eec53e4907ba98c06416deb04a4416f3 |
| SHA256 | 0acc74abd03026e884d64aaf89362b7138eb16153b4261525756c7d560def591 |
| SHA512 | 9dbb5a82ab0a00de98848afbc30bf3ff6d5fc4da10c7e5d3d0b0792203f7e0ff0ae27934c93ede0fc84c3d9d031a3bef24ee2fa9c8c0c2c60602fe5d4122d546 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 623290158642bb291a836b4bd888eac8 |
| SHA1 | 40f0b919dc4feac2f7a841051741ca366bcc706e |
| SHA256 | 0612ebe8f3d700942eee0ce2eb1c3863b975cf7d950af0e45db31c0d7880bfb4 |
| SHA512 | 477fdcf60142512c712b9c24e3db0f7000223092c392acb0d3f75754aac9dfc43e3437d0ac15da3b1c82713a2fc1f9fdf7d2120d3d571eb388b98191c08126ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ad052efe4767a19ba20e07ada3228b0c |
| SHA1 | b5550193d72ff5c6e23568784ac81c7d2a0e260e |
| SHA256 | c902d4dd16f666884c9d969a9e5d082fb8cbb950bbce97b5abc0a98d8e5178e7 |
| SHA512 | 5db991bfa31633df20bd37d2390780800a4782396af3b0fb5d07e31ff2c1e7b3e836eafb9ebd13671897e6c48405a97fa17161c6bc2865d5fef9ca8b1878fcf0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5498626fabc23f4a089a1f3d12a68290 |
| SHA1 | 93d0ac343173dba203bdf49d854a6f7e3f1ec80e |
| SHA256 | 7d854a3bdea520bde98685a86b36f4bca23281c5e63ca2ca86e1633e08200f9e |
| SHA512 | 50958afa70ccc0d37efd7f49280a52da7bc1d6f59cdaef11265613d7a3f3d213740e18a00baaf88169000a30c46f906eff97b75bf7cf25e68e9de225c4742ef0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b24ad0e7a2c440438183e09efed1a615 |
| SHA1 | d5a8ac42d3a054ca526695342b8f32a31a868891 |
| SHA256 | 950244b9af046c94cb5c55915ea12c6f5c2ed54c42542e021dc52de9a9d6547a |
| SHA512 | b5c11079d8a02d6f0d097df6f330c582d2993051d8c973452a40eb904b185f570c59081ac413e1c536af754e95d7190d061e1537066f91eeb9c30c0c3768db97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 44d07b5420a05da802e10f867f13dba6 |
| SHA1 | 42d1e06b82655dfbfeb68aff52e6ec022d888a0c |
| SHA256 | 59bef5b1e252154c7e04a6ea3f16e7fd34aac3c3b8358fcdce73799ed437a410 |
| SHA512 | 4e3ca6723bdfd438c8dd72a75e432fc09476d4949424676a1fba2573e6e701c0ea1eabee8c44fe50538cbba45496222609e160171f2c0b48b56dd5969abb99a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b441b33b1b71fe2e3a42d510d3ae94b |
| SHA1 | 6704bc8e5ce945db8e4a6cdb4ba12a4c011a2f37 |
| SHA256 | 8ca3caf61e917155a7f6313c0c2a41fe8884dc5106408ecf30a37dd4dc1cf344 |
| SHA512 | 34f20b5f5769210a1764109a7ef97b480ea48931783b38fb95f9b55cd621fc783c38f99b794497bae25fded772b6d7643a68a25dc0542d9534c426e86bd1fa5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09e37bb2ed07d362d1f00f6438fce352 |
| SHA1 | 89b8adcec5788d5dde3967db879a93899b767261 |
| SHA256 | 5e1cc907c93c433fe71b0970d6bdbf6f41f581d468c6dd5da7cdbcdfb97c34eb |
| SHA512 | c5136f810c80381edbeeb03eac62db1fbd0376c925f74c8775f0cf65e6fe256f2d8ef738d34b879a3e7700a782e7acd586307613e6cb069742f6aa12d2359083 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 54a018ee86c24cd557ca6d8336be2775 |
| SHA1 | 5ac6192df3739bd174d7a78cf58c0958a31385fd |
| SHA256 | 6b7ea4720a1191de948148cd9b29ff54f8976bb337608d2049e202bdaa5ab543 |
| SHA512 | 9dfcbe085fa380f92091b9b5876597ff9ede544586d727c38cb3a29e19f381a13dfff013481a1e6e648a1d2d6223a8d82731ed43179fab7cbe0a0149eed022c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f47a97f184bd8a0f6fb68dac6bf44f80 |
| SHA1 | e0676fa75f068e4e9a3cb89e9fb031cd5693af55 |
| SHA256 | e22a3c4861ed037a90f60a1aeb0ebd58d7006c5927feaf472289ded55b0c1e9f |
| SHA512 | 090ac9ce0752865f746db639a5a1bcebda3fe5e3e816c394d3a90a54c116e18db04ac093532befdbe5778e606293fe37acaef8b677b448dcbea18fe3461d1e6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068
| MD5 | 8aeebb3355b86f314e4ae0938d997565 |
| SHA1 | 2a8d8bc05c112fb6130457e84d126bc467f8dd4c |
| SHA256 | 1fcf73d2a385a8533580ca82e1914dbd8cc7bfc470202ea77f7bda24988eba41 |
| SHA512 | 5dfc9b3eea87dd23b83bfd0a37cf399bfc98aa90cb2079a905d2f9d77254aaf7b7ab5b69ab184d9bf29b7a7947a8a66d1ae55aef37d9e8bf59469d9d387582d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0c911390419c1c9353414097ae4d092e |
| SHA1 | e095e7f351b44664be3f7d7405fe5bf9814f62f5 |
| SHA256 | e8aabb2559a263c5371f2d4f7d1acfc770eae4bcf02e8c0c4ad3955082c8a0ac |
| SHA512 | c92eca8301dee5d4c706965579c45741ab8c242f5a767066d79f859872a1200f904ebe0d758c9be5aa3cba030ad7836af1a1cccebc0199f33b1c45e8b92761e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 75824810ffc1bac9b415e4ba30bbb03a |
| SHA1 | 263644351b6b6de30a0d342e8c76c127fef69438 |
| SHA256 | eca069821127f587d1ad423e8a4f637731021aa1ffb110596d1d11ef7be026c4 |
| SHA512 | fa70f22dce94ee032ac6c721b266f1227cd8c917cb5d0ca7410c3ca4ffd71c1f0bf87be3ce30a0f50dc714fbefdd22d4143afa981496c03a5b8995507ba7d1aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 36485bf5051953974e2911cfde8d851f |
| SHA1 | e6a84569f4c487dd97f5ba82273ca6f56c60dd1d |
| SHA256 | 16cfc7cb8e5fb8dbcf6d91dd45ee76a5311661d9aca1b839133bc81a031543af |
| SHA512 | 672a1e4a7038664b2277fba55d53434a75cb9d6c5d0de50962287c6befce3071b339eb9bbb8b12deed7b9be4457f8639bf66ec3863baf6f0fc71662a2f2979be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055
| MD5 | 99e35b3b58efd89d0322af8bbcb87178 |
| SHA1 | dc72968c535925c4cc809c40cb96acaeca460dad |
| SHA256 | 5e0ad4e28e5d5123002dd3bc76a20528aeb619f5d0cfbe6c59e0212a09b53187 |
| SHA512 | e8ff05054a7a0b3271ed342ae98ba505bde3a140a6131c757641f73281b85cf50f617744511ba7e4c90518bcb83e44f00963109b705a038c68603627c0e925a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065
| MD5 | 903fe8b0ff95de543ffa30eaed324f07 |
| SHA1 | f6fb8b69175618764cbcac711aff4bce88d84867 |
| SHA256 | 985bd90739477eb2538e1d9f4ff903f366c449af5ec86b68ceb80df7f5a3e421 |
| SHA512 | 213eec8590dece86b56059ee63d9ac29ec27535dbc9e89089a4dd74f4ee2fc0df0568ac67336e26f7e3330548f5fc7677adaa1d88eade7122450d64bbfbc16c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b
| MD5 | 8eff0b8045fd1959e117f85654ae7770 |
| SHA1 | 227fee13ceb7c410b5c0bb8000258b6643cb6255 |
| SHA256 | 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 |
| SHA512 | 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077
| MD5 | c83e4437a53d7f849f9d32df3d6b68f3 |
| SHA1 | fabea5ad92ed3e2431659b02e7624df30d0c6bbc |
| SHA256 | d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb |
| SHA512 | c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054
| MD5 | cd9501486c36c2543cbbdb31074178db |
| SHA1 | d000ec6b527641ea631ef01ba3119cb3374ec9de |
| SHA256 | a30e8e4a96068a5b5cc6a96df248b123093d3e10af571f2792f3af5872b54c8a |
| SHA512 | f6552bd394c9270620a10ff6db52a45afd47ae3131e5696a25838f83ef4acf7d35c9067d7900edb84c4fe35b177ff08b89f12721af0b4c7811ad6d4d6206fb7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051
| MD5 | 67e30bbc30fa4e58ef6c33781b4e835c |
| SHA1 | 18125beb2b3f1a747f39ed999ff0edd5a52980ee |
| SHA256 | 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba |
| SHA512 | 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050
| MD5 | 6ec3d9873932b936512a4fd9c6bff651 |
| SHA1 | 9c24b54ea371e7f68c8b950a7da71655427971ee |
| SHA256 | d4fbe4e1ff088487b5c02315ca4810e53bfd0fb77e54495c21e1d5bae93ad4aa |
| SHA512 | 638f869bb6fb715749a7b252d22c7bb8d45b0581be9d33dd10ca6e7233fb2557149406e3f92ee6e5ec7f9318a90407f72dbb0f13a4ebd44ee34210d64fcceb63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053
| MD5 | 951fcdde5d33ff5a8095adec552f4d5e |
| SHA1 | d3f9d4e076ea012b595f2e9ecc10506d9e245570 |
| SHA256 | 659a927c8d5f496f883de59f10fde811db1adc07cb6a92a5bf580fa9f1abf193 |
| SHA512 | 94c29df10b3822852c3f679edf553f934ba0ef820bd25d4b0947bd8af2b2ee52c83baaf543067049d7950eaeba65f5c704e3d10a66d3d0afea92e994ea52e49f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e
| MD5 | 47cb0194229e869f46021cb77c950ea3 |
| SHA1 | 01f9d7941d6e86c719643173e1a56bbbde3f27ad |
| SHA256 | ba52b3a0db741c604b95b94d1df1333b07fc11d006c8cb373780164a42d964bf |
| SHA512 | 0777f060f31de73897eafc0a68fcdd5009fbafd88ce435f2fc30dafa86cd79582004cc54bf0836fb4df6f5108b33a2fa31256012ed3b5358b0c960c1d7c68494 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052
| MD5 | 7651b1187bb58ac4c7be625337b35e5b |
| SHA1 | 307d969ef4137a66fe2793737dc1c546587c7f43 |
| SHA256 | 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968 |
| SHA512 | a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a
| MD5 | 398afc8982d877f4521ced22eef7debe |
| SHA1 | 3e21de4a5bd21d2ca2bc55ae79fab65f9c6b17e7 |
| SHA256 | 57037c4fb21a95429655a00e8f8e9ed8b2c8387693d0ea937d4457b37c728bd8 |
| SHA512 | 09199b8285fb4d419f99c31ec03378a1d3301f3916f3168a405ecd41b3ef9ae0bcd5b142b4aca6e4c75251aa10d67848afcc1a80180dd909750238e7b2a6773b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059
| MD5 | fb6ecd0b2069d13134d208faee3039d1 |
| SHA1 | d9d0ff0c241b33c795be1b57cf0cd78921f5daff |
| SHA256 | a2999f9bf750e33a8fe61ea4b4941b52a87f1cc5916d63a9fafebbc62c33fc5d |
| SHA512 | 3c709dc5ead0d14a1fe6b6790cb6c1d1dcb401329623eae30d83b9a93538f397f1de779555f8e4e3a2532e1640fd9615aa3aceb80a459f27811cf2f83ac2dd79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057
| MD5 | 3c5a5e80403fff06f525d592b355df4c |
| SHA1 | 5b5564d971bda7a347a5b796ff3b241b5ed95c8e |
| SHA256 | 3fb86eab2366dad270c79d29f7979c28439921f2d78307ee7386ff3ba4d9de70 |
| SHA512 | 1854f23094de6e0ebccff0d3d141a85303d1a133379657c09577a0a22544fdcb89748769823790568736a705bc517143dad68c178ce0da6d6751dbf42d680549 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058
| MD5 | 40638ec9b97f4e9c4b3878dbd01139a7 |
| SHA1 | b321557831801f7bf3ca13c3aa242d6441b33a46 |
| SHA256 | 98b04ea5d0acc65d6dcc50f961211ee76d2155635731ffc496b4c9d3552c3b97 |
| SHA512 | c9f51c2a15a76dd764806cee9837a7f3fdae7bda7c1c7dfc6fb3961b1124f2f1b23b33f3b2fb3e81d22431aec9f320eea177774f3b1e20a57b367cf99c60a6f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a
| MD5 | 2a80736a60d87f693f183c7383689399 |
| SHA1 | 00befe7c8bc86c14d82d7eefb181f6b7cf3dc978 |
| SHA256 | ad2328a560ea4e363ba0cba4d38c165bc66dfeb6977c303c906c46b8af832402 |
| SHA512 | 054c2b4b1be594b5bc9965a08e9d3d5cab030055f95946dda6ec94582210bf67a1e868972c6ff7eb5e91f07585176ac8b21dff05d4175bd8447f58b8c720cc4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
| MD5 | e1fd846710aa5e77add9800906d17ed0 |
| SHA1 | 2d778c0601d18e7fd3930cbb4b0068b6eb3a05ec |
| SHA256 | 00b8d8ad266c164444fb240a4b07d4316020c74c087e95d37547b54ea1051772 |
| SHA512 | a00333708ea6f9efe940e8e5ee6ecb9b74063279238beb9cebf4847023a3f94cce34aa497f8a9ed99570a5407eca3adc9f469afd3553c71e6e8a05be83026341 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c
| MD5 | 075b27c1ca3733268855a6d3bcf9eac9 |
| SHA1 | 37cbdc1bc373e204ab85b0c35d8db03e0a81b2de |
| SHA256 | f9d44e67ecd822203c1cb707e9621717cc9d4d7388c9297cb4cd0dff03071b6f |
| SHA512 | 517d823b3a05917b131ce6ec3db101b67443ff793f40beffaa5b11805cf7acff84904c2e34a08d43e95fa8e53768ba65111b69ed2cb7b54075c77d7195d7edfc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d
| MD5 | d155610d38d34dccd977ac213ab42e1d |
| SHA1 | a343e08abb19f7d4110c64de08aee504cac318d3 |
| SHA256 | 6ec5dee6a9dfb42ef97cd410c2e3387f53d2eff7d1fcf159f96b5ab129036ab5 |
| SHA512 | eb735bd87238215d54613f6065e61d48e1578908117af2a215b88dbdc3c4d155cd2b60e035ff2cde17605445bd89129de07aceb74ce8c16dcd355e4214986c8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e63effb0c76619415e83562317e5475e |
| SHA1 | 52f127229ae7de4c63f22c18195aba7fa6d950d2 |
| SHA256 | 5f411adc999b41b6565ed4c4de62a3e06d17fb85d1f69e4d22bdde5ba8eef7ed |
| SHA512 | 2aa5b855c75f192623189ea09a4904d079de2c30c2a88906c013c3033d283b3497741a5d458d6ef7cf33d54f56c8281cfe896b8144f52f20f02564328ce904e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e
| MD5 | 0d4f6557225753028d5a0fc3e7127108 |
| SHA1 | 8644e78e8d6d79333298082369f895c73aaa56aa |
| SHA256 | 59d7c1a374dd4059ea45f5d70262accb5410f776e66fa0d33ee7ea717d97fb1e |
| SHA512 | 6a9bf0d475534d73713ddf665788001ad19f7ba49db2fec9b6acacec9011a9af5a79bdc32adb51118f871d2cd02cdf4fd3bd41c22ed02668420bd7ceb30d88d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0c8da61182cf89175b4987758c1796ec |
| SHA1 | 899dac1fb19c81df248c25d7859fe8d41c8bf6d7 |
| SHA256 | 6c13389ed13a22617852c3731786dd77524c890cf037b677f0c7389c1e9fdef6 |
| SHA512 | e32f3b0aab279c4e032d2befd4cad3615e22f7c854c391a685f4a87488e70ea50c27135b2d739ec1d86005d46d59317a15e78b4ab970227bf368b58ba52ee4c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f1b2d9b15071c9ee_0
| MD5 | a73eaa3f370b826293206ea9a89f1dba |
| SHA1 | 235e047884fb88a61f18bddec232a337e2b1830c |
| SHA256 | f56f528cac6223d8256f72cf89cff947d14014451051415cc7d5b19ab222791b |
| SHA512 | 86c20c65ecefe3a6bdbf92f8dd87bcec3f1637fed4a1f3673d95e1f9fa7dfb0552a6cf840af316cd4714d54e5f08e647429be3cc827067b05e606a6fc43f3567 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9
| MD5 | 05e9679509b61424a07cc4d4efb7247f |
| SHA1 | db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81 |
| SHA256 | 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b |
| SHA512 | 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ab
| MD5 | e956b67d3cd820c2628800a1406e923e |
| SHA1 | a137914eb53a28925ab2665c2b0334bdcdebd666 |
| SHA256 | 6798cd4e6b368c88d95bcce3f2faa9e1908eff0977de2d2f785d971647330b69 |
| SHA512 | cbc5b1dc6b5a069f3a0fdea79b3889d2b9247dff19c8914b1206fa92453fc5258e38a536c6db61a1ba62553bbc6a8455cce7f5ba2b624eee0c753fe132198970 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d6
| MD5 | a3f5a4afd7ee65d4f9add429a1c1df7d |
| SHA1 | 5cf5f85383140f1c52c27a937d780d061a1d1c42 |
| SHA256 | 0e4d16b9a999c5d0ddd765e7cf4a8ed907b7f2b37454f4f8eb85855fc6827fce |
| SHA512 | f2df02b664a5b11557d397ec8f2344e3f6cf4db1706f2a4f3e9ed60c4c4cbee0962479f1ddd5e8872f11e3a29d7ae7e19c77aaf3ff53bc0f91158aa06f740ab2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d7
| MD5 | 29104e9c40e83f20a1d2d608ca27e829 |
| SHA1 | 3ae7f7f410a88a20300e60aaa691ea3899c6ebb6 |
| SHA256 | ca46f45091ca2d78c89a7f0cfaae17a8623de0257dda10d12343f03e08bdea64 |
| SHA512 | f99bf2752f4cf7d32be07db6bdbd91d9bcea73138ff972213da5184509c20cfff1ee391e2b41cc7773a6b37b39dfcdf1be023af7c1836296080db0c24168ade4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096
| MD5 | 49b559895248d50ef8bbf7de13c8cf7c |
| SHA1 | cd21eee97959041e8dedb115e48d6f290ad8dc4f |
| SHA256 | 6a341e1569a78287c6b9304cb4bf5fff3dedac1a952ed4920b408b32bc5f6db4 |
| SHA512 | a9ed5911e9824a347bcb3282764dd853fb78b0bf404490db51fb3ca1388c2074c687f58cbaced1098b4e7f2a7b5d16dbe25a3cb7c9c3c4b4916e775bf599cd7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 03817f03fd330e639defc131d80ac1d6 |
| SHA1 | d6385e69defafe0efa23204b57a1a4fb32ceb2cf |
| SHA256 | f36e265c80aee9598c264f4f5ab999393434301475304e46ea4e4dbc6810ff1a |
| SHA512 | 35f6edb1426ef066e1043099cf27da79ea0e02fbd1c66cd6aeb4a1c772d08ee54c94d9f7bfc88d3535c39356fad4ded983821b7ce12c533b45cd33af308732ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d37b509496e11e72e078f3128063013 |
| SHA1 | be4a18f95cd16a76a3138d4c349fc8fbd144bebf |
| SHA256 | 1ee151fdaa17aaa22ea8d69c7faf89e9873de80aa8529e1ed5a53abffb239334 |
| SHA512 | 345c03ac715c14427ac7bac1efc98550455a3f8345c075fe3dd715efff65d150deca2e1ba5006a45a67e1090ce8970db45debd49b7d2bb125dc3b893f8be7847 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ea
| MD5 | aa521e4e4c27306805ee2da1706959bb |
| SHA1 | f2d27a4dc1eee1b9abbc241f7c20678c03c9e775 |
| SHA256 | ffec638750b623b96d54bad5e22d02efacf39d617e92747f603ff21b57da9b04 |
| SHA512 | b964d5fe188619ce4b3aa1493588d501bcb464ff574d4ca3b3d8ad34709bb279b689d386ca2b3658d1caa04d022b82b86af01dec6d811bba8e0ce34fec6ea3f5 |
C:\Users\Admin\Downloads\Unconfirmed 539027.crdownload
| MD5 | a64bd549d95bfc8be592833460f79fcc |
| SHA1 | 0aeeb9507ed39f14d82149c56011ec3aaed1bec9 |
| SHA256 | d285b5242f4583d49c63a7c7f83a72f082ab395f9eaff674ff56c8d2d0fa063d |
| SHA512 | 767bffb8861e81ce61cfec5b0462f6a62cf86d9fca8411126b6ee3f43bc7fccbbffae8fafe293e9c227f297d82562d70940b441f9d541e35b66b972f2b79fdae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 45311559431c11d6f27901c7b5136f88 |
| SHA1 | ea76997e9d3bb9de4e7ce4b911ccdc6c5e7298cf |
| SHA256 | 0c3486dda22ca08271497845f55478783508433e50f204096b5d9928bdd8d710 |
| SHA512 | 13948e5c2c1d7bf776d7b2206d6c73f50346ecb21250d727064cf5dfe916eeeba5e188ad81c1b83ba10d5532a4d40fb1efcd1d1fa958c032c4956ccdec33d931 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 37f76bbdfb967c7f1bad6c8118d35ae8 |
| SHA1 | 68ab3d0a2b68b937369ba9079c87a4887586cb30 |
| SHA256 | c834aa0dc17a876f45acd52a36e1b9f3fdd2d4c6139afc841a624499cbf6148f |
| SHA512 | f550016c8ddea1af399fb0435154d374811fe168ad275eacc56fdff5916e6af3b71fc4eda58be4eaaf2dc7dee1b6ec8ee59f63d7247da6c4201e48e3db6b3cad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2e1d445f69db4024371f2b530a5e8a97 |
| SHA1 | b35e49489280c0383b352f95f86547763fdcfb3b |
| SHA256 | f87deaf8808148a8c77eb5009f52856880706f5fc2c138f80579f91ba11642b3 |
| SHA512 | 7554b9b200dfaad6b5db91667c732d9ae622037251aa9801aa14b39c3ec452605b5d9a30d8558ba4144072c30fb9aa9570d9c682d9acd7737e899a0c05361b50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4762a58f05ad0e1cf08db8ca0d7dbbc8 |
| SHA1 | be5f5e79509d80a0ee078bbf9490cf904d30e282 |
| SHA256 | dd10e038b7e4543d455f523b1110655c85af9f0ca1834c695ef4857397901777 |
| SHA512 | 57940620d17f0107cf6e6ff0e86bdd6ba06ef4f088091d34b642fe19329c4b5199e666f6fb27f38ac58c06fa244bcce3f6394dfa5443a8f360bf6143243dfa45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a85d6f8ff158c12ee87198a4cc810ffc |
| SHA1 | a9c3893e630d61844aa6f7919d1683f677b517e8 |
| SHA256 | 5d83114594ed8bb38bc3d4cce01148ce00ec3226b66469f518f7a71a1e4d763a |
| SHA512 | e4cd559821c00f08964f3a83c2df96b29a4f27cdc8ba867a87b658f6ee17bcd64cfa41322fed6359c1258585ed389b783ed5e7c77a5b0a4a90b9cf231d95ee13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\15b7ae3ca35e72ed_0
| MD5 | 5bcd940db014871832c835e94a0e5596 |
| SHA1 | f598edc9c9aee68c39304520dcbe7f5535638151 |
| SHA256 | 2a9dd3920d1840a1b9a6902b5526884468faf9493d812ef0817477414f0e2378 |
| SHA512 | 507ddddb9746054d1da4ef9a32c97a087140183199f64241ea840a029742544e2c92377d5aa069eb7a2d552a92ce87b020800bc793aefab2bb8341f33b051da9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ec
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ee
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ad8911cf1f7bf1f0a020fb06232fbfcd |
| SHA1 | 6b69cc66f6a43332b0c5a2e6afc6545c64aeb393 |
| SHA256 | d419aba5961bf1860813cb61c4127d2a1b0635c4329f3d851e573fbff0432308 |
| SHA512 | dbdc68861a16db70d4449fedfc69d6a9179a634d5bf7e9bf65e8e12cc0b0478c481c5e004c46ca2b367eeefe5ddcfc15946f75605f8ede3d8cfb9516c40f397b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bc13a1cdf87d9501736057fd5bdc032e |
| SHA1 | 5cfdd7b5aca28ff91314e8c7500671a2a5363d4f |
| SHA256 | f2b4a301690c6f63daacb0d5a5e6e9b5b3623cca2413ada1fe1b509f88e329ee |
| SHA512 | a2fa0bbc408c036c9b1ee64018dae58fe5a74b56aa09fc0339afdb8637cecbfbef06ec899c8f5c9fa7154629e5eaf8fb90999f400b6f941d5dbb62031636109f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3eca7ef55d2a3c0ae78012af0229e097 |
| SHA1 | fb9b5714761bf9626cd854b6da29de55dd75aad4 |
| SHA256 | a6f05bafdf7ce2f277cb58d6c9a21f9971c5f04caf5ddc424b40afe77ee87822 |
| SHA512 | 26871b8c1155af268afa5f8ad11a8e01a1320095189c2597072e644f529ec9c5b6c6f0e0153ad63dc2fcc73215096f452898044eea2cee4e657c043c4876d4e3 |
C:\Windows\Logs\DISM\dism.log
| MD5 | 6c9355e56e9edb811c9bb5252c0f5212 |
| SHA1 | 5fc85727148066d45610a294dcd7845dde610428 |
| SHA256 | 8b5728e692fc4a1bcea20f86373a47bf40129724b572c04a74e92a73112feeb1 |
| SHA512 | 105377e8b3443bdd2046152ff6863b7d86b4a363b5fc55d2fc3ca18498c6f6f4f1024efce31c0f7c70c8c31a21fea0b29a0292e293376ea165042df30cdf3b86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 43cd94978638df9d7854e823aa75af67 |
| SHA1 | 42331456f7741af9504a9e0a91d323144711a87f |
| SHA256 | 12e428b99724beb162f313560e9deadf5eaf78e149bbaea5b97983b1490a85cb |
| SHA512 | 17f0dd1edd7c6e39694867d4feaaf16411cfc6f34cd17db789f236fa5aaacd17cc7f1180415d51dc0a864f9ac700ecbe5d31896b9ebe96c6681627a757b7abae |
memory/1532-3124-0x00000000024A0000-0x00000000024D6000-memory.dmp
memory/1532-3125-0x0000000005020000-0x000000000564A000-memory.dmp
memory/1532-3126-0x0000000004D10000-0x0000000004D32000-memory.dmp
memory/1532-3127-0x0000000004FB0000-0x0000000005016000-memory.dmp
memory/1532-3128-0x0000000005650000-0x00000000056B6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wlgbzra0.xqt.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1532-3137-0x00000000056C0000-0x0000000005A17000-memory.dmp
memory/1532-3138-0x0000000005BA0000-0x0000000005BBE000-memory.dmp
memory/1532-3139-0x0000000005BD0000-0x0000000005C1C000-memory.dmp
memory/1532-3140-0x00000000061A0000-0x00000000061D4000-memory.dmp
memory/1532-3141-0x000000006EF20000-0x000000006EF6C000-memory.dmp
memory/1532-3150-0x0000000006DA0000-0x0000000006DBE000-memory.dmp
memory/1532-3151-0x0000000006DC0000-0x0000000006E64000-memory.dmp
memory/1532-3152-0x0000000007540000-0x0000000007BBA000-memory.dmp
memory/1532-3153-0x0000000006F00000-0x0000000006F1A000-memory.dmp
memory/1532-3154-0x0000000006F80000-0x0000000006F8A000-memory.dmp
memory/1532-3155-0x0000000007190000-0x0000000007226000-memory.dmp
memory/1532-3156-0x0000000007110000-0x0000000007121000-memory.dmp
memory/1532-3157-0x0000000007150000-0x000000000715E000-memory.dmp
memory/1532-3158-0x0000000007230000-0x000000000724A000-memory.dmp
memory/4168-3168-0x000000006EF20000-0x000000006EF6C000-memory.dmp
memory/4160-3186-0x000000006EF20000-0x000000006EF6C000-memory.dmp
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
C:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\LDPlayer\LDPlayer9\fonts\NanumGothicLight.otf
| MD5 | e2e37d20b47d7ee294b91572f69e323a |
| SHA1 | afb760386f293285f679f9f93086037fc5e09dcc |
| SHA256 | 153161ab882db768c70a753af5e8129852b9c9cae5511a23653beb6414d834a2 |
| SHA512 | 001500f527e2d3c3b404cd66188149c620d45ee6510a1f9902aacc25b51f8213e6654f0c1ecc927d6ff672ffbe7dc044a84ec470a9eb86d2cba2840df7390901 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | fa2c08e402cc1c1fca849ba2e4eb56aa |
| SHA1 | 133dbe827d469e8dcfb792734f1fced97690efca |
| SHA256 | bd6ed960624c4ffb99ce82611f23365733df329b1ff3216590292ee8034a4421 |
| SHA512 | d96f84f06784f6d2c2182301ae4437303f5f3ab8936e6e3512606c28cc99de268bd186a4eb73b092c1e54995fa849c38080a26fe6dc2b8c1e7171781677d3eb6 |
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 38f88ca4211fb378c41412c23af886e2 |
| SHA1 | 7c904c5fdf84d13ffd47703be39380861b5a6a7f |
| SHA256 | 6b149b8b72bf3631111f0e7b95b4dbe2646b786a3de1b414110438927d3f9c38 |
| SHA512 | 6ff289ee872bb96de9de4a3ef82d043f93542545f1555885bd4b6aa008892a8e3fd5f59eb4ed76a402aaa884989725168206aaec6582ea37bd556e7f642d681b |
memory/1196-3280-0x0000000001780000-0x0000000001796000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 969a0a356356316d578dd44bb7355434 |
| SHA1 | 622c8c8de5f0d5ee41b6af636e1e4818dec05db8 |
| SHA256 | 63fd6234562273bed8b0890263e26e25e0abf071d38f892778efb46659505d17 |
| SHA512 | 198e2bfae8d1055b67e501273e6b81a2cd0f3c2c6c2c8d34de267a0bdb3471f45a971d711f51387c54fc5ee05aacf0bb598e2ee80339efd81599c384e9bf1648 |
memory/1196-3320-0x0000000035A90000-0x0000000035AA0000-memory.dmp
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | 395970be72d1bcc7755f95a04b3b303d |
| SHA1 | f4019b43fd95f1748e2392d5cb1aa4486aadbc13 |
| SHA256 | 5fa3f4cb4f4f603bd8b9a538b54658ebbcf9198d99f2b0e1ce447322b22fb312 |
| SHA512 | 2f4968b8564bd3bbc624a6838ec33de22413afb8711e08cc36b082863f4e146212c1b6173921ea110c65a0dc20b97c9e187a8ef006005711efcf4237db0bcd1e |
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49d102779f29793bd6e0d2b5c2930438 |
| SHA1 | 934d7c67a49acf856c779d95aefdd5605148bc0d |
| SHA256 | b4e2c2bb3f11604d76d9b44d5aaa574b368cbfb898e8f7c57e6d5e85fbe3dc2b |
| SHA512 | da2df16cb7b3c9ceee246c03926ba12d3b426ed004715f0604f8d84e6ddbf0877d823e6f47c6d68da4a9137e8763fb94ead23d746bbc7591b2969a32ad8b2864 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e3b374931c3d3b7bbfd1f890ca2fae43 |
| SHA1 | 6ece29f6753b664baea97e85c6c46fa0585234aa |
| SHA256 | 96e13847d517eaa08bfe01b40a1b28ef55b1213bb02480cfbfdac0e1d15922fb |
| SHA512 | 9a7bd3158f9a4dec56e41f21bce10f7b93a590688e3f80ad127059b1add6b12ddc98e64df28d037cb3bff6ed3b8bd83fb830ea682b531554231b2768c93565fc |
memory/1196-3446-0x0000000070350000-0x00000000703CE000-memory.dmp
memory/1196-3447-0x00000000702D0000-0x000000007034A000-memory.dmp
memory/1196-3448-0x0000000070270000-0x00000000702C9000-memory.dmp
memory/1196-3449-0x00000000703D0000-0x0000000070976000-memory.dmp
memory/1196-3450-0x0000000070980000-0x000000007237B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c927f4a057b746aa0f2993c47f6390e2 |
| SHA1 | 79813643a6226f25cc16785bfa591cd2b6a7f109 |
| SHA256 | 7eea7a8faa73d6ec369c9baf805897d6f1054439064a6be1f743bda548e36d75 |
| SHA512 | 9811db87ae81196f0362afe420adcd22176d4c47492e431005ce671bf7823aa11f8326600c9c70957859407d6463355ea3fdd99bfe045ca5005f35df92bf56a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a
| MD5 | 948f15ca16830ed2bee6619df537be9f |
| SHA1 | ec28e7403ceb608b8dcc5541f0be4f7b913699d3 |
| SHA256 | 5d2fd66457170ba3278adeb631945e35d4b9ea04a781120e98eec463d48d3cd8 |
| SHA512 | 1b8d6a9ed30f48a31d4e50069ebfb1303f7a5c4de17ce290152d2a8997dfb2ab648a708263d359918e1cc3669b6d324dc373c1515e94a68fd8106d9c22366e97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1
| MD5 | d09a4e1890b9dbaaeb53806b86f07f78 |
| SHA1 | 39f12e5ff7819818a5533d3b00676b2c50f760a6 |
| SHA256 | 80147eb279bcad972d37cc5299dbb969c031b7e441c703ea6de229cbe3f8ffc1 |
| SHA512 | 0590a87e09ce44f45a2537be45322c5b4b5ec6ec606d4298d5dbf388b443e1cecae9177cbba59aa11c60ed123c54a6307643e8f0ebddeaac5520b1d04c609469 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8
| MD5 | 24e2a32e7e8a190a08af9d386f5b59b3 |
| SHA1 | 4a609894398d5e85d07af10af19f85edfedb7f17 |
| SHA256 | a99e8f750e7601902e9fd11052906362b1031381f9f6fe63ffe2c4cd2b8a6d05 |
| SHA512 | 901e49d54709d2232b1dc521a1f91098d38efa173d1a40247019dbe74cbf624fb2c546f4f643e24056137b08c3365cc2cd67841ec522fdcd5cf77ee9d613f8f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5
| MD5 | 098205800732ff94a064c424d3d51372 |
| SHA1 | 04e0f945c859c4b28fd8c3940c8446bbc76af610 |
| SHA256 | 9df8dcbb024e53e9f3a3943988b0d06126c809da8e79ec1d3aba68957808474e |
| SHA512 | c61dffe993947a55da784b3a8ae627d0dc20d6bb78ca6bf63a7e0f5f11e42a6a95a0f955918a9b56eb6230fdfb349e4f2b4158ccff2ebf5f56d8b01e99c67a44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a7
| MD5 | 3c41cb5a5832f3f24d44edc70c0415fe |
| SHA1 | 8d8b462b6558fb4baea7dfde884b04626e43e2b1 |
| SHA256 | 5b79a6595607366814a3809ca76aea337276478b51133444b669ebd5b09f5a6c |
| SHA512 | 405b31f10be4e14838d5c5f63857dbbeff2c56d9451ada1f7d48759154bdcf355d16733b48fd1c22c4c6834e6e819339af5fd9957eab8bb0af8e57c6add05ff6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ad
| MD5 | 89a574ff00e6b0ec61d995d059ce6e65 |
| SHA1 | aea09e96808ab77165ffa712eaa58b8f056d0bb6 |
| SHA256 | e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44 |
| SHA512 | 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac
| MD5 | 06c9161e2805dd267edead1861878758 |
| SHA1 | 8824bbbb7cc0519dfbf424d75e725d8b41ee8305 |
| SHA256 | 6c2027bb02fc1d5bdd653626abb5c5805950e98d815e44a9ce8fd3c1043b37ed |
| SHA512 | c97f6fd5e7c167cfd40e6c00112b5f45382399b0ff5edac0bf5ab62c2dc7c0bbc284dcb30d1ab0dd8fbc9c8f23ec130b4517315320c8b70e7ba26db1311fdf7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae
| MD5 | cfa2ab4f9278c82c01d2320d480258fe |
| SHA1 | ba1468b2006b74fe48be560d3e87f181e8d8ba77 |
| SHA256 | d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e |
| SHA512 | 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2
| MD5 | 8a42ba5472aa4afa3d3ac12f31d47408 |
| SHA1 | 2add574424ac47c1e83b0b7fae5d040c46ac38a7 |
| SHA256 | 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4 |
| SHA512 | 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3355c555ad5e31aa_0
| MD5 | bb346982b4bffd07be91e6828575c0d5 |
| SHA1 | f8edd142ed28098ffca8f6274422b0238d3689a9 |
| SHA256 | f4e74545bebcef644088cb141d9df08fb830e8bab4c49424d92ebf01aec10111 |
| SHA512 | 00e68b995726e68342843f7f8be3795784c30de58aa0e2de048f05d4a508ada0fc8b51ba91173d5fa63780320924a3ef4408f2ee0c879c1192a753939a906fdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011a
| MD5 | 1aca735014a6bb648f468ee476680d5b |
| SHA1 | 6d28e3ae6e42784769199948211e3aa0806fa62c |
| SHA256 | e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a |
| SHA512 | 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cc
| MD5 | 549d9ad1988f3111375f64c74069ee6c |
| SHA1 | e01f0fcf1a9d67b3d9ad6ba4b59b7b4d1f64fb77 |
| SHA256 | ff432fcf8093bd9ec4a32c277dcb8720c32b6df543f33867c47532729fccc8d1 |
| SHA512 | 0d402a44537daa373bb5c55bcc57df85ea375be9df7234a40364900207bf8cf72ddf9f8c1b6fd302bd0d09db7db86316caafe736c8d55e25c80c27637e8d103c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cd
| MD5 | 49b8bd91b04839f9a1c220477b620894 |
| SHA1 | 2b0a9fd53e67312dd31b3d31fe10a6147304fa06 |
| SHA256 | b54be954bf7d35ed908bc94a65365bddb73e88789623443ce875e624a35bf114 |
| SHA512 | be4d9d75a3bf7b0430d5e33c10276931fac2a4c8332ac37ceaab615c7760726d74fefcabff4b697e83f0e31ba6c5515e7321cd2454a37430430b7be50e6c43de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2e9db09b7482ab1d9712cce7311f9cac |
| SHA1 | b18295207fe92ac3106e3b37e109c2ff77c55354 |
| SHA256 | d28f2dfefb7690b8b604f4b003a6c0ce9f36a3fc7d7ba37ffecfc3f6d38adc7f |
| SHA512 | 7945c78db1b78ec8d9dfd4d8bfa96e486104e7105173acb3e09863c2b11b2d88754c7a7f24ae47d9198f2221805fc58aa9d5fdbb20089ceef3e015a1780c9003 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1ea6d7233f6a63b59eb7eebb0c972fce |
| SHA1 | 696da61bee87288395b594b8b7b76df2192f265b |
| SHA256 | 43953d87a78147e04680d6351629d55dae50241d89d44e43414a37fe9b48639d |
| SHA512 | 9865d19c15a5ae3f4a4c8e61cae38ca4dca78d8a80dd8d2b0517d9a6bec5e7a77e683d48fa533dacb677051a4a50a564bc87b86e8400ce42834cb494a534b283 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 48cd49e7457619602051d4687b54469d |
| SHA1 | 6b5c54df312358c1554856c5b019be0b948c09c6 |
| SHA256 | 51b6281e8e4c084d6556d5547f1eceaeb532506a048f3d0bac9a881298b9c033 |
| SHA512 | 700dcd7056121874ad848603e71653f04bbc4097748bf2dbaedfda6db2b28b8364ca528dbd62d1355fa6e1c15a3646070f6d470099ea0c509d6b5e83cad222f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f
| MD5 | bd17d16b6e95e4eb8911300c70d546f7 |
| SHA1 | 847036a00e4e390b67f5c22bf7b531179be344d7 |
| SHA256 | 9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352 |
| SHA512 | f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b
| MD5 | ca02f0538fb4f32d9e8af05e49256b32 |
| SHA1 | 18c32fbd2c4d50d23afedac285d8c6cf429d5cfe |
| SHA256 | 3eba2798fe3c48ad8c745f120a8295164e00d7273586287a743a3229921f88cb |
| SHA512 | a18274adca013b0661d17981d8c8a9ab3cd9367ba904be1deab74ddf0948963827447d56529197b0c30a74cbc3ed02b9bfe5f674912d2d1e71d6530e63d5c6c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
| MD5 | 23d5f558755a9d58eef69b2bfc9a5d99 |
| SHA1 | fa43092cb330dff8dc6c572cb8703b92286219f6 |
| SHA256 | 6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf |
| SHA512 | 9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c
| MD5 | 3cecbfa291be6092fff4c1b0353a9607 |
| SHA1 | ae5cdf202fe002fb2098c236cd0442277e64b184 |
| SHA256 | 247a90cb1939db021f82ba5e4d69690b587e38da8e47b0bf264a65a6584bab26 |
| SHA512 | 37cb37039edc04f3a2a5270764b6d336ca5e5ccba6a086a1fdaa0fd5ae44ff47bb6383092e4146fedf6fb2a505a8797fde45c249ace8ad2f7074f11f4022f4c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060
| MD5 | 5ec24aa3c0b69890c00061b711c2f7a8 |
| SHA1 | 6c62925f52bcbecd0a6833224834d2b540d05525 |
| SHA256 | f737b2ed30037723b9d905c8af48e9e2c5c846bf03620b65e39d410344154df9 |
| SHA512 | 1ee758619635f07048967090d42b0fc1e903a4e042ab766ec3e3516d405600e3153ccb76153048d4653e2aa69c2b7b046eb1adb694a2ad8f8dd43904bebf7185 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f
| MD5 | 3c634476fc34de6d669a8e69e371a9ca |
| SHA1 | 06a7dedeb07a7ffe51117684fac4115b600f1b0e |
| SHA256 | a17f1d7592bab8a26593befe9c2d155683a88aa20bafc39126b67e9e2f35421b |
| SHA512 | 9310313efb974078753a091251492f29d8399febc1505c6f43c3e79c398f2310cfd6d1331784cd146828b9f8c005dbb1a03f3d1d9b33a564cdd0c9ab343a2233 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0
| MD5 | d381eae1eed8912fdcf05ef3823950f6 |
| SHA1 | 9cd30a4c93241e161376d5ea93a20062dab72e19 |
| SHA256 | 2a6a7daa583fef29ef6914885531af0eb53e31e21f557d355911d78d8b1aae36 |
| SHA512 | cd687395109d79d2e9463e7669e650f39dd20a31c842fd9293eff475c0299f914aee0ab6ee186c68f233ada9f34cfde29cc844ec8ea9225c59c173186a71e208 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000125
| MD5 | 6b8ca55de50adfc5a35d31e5787d4734 |
| SHA1 | 3e646e6944d5126d91b8844fe8acfa0c212a1821 |
| SHA256 | dfebcff6743acb04fd0370ddea16e01e4acbc30512a11ddffc1c29abfc0c007e |
| SHA512 | 98ca5e688ec7af4c36cda69a7ae7c9e2c3d67120912c09728657abe707aa70fce8125b0f9de7d10ecf749c925bf6f6e3ef33a2ec5f9a8f1832ed43f1b1ab2b40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ad60f07666a5518bc1ff83ab200ba238 |
| SHA1 | 09655aae9baa2fea7dc363188de8a62b645f585a |
| SHA256 | cd45cd7daaa86fa8563f3c086a515cb3a0ae95a71cf3addf7004e6468ac73e70 |
| SHA512 | 42c0502f541ca1405c90aa590f3d8b3beded3a0722d81e409f68c757e30497fd0d29912652e4835578e980ddc6cb5cbe9a68a0eaa13a59b8a939a2df08c971b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7ce38c4fdd1efa25a507fcdaa9a5c1cf |
| SHA1 | 4a3deb532f9e9dbc08e786174975d766eef135ce |
| SHA256 | 442d42ae3d584a592f7ae7ba1e0d2aed3922458b798cc61ffbb0820a4f803c33 |
| SHA512 | 4998ad9ef5438c4bf4225afafb5b34f47d7229eb7292786fa5be7ea51bf92ecb51228d998736281a101feae1dcbb44b1aa69e32a8c4af849fd83db0462ba4135 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b8ae7a3b014c9a936909c8d2742d98ab |
| SHA1 | b2d47f591620fcf4dc040c551664b9061ac2b38a |
| SHA256 | 91ca31fbc51e63c004f578ccedb6971577ecc0ba45758372fe2b0010661ba1ce |
| SHA512 | b5ba5afb5ccb08cb5c116ead7e8251a107fc01b591dc72758ddc0ec8288ef77b0caab4dd453e1bffb0711b2745eb3a947f3ce615384e9d560b93362fe7141d07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d30920a9b5672fefa24df714820b896c |
| SHA1 | bf5b859a47dff62ff38b9136415d5708b2d710d7 |
| SHA256 | e4baee9aff8d08d0d7212bc754e64c6c2b80657d6095cbf5450ef247659d69a9 |
| SHA512 | f873231772f86d6612800ee0cf91e6f85bc0463f136732b7f32cbe67d81d9c5a6d794e56f5a6eff2387da139988fce6b214dcfe541e760abd6bd230d2a50ab03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 638d4fbe4f3e825807527de810b24191 |
| SHA1 | a8a5ce732cce6f4580c3309907f60baa09ed996d |
| SHA256 | 6c28aefb8849f5d45880867e0137de74e30c8800be8d50660ce7c5c13d86bcb0 |
| SHA512 | e457c87e88ade905eb4a7b7915ee1bb62662fd5b771470e3a8d38d21ef0d9ccba6864d988cfb62b9852f49442b54aff6a165919f8f98252b5f3672b8bd07e702 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d84aa950c4d531a9b9a97b274749b712 |
| SHA1 | a48bf1a3c9b37393882fe72cd88f62bf4a6ecfcf |
| SHA256 | 192d04a8bafae76e57fe4b3dc456bdd0aeb61d6f762c0ff4647430d616e21016 |
| SHA512 | 0666a7d113045bfc6bf8de739b3bd47e850e501e941cf2bbfb881afe691065ac1d78f32bec2aa52ea7bb85b9001b0e3c854e6dd147ef996d98ac8302b15cf8d7 |